[Snort-devel] xml output plugin woes

Ivan Eriksen Ivan.Eriksen at ...1859...
Mon Mar 17 02:00:15 EST 2003


Hi, 

(This message has been posted previously on snort-users, sorry for any
inconvenience) 

We're having problems with the xml output plugin for versions newer than
1.8.3 (that is 1.8.7 and 1.9.x).

Our snort.conf line for this is:

output xml: log, file=/var/log/snortxml

This works fine in 1.8.3, but newer versions are acting strange (see later
for details).

Regards,

Ivan Eriksen

=================

Result details:


The following systems have been tested

Operating systems: 
Redhat 7.1: Standard server installation (with added libxml2-2.4.9 and
libxml2-devel-2.4.9) 
Redhat 8.0: Standard server installation

Snort-1.8.3-5.i386.rpm
Result: Everything works fine and xml is appended to the log file.

Snort-1.8.7-1snort.i386.rpm
Result: Only blank lines are inserted into the log file every time a log is
reported.

Snort-1.9.0-1snort.i386.rpm
Result: snort service core dumps when trying to write the first alert to xml
log file.

Snort-1.9.1-1snort.i386.rpm
Result: at start up the snort service reports: "WARNING: unknown output
plugin: 'xml'". It runs fine, but nothing is written in the snort log file.

All versions have also been compiled from source, but the results are the
same.




More information about the Snort-devel mailing list