[Snort-devel] Dynamic Preprocessor Example doesn't log in Database

Nick Moore nmoore at ...402...
Mon Apr 4 07:46:22 EDT 2011


Thomas,

Can you provide a copy of your snort.conf and barnyard.conf files?

Thanks!

Nick

On Mon, Apr 4, 2011 at 3:06 AM, Thomas LESTRIEZ <thomas.lestriez at ...3158...>wrote:

>
> Hello,
>
> I am using Snort 2.9.0.3 in a Debian.
>
> I can log in database thanks to the snort's classic rule system, like does
> my "test.rules" file contains a rule alerting when the port 200 is used in
> the network. So my Mysql database works and my snort.conf and barnyard2.conf
> seems to be well configured.
>
> I installed and compiled the Dynamic Preprocessor Example of Snort. It
> works well, and I can see logs in the syslog file when the Dynamic
> Preprocessor Example matches the port I configured in snorf.conf (11123).
>
> My problem is: * Only the dynamic preprocessor example doesn't log in
> Mysql database* (It just logs in the syslog). The example use the
> "_dpd.addAlert(.......);  " function, but it seems it doesn't work for me...
>
> Could you help me please?
>
> Thank you.
>
> PS: I tested with another dynamic prepreocessor, it doesn't log in database
> neither.
>
> Regards,
>
>
>       *Thomas LESTRIEZ**
> Apprenti Ingénieur*
> EDF - R&D
> SINETICS
> 1, avenue du Général de Gaulle
> BP 408
> 92141 Clamart Cedex
>
> *thomas.lestriez at ...3158...*
> Tél. : 0147653811   Un geste simple pour l'environnement, n'imprimez ce
> message que si vous en avez l'utilité.
>
>
>
> Ce message et toutes les pièces jointes (ci-après le 'Message') sont
> établis à l'intention exclusive des destinataires et les informations qui y
> figurent sont strictement confidentielles. Toute utilisation de ce Message
> non conforme à sa destination, toute diffusion ou toute publication totale
> ou partielle, est interdite sauf autorisation expresse.
>
> Si vous n'êtes pas le destinataire de ce Message, il vous est interdit de
> le copier, de le faire suivre, de le divulguer ou d'en utiliser tout ou
> partie. Si vous avez reçu ce Message par erreur, merci de le supprimer de
> votre système, ainsi que toutes ses copies, et de n'en garder aucune trace
> sur quelque support que ce soit. Nous vous remercions également d'en avertir
> immédiatement l'expéditeur par retour du message.
>
> Il est impossible de garantir que les communications par messagerie
> électronique arrivent en temps utile, sont sécurisées ou dénuées de toute
> erreur ou virus.
> ____________________________________________________
>
> This message and any attachments (the 'Message') are intended solely for
> the addressees. The information contained in this Message is confidential.
> Any use of information contained in this Message not in accord with its
> purpose, any dissemination or disclosure, either whole or partial, is
> prohibited except formal approval.
>
> If you are not the addressee, you may not copy, forward, disclose or use
> any part of it. If you have received this message in error, please delete it
> and all copies from your system and notify the sender immediately by return
> message.
>
> E-mail communication cannot be guaranteed to be timely secure, error or
> virus-free.
>
> ------------------------------------------------------------------------------
> Create and publish websites with WebMatrix
> Use the most popular FREE web apps or write code yourself;
> WebMatrix provides all the features you need to develop and
> publish your website. http://p.sf.net/sfu/ms-webmatrix-sf
>
> _______________________________________________
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-devel
>
>


-- 
Nick Moore, SFCE, CISSP, CISA
Sr. Systems Engineer
Voice 708-336-9041
Email nick.moore at ...402...
IM    nickgmoore (Yahoo)
       nickgmoore38 (AIM)

    ,,_
   o"  )~   Sourcefire - The Creators of Snort
    ''''

www.sourcefire.com         www.snort.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20110404/55bbc4af/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 1151 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20110404/55bbc4af/attachment.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 1816 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20110404/55bbc4af/attachment-0001.gif>


More information about the Snort-devel mailing list