[Snort-users] alert_unified only

This is a discussion on [Snort-users] alert_unified only within the Snort forums, part of the System Security and Security Related category; This is a MIME message. If you are reading this text, you may want to consider changing to a mail ...


Go Back   Usenet Forums > System Security and Security Related > Snort

Reload this Page [Snort-users] alert_unified only

FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply

 

LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 10-01-2003
John Byrnes
 
Posts: n/a
Default [Snort-users] alert_unified only
This is a MIME message. If you are reading this text, you may want to
consider changing to a mail reader or gateway that understands how to
properly handle MIME multipart messages.

--=_D58B9CF9.5A3B7617
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

Hello-
I've moved to barnyard for inserting events into my db which works
really slick. With that, I only include the alert_unified output module
for snort.conf

(snip from snort.conf )output alert_unified: filename snort.alert,
limit 128

In my log directory however, I still see what looks like the
alerrt_full module output, ie directories created with IP addr for the
name. I would like to turn that off so I dont have to do a lot of clean
up file maintainace on my sensors.

Thanks,
John B


--=_D58B9CF9.5A3B7617
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
Content-Description: HTML

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2800.1170" name=GENERATOR></HEAD>
<BODY style="MARGIN-TOP: 2px; FONT: 12pt Times New Roman; MARGIN-LEFT: 2px">
<DIV>Hello-</DIV>
<DIV>I've moved to barnyard for inserting events into my db which works really
slick. With that, I only include the alert_unified output&nbsp;module&nbsp;for
snort.conf </DIV>
<DIV>&nbsp;</DIV>
<DIV>(snip from snort.conf )output alert_unified: filename snort.alert, limit
128<BR><BR>In my log directory however, I still see what looks like the
alerrt_full module output, ie directories created with IP addr for the name. I
would like to turn that off so I dont have to do a lot of clean up
file&nbsp;maintainace on my sensors.<BR></DIV>
<DIV>Thanks,</DIV>
<DIV>John B<BR></DIV></BODY></HTML>

--=_D58B9CF9.5A3B7617--


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/...fo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.p...st=snort-users
Reply With Quote
Reply
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT +1. The time now is 01:24 AM.

Contact Us - Usenet Forums - Archive - Top

Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0