[Snort-users] Syslog,MySql, IDS Center /Eagle X

Ueli Kistler iuk at ...1171...
Mon May 19 10:04:26 EDT 2003


Hello

McBurnett, Jim wrote:

> Ok all,
> I have searched all the archives, googled this to death and I am still 
> drawing a blank..
> I know I am missing something.
> I am running this on a Windows XP, Fresh install, norton AV.
> System is running a 2.6 Ghz P4 with 512M RAM..
> Started with the Eagle X package.
> MySql, ACID it all works great...
>
sure, but it's old.. at leat update to Snort 2.0.. update will be 
available soon after putting online the new website: www.engagesecurity.com

>
> I tried to add Syslog to it and Bingo-- It crashes every time it sends 
> a message..
> I tried to send to an external syslog.. no go. I tried an on Machine 
> Syslog.
> No go.. System has 3 NICS, and I am using the 2nd NIC.
>
Snort 2.0 has a broken syslog support (i think.. correct me if i should 
be wrong .. but i don't think so)
note that snort always tries to bind the socket to NIC 1! You must have 
-s option activated ("Log settings"->"Logging parameters".. Type 
hostname of the syslog server)

> I thought maybe it was an issue with Snort 1.9. So I updated to Snort 2.0
>
no .. activate "-s" option AND add an output plugin (syslog output 
plugin) in the output plugin wizard

>
> No go, same problem, but now the snort service won't even start with 
> Syslog enabled
> There is nothing in the Event log of relevance, the Test of the Config 
> looks fine.
> I can post or email offlist the config file if anyone is willing to 
> help me...
>
> Does anyone have any ideas?
>
Don't bother Chris Reid .. i'm sure he's working on this (or perhaps not) ;)

> Thanks,
> Jim
>
Regards,
    Ueli Kistler
    eclipse at ...9170...  
    www.engagesecurity.com (soon online)

--





More information about the Snort-users mailing list