[Snort-users] log to database don't work.

dm dm-man at ...1975...
Fri May 16 05:03:19 EDT 2003


Hello.

I'am have Snort 2.0 on Windows platform + MS SQL Server MSDE on
localhost.

I'am ceate database snort, create user snort and give rights. In
snort.conf I do this

Line 451 output database: alert, mssql, dbname=snort user=snort
password=*************

When I try start snort it doesn't start

 

>snort -dev -i 2 -c f:\snort\etc\snort.conf -l f:\snort\log

Running in IDS mode

Log directory = f:\snort\log

 

Initializing Network Interface
\Device\Packet_{573A6977-CCBE-4398-B0AB-39E8915F0FC7}

 

        --== Initializing Snort ==--

Initializing Output Plugins!

Decoding Ethernet on interface
\Device\Packet_{573A6977-CCBE-4398-B0AB-39E8915F0FC7}

Initializing Preprocessors!

Initializing Plug-ins!

Parsing Rules file f:\snort\etc\snort.conf

 

+++++++++++++++++++++++++++++++++++++++++++++++++++

Initializing rule chains...

No arguments to frag2 directive, setting defaults to:

    Fragment timeout: 60 seconds

    Fragment memory cap: 4194304 bytes

    Fragment min_ttl:   0

    Fragment ttl_limit: 5

    Fragment Problems: 0

    Self preservation threshold: 500

    Self preservation period: 90

    Suspend threshold: 1000

    Suspend period: 30

Stream4 config:

    Stateful inspection: ACTIVE

    Session statistics: INACTIVE

    Session timeout: 30 seconds

    Session memory cap: 8388608 bytes

    State alerts: INACTIVE

    Evasion alerts: INACTIVE

    Scan alerts: ACTIVE

    Log Flushed Streams: INACTIVE

    MinTTL: 1

    TTL Limit: 5

    Async Link: 0

    State Protection: 0

    Self preservation threshold: 50

    Self preservation period: 90

    Suspend threshold: 200

    Suspend period: 30

Stream4_reassemble config:

    Server reassembly: INACTIVE

    Client reassembly: ACTIVE

    Reassembler alerts: ACTIVE

    Ports: 21 23 25 53 80 110 111 143 513 1433

    Emergency Ports: 21 23 25 53 80 110 111 143 513 1433

http_decode arguments:

    Unicode decoding

    IIS alternate Unicode decoding

    IIS double encoding vuln

    Flip backslash to slash

    Include additional whitespace separators

    Ports to decode http on: 80

rpc_decode arguments:

    Ports to decode RPC on: 111 32771

    alert_fragments: INACTIVE

    alert_large_fragments: ACTIVE

    alert_incomplete: ACTIVE

    alert_multiple_requests: ACTIVE

telnet_decode arguments:

    Ports to decode telnet on: 21 23 25 119

ERROR: Undefined variable name: (f:\snort\etc\snort.conf:451):

Fatal Error, Quitting..

 

What I should change and how I must start it?

 

 

Thanks.

 

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20030516/b0629aa4/attachment.html>


More information about the Snort-users mailing list