[prev in list] [next in list] [prev in thread] [next in thread] 

List:       snort-users
Subject:    [Snort-users] XML output plugin...
From:       Peter Bates <peter.bates () lshtm ! ac ! uk>
Date:       2001-06-27 17:26:53
[Download RAW message or body]


Hello all...

I have a snort 1.7 system (Linux, with the original RPM)
which runs fine in a 'production' sense, in that it has
been snorting away merrily for many months now...

I was just fiddling to add use of the XML output plugin, and
put:

# Outputs
output alert_syslog: LOG_AUTH LOG_ALERT
output alert_full: alert
output xml: alert, file=/var/log/snort/output

Which, on restart of snort, generates the error:

snort: WARNING: command line overrides rules file logging plugin!

Snort continues to log to syslog and to the file
alert in /var/log/snort, but I get no XML output...

I start snort with:

/usr/sbin/snort -u snort -g snort -de -D -o \
-i ethx -N -l /var/log/snort -c /etc/snort-local/snort.conf

where the '-N' is to turn off logging of individual 'hosts'.

I remove the -N, all is fine, but then I start getting logging
of individual systems.

Is this something that's a really creaky bug
fixed ages ago and part of snort 1.8, or
have I configured something completely wrong?


Why I'm actually trying to log the same information
3 times is a totally different story, but there you go!

_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

[prev in list] [next in list] [prev in thread] [next in thread]