After talking with cisco the command no logging message-counter
syslog will remove the additional counter. However this command was
not introduced until 12.4(11) T.
Hope this helps.
--
Zac Roetemeyer
[EMAIL PROTECTED]
I changed line 74 in /ossec-hids-1.3/src/logcollector/read_snortfull.c
to correct this, I'm not sure it's the best solution to the issue but
it fixed my problem and so far hasn't introduced any new issues.
to:
else if(((str[2] == '/')(str[5] == '-')(q = strchr(str,' '))) ||
(str[0] == '['))
--
I am launching two instances of snort with the following commands:
/usr/local/bin/snort -i eth2 -A full -c /etc/snort/snort.conf -D
/usr/local/bin/snort -i eth3 -A full -c /etc/snort/snort.conf -D
I have this in my ossec.conf file with ossec running in agent mode on
my snort sensor:
localfile