Hi Carlo,<br><br>The problem comes that <br>""<br>logging:<br> default-log-level: info<br> <b>default-output-filter:<br> outputs:</b><br> - console:<br> enabled: no<br> - file:<br> enabled: yes<br>
filename: /var/log/suricata.log<br> - syslog:<br> enabled: no<br> facility: local5<br> format: "[%i] <%d> -- "<br><br>""<br><br>The bolded text above is out of place ....it should be <br>
<br>""<br>
logging:<br>
default-log-level: info<br>
<b>default-output-filter:<br>
outputs:</b> # NOTE no "default-output-filter" and "outputs" start at the same position<br>
- console:<br>
enabled: no<br>
- file:<br>
enabled: yes<br>
filename: /var/log/suricata.log<br>
- syslog:<br>
enabled: no<br>
facility: local5<br>
format: "[%i] <%d> -- "<br>
<br>
""<br><br>The yaml should be edited as it is, in order not to get funny results like this one.<br><br>Hope it helps!<br><br>thanks<br><br><div class="gmail_quote">On Thu, Nov 10, 2011 at 4:01 PM, carlopmart <span dir="ltr"><<a href="mailto:carlopmart@gmail.com">carlopmart@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;"><div class="im">On 11/10/2011 03:47 PM, Peter Manev wrote:<br>
> how do you start suricata?<br>
> Do you use the same yaml as you shared before?<br>
><br>
> thanks<br>
><br>
<br>
</div>Yes. Command line:<br>
<br>
"suricata -D -c /data/config/etc/suricata/suricata.yaml -i eth8 -F<br>
/data/config/etc/suricata/bpf.conf --pidfile /var/run/suricata.pid"<br>
<div><div></div><div class="h5"><br>
--<br>
CL Martinez<br>
carlopmart {at} gmail {d0t} com<br>
_______________________________________________<br>
Oisf-users mailing list<br>
<a href="mailto:Oisf-users@openinfosecfoundation.org">Oisf-users@openinfosecfoundation.org</a><br>
<a href="http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users" target="_blank">http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users</a><br>
</div></div></blockquote></div><br><br clear="all"><br>-- <br>Peter Manev<br>