Menu
▾
▴
Re: [Snort-inline-users] configure used for "Statically compiled binary" in the site
|
From: Federico P. <pe...@ac...> - 2004-05-28 14:44:48
|
William Metcalf wrote:
> You will need this diff, Snort inline doesn't set an interface if it is
> reading traffic from ip_queue, we have to trick the output plug-in to
> thinking there is one..... to install it just go into the directory for
> snort_inline and patch -p1 < /pathtodiff/dbpatch.diff
Thank you very much, but I guess I will use snort-inline unified log and
barnyard. This seems to be the better choice.
BTW... for know I prefer to log in both, the binary unified mode and the
default mode (an alert file and a subdirectory for each IP payload). Is
it possible to have more than one output plugin simultaneously? which is
the default plugin? In my old conf file there were none selected, but
did log in the way I told. Know I chose:
output unified_log, ....
but the alert file and the subdirectories are not created any more, just
the unified_log file.
Thank you!
--
Federico Petronio
pe...@ac...
|
