[Snort-users] unknown output plugin: 'alert_syslog'
mkettler at ...4108...
Fri May 23 13:15:09 EDT 2003
At 03:29 PM 5/22/2003 -0400, Jeff Dickens wrote:
>I installed the RPM from snort.org "snort-1.9.1-1snort.i386.rpm" on Red Hat
>When I try to use the "alert_syslog" output plugin I get this message:
>WARNING: unknown output plugin 'alert_syslog'
>In fact, if I just try to start up snort with the "-s" switch I get a usage
>message. Did I get the wrong package ?
Note: Snort 1.9.1 is REMOTELY EXPLOITABLE due to a defect in the stream4
preprocessor. DO NOT use 1.9.1 unless you disable stream4, as you will be
vulnerable to attack for execution of arbitrary code at the user privilege
level snort runs as (often root).
Really, I'd advise downloading a source tarball and building that. Binary
RPMs are inherently fraught with problems unless they are made by your
distribution provider, or explicitly for your specific distribution and
release. For example a RPM that works for RedHat 8.0 may not work on 7.3
due to shared library differences.
All that said, alert_syslog should work...
Could you quote the exact line in your config that you are using to invoke
As for snort -s what other command line parameters did you pass? you need
to give more than just a -s... snort -s -c /etc/snort.conf is a good start
More information about the Snort-users