next up previous contents
Next: How Configuration is applied? Up: Configuration Specific Elements Previous: Preprocessors   Contents

Events and Output

An unique policy id can be assigned by user, to each configuration using the following config line:

config policy_id: <id>

- Refers to a 16-bit unsigned value. This policy id will be used to identify alerts from a specific configuration in the unified2 records.

Note:   If no policy id is specified, snort assigns 0 (zero) value to the configuration.

To enable vlanId logging in unified2 records the following option can be used.

output alert_unified2: vlan_event_types (alert logging only)
output unified2: filename <filename>, vlan_event_types (true unified logging)

- Refers to the absolute or relative filename.
- When this option is set, snort will use unified2 event type 104 and 105 for IPv4 and IPv6 respectively.

Note:   Each event logged will have the vlanId from the packet if vlan headers are present otherwise 0 will be used.

Eugene Misnik 2013-05-08