Next: How Configuration is applied?
Up: Configuration Specific Elements
Previous: Preprocessors
Contents
An unique policy id can be assigned by user, to each configuration using the following
config line:
config policy_id: <id>
-
- id
- - Refers to a 16-bit unsigned value. This policy id will be used to
identify alerts from a specific configuration in the unified2 records.
|
Note:
If no policy id is specified, snort assigns 0 (zero) value to the configuration.
|
To enable vlanId logging in unified2 records the following option can be used.
output alert_unified2: vlan_event_types (alert logging only)
output unified2: filename <filename>, vlan_event_types (true unified logging)
-
- filename
- - Refers to the absolute or relative filename.
- vlan_event_types
- - When this option is set, snort will use unified2 event
type 104 and 105 for IPv4 and IPv6 respectively.
|
Note:
Each event logged will have the vlanId from the packet if vlan headers are present
otherwise 0 will be used.
|
Eugene Misnik
2013-05-08