Next: How Configuration is applied?
Up: Configuration Specific Elements
An unique policy id can be assigned by user, to each configuration using the following
config policy_id: <id>
- - Refers to a 16-bit unsigned value. This policy id will be used to
identify alerts from a specific configuration in the unified2 records.
If no policy id is specified, snort assigns 0 (zero) value to the configuration.
To enable vlanId logging in unified2 records the following option can be used.
output alert_unified2: vlan_event_types (alert logging only)
output unified2: filename <filename>, vlan_event_types (true unified logging)
- - Refers to the absolute or relative filename.
- - When this option is set, snort will use unified2 event
type 104 and 105 for IPv4 and IPv6 respectively.
Each event logged will have the vlanId from the packet if vlan headers are present
otherwise 0 will be used.