[Snort-users] xml plugin

Juergen Fiedler juergen at ...3730...
Tue May 14 14:09:09 EDT 2002


Hi,

I have a Woody system with snort-mysql 1.8.4beta1-2 installed. My
snort.conf contains (among others) the following lines:

=======
output alert_fast: alert
output xml: alert, file=/perl/snort.pl protocol=http host=localhost port=80
=======

I can call http://localhost/perl/snort.pl and OK, but if I pound the
host with nmap, the corresponding messages get written to
/var/log/snort/alert, but snort.pl is never called.
A 'snort -c /etc/snort/snort.conf -T' gives me:

=======
ProcessFileOption: /var/log/snort/alert
xml_plugin: Logging to /perl/snort.pl
xml_plugin: Using http protocol
xml_plugin: Host set to localhost
xml_plugin: Port set to 80
xml_plugin: Using the "alert" facility
[...]
=======

Looks like the XML plugin is initialized correctly. Does anybody know
what I have to do to get it to actually do something?

Thanks in advance
--j
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20020514/eca2c569/attachment.sig>


More information about the Snort-users mailing list