[Snort-devel] Output Plugins

Nathan Isburgh nathan at ...1839...
Tue Mar 4 12:10:20 EST 2003


Hello all,

It appears that the output plugins are no longer functional under the 
1.9.1 release.  Basically, I've compiled under RH7.1 and when I attempt 
to run snort with any output plugin enabled, it complains, saying 
"unknown output plugin: blah".  After digging through some CVS logs, I 
noticed the following (summarized) entry:

2002-12-24  Andrew R. Baker
	* src/snort.c
		Relocate output plugin initialization to prevent unwanted messages 
from being printed.

Struck me as interesting, so I looked into it.  I saw where he moved it 
to, and where he moved it from.  Well, I undid the change, recompiled, 
and voila, it works like a champ again.  :)  The reason I'm letting you 
guys know is twofold:

1) I want to make sure I haven't inadvertently changed the expected 
operation

2) If my hunch was correct, and this indeed was the cause of the 
problem, then I am providing a bug report, along with a fix.  =)

Please let me know which of the above is the case...  Hopefully, I'm 
not just doing something stupid.  =P

Here's the patch (I hope..  the changes are so small, if the patch 
doesn't apply correctly, which is entirely possible, as I never use 
diff to generate patch files, you can just make changes by hand)

<--- SNIP
*** snort-1.9.1-orig/src/snort.c	Thu Feb 20 17:32:16 2003
--- snort-1.9.1/src/snort.c	Tue Mar  4 18:04:40 2003
***************
*** 170,175 ****
--- 170,177 ----
        */
       InitNetmasks();
       InitProtoNames();
+     /* No, seriously, initialize here! =) */
+     InitOutputPlugins();

       /* initialize the packet counter to loop forever */
       pv.pkt_cnt = -1;
***************
*** 311,317 ****
       }

       /* initialize these here so we do not print unwanted messages */
!     InitOutputPlugins();

       /*
        * creating a PID file before setting its proper
--- 313,320 ----
       }

       /* initialize these here so we do not print unwanted messages */
!     /* It seems this isn't quite where this should be happenning.. */
!     /* InitOutputPlugins(); */

       /*
        * creating a PID file before setting its proper
<--- SNIP



Also, you can download from:

http://webii.net/snort-1.9.1-fix-output-plugins.patch


I successfully applied the patch to a 1.9.1 tarball as:

# gzip -dc snort-1.9.1.tar.gz | tar xf -
# patch -p0 < snort-1.9.1-fix-output-plugins.patch



Thanks for your time and hard work on this awesome project,

Nathan Isburgh
Systems Engineer
Webii, Inc.  www.webii.net





More information about the Snort-devel mailing list