Snort Unified2

[romans8]

Hello Eric I am trying to troubleshoot my unified 2 from snort.

Here is some info.

1. The specified unified 2 log is not being created.
2. Instead I get the snort.log.date (tcpdump) default and alerts.
3. snort.conf - output unified2: filename internal.u2, limit 128, vlan_event_types
4. running snort with sudo /usr/local/bin/snort -D -q -i eth3 -F /etc/snort/internalbpf.filter -c /usr/src/snort-2.9.8.0/etc/snort.conf.internal -u snort
5. No errors or warnings when grep from /var/log/messages
6. Running RHEL 6
7. Installed and compiled from source
8. Snort has rwx for /var/log/snort
9. Deleted all logs

[binf]

Check your conf for other directives that would superseed unified2 output.

On Fri, Jan 22, 2016 at 12:38 PM, romans8 notifications@github.com wrote:

Hello Eric I am trying to troubleshoot my unified 2 from snort

Here is some info

1 The specified unified 2 log is not being created
2 Instead I get the snortlogdate (tcpdump) default and alerts
3 snortconf - output unified2: filename internalu2, limit 128,
vlan_event_types
4 running snort with sudo /usr/local/bin/snort -D -q -i eth3 -F
/etc/snort/internalbpffilter -c /usr/src/snort-2980/etc/snortconfinternal
-u snort
5 No errors or warnings when grep from /var/log/messages
6 Running RHEL 6
7 Installed and compiled from source
8 Snort has rwx for /var/log/snort
9 Deleted all logs

—
Reply to this email directly or view it on GitHub
#3.