Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
133
Views
0
Helpful
0
Replies

Snort and alert modes.

mariolak3
Level 1
Level 1

‎06-26-2024 06:23 AM

Hello

At the beginning I have a lot of problem with information chaos with the differences between Snort 2 and Snort 3. There are plenty books and info about Snort 2, but not many about Snort 3. For example Snort 2 Manual (y. 2020) is 270 page book and but Snort 3 Manual (y. 2024) is 116 page book and there is very little info.

I can only guess what is the latest approach in using Snort 3, for example thanks to the latest videotutorials on YT.  I really miss the forum on Snort to not making spam for example here

To the point, there are up-to-date such logger modules in Snort (alerts and packet logger).

mariolak3_0-1719404339516.png

At this point, I used alert_fast, alert_full and alert_json, because I found tutorial which recomended alert_json because there is possibility to integrate this with Splunk (I found myself alert_fast and alert_full too). OK. I did that.

But, what with unified2? The old materials tell a lot about it. But now, nothing. 

From Snort 2 manual:
Unified2 can work in one of threemodes, packet logging (log_unified), alert logging (alert_unified2), or true unified logging(unified2).

In Snort 3 Manual is mentioned only about unified2.

Is unified2 mode is used by anyone? Or this is only history? Is Snort 3 at all is able to use log_unified, alert_unified2 or only unified2(packet and alert)?

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card