[Fwd: RE: [Snort-users] Log to remote syslog server and MySql Database]

L. Christopher Luther CLuther at ...6333...
Sun Jan 5 08:03:03 EST 2003


I searched the list archives last night (or was that early this morning) and
found the thread between Michael Steele and others concerning syslog and
Win32; I also found your posts and the patches.  

Unfortunately, my particular Snort WinNT4 box is running WinPCap 2.02 and
Snort 1.8.6.  The box is a dual Pentium III and all versions of WinPCap
newer than 2.02 disable themselves when they detect an SMP environment.
Also, all versions of Snort newer than 1.8.6 require a WinPCap driver that
is newer than 2.02.  There is a FAQ in the WinPCap site about SMP support,
but today at least, the site appears to be down.  Hopefully not for good... 

Since I don't want to disable one of the processors on my WinNT4 box, I'm
kinda "stuck" w/ Snort 1.8.6, at least until WinPCap officially supports SMP
environments.  

Thanks anyway for the e-mails and other attachments!  

- Christopher 


-----Original Message-----
From: Frank Knobbe [mailto:fknobbe at ...652...]
Sent: Sunday, January 05, 2003 1:12 AM
To: CLuther at ...6333...
Subject: [Fwd: RE: [Snort-users] Log to remote syslog server and MySql
Database]


Christopher,

looky here. I found an old email with the patches. I also have an old
Snort 1.8.7 Win32 with mySQL executable with the syslog patch built in,
in case you want that as well. The patches may or may not work anymore
since they are half a year old. You can always hack the source yourself.
Just remove the pv.cmd_verride=1 line in the case section for -s.


Regards,
Frank



-----Forwarded Message-----

From: Frank Knobbe <fknobbe at ...652...>
To: snort-users at lists.sourceforge.net
Cc: snort-devel at lists.sourceforge.net
Subject: RE: [Snort-users] Log to remote syslog server and MySql  Database
Date: 19 Sep 2002 17:32:43 -0500

On Sun, 2002-09-15 at 19:57, Michael Steele wrote:
> Frank,
> 
> I'm all for that! Make it so.
> -----Original Message-----
> From: Frank Knobbe [mailto:fknobbe at ...652...] 
> 
> *sigh*.... that issue again.
> 
> I'd like to make a motion to change the Snort Win32 section in snort.c
> so that -s does not override the conf file (Win32 only). Otherwise we'll
> continue to see requests for Win32 recompiles for this matter.
> 
> Anyone for that change?



Okay, here are two patches for snort and snort_1_8 that cause snort not
to override the command line when -s is specified. That allows users to
use -s in the command line while still using the other configs from
snort.conf, which will allow Windows users to log to remote syslog
servers.

Please commit to CVS.

Thanks,
Frank


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20030105/70664987/attachment.html>


More information about the Snort-users mailing list