[Snort-users] unknown output plugin: 'alert_syslog'

Matt Kettler mkettler at ...4108...
Fri May 23 13:15:09 EDT 2003

At 03:29 PM 5/22/2003 -0400, Jeff Dickens wrote:
>I installed the RPM from snort.org "snort-1.9.1-1snort.i386.rpm" on Red Hat
>linux 7.3."
>When I try to use the "alert_syslog" output plugin I get this message:
>WARNING: unknown output plugin 'alert_syslog'
>In fact, if I just try to start up snort with the "-s" switch I get a usage
>message.  Did I get the wrong package ?

Note: Snort 1.9.1 is REMOTELY EXPLOITABLE due to a defect in the stream4 
preprocessor. DO NOT use 1.9.1 unless you disable stream4, as you will be 
vulnerable to attack for execution of arbitrary code at the user privilege 
level snort runs as (often root).

Really, I'd advise downloading a source tarball and building that. Binary 
RPMs are inherently fraught with problems unless they are made by your 
distribution provider, or explicitly for your specific distribution and 
release. For example a RPM that works for RedHat 8.0 may not work on 7.3 
due to shared library differences.

All that said, alert_syslog should work...

Could you quote the exact line in your config that you are using to invoke 
the plugin?

As for snort -s what other command line parameters did you pass? you need 
to give more than just a -s... snort -s -c /etc/snort.conf is a good start

More information about the Snort-users mailing list