AW: [Snort-users] Snort+IDMEF...need help!
Sandro.Poppi at ...3316...
Mon Sep 29 15:07:27 EDT 2003
Take a look at sourceforge.net/projects/snort-idmef where I provide a new
I tried to bring my snort + idmef up.
But, so far, snort process was dead with this error
Sep 28 16:28:00 biff snort: FATAL ERROR: IDMEF: cannot output messages on a
I'm runing snort-2.0.2 with IDMEF XML output plugin for Snort, version
I can complie both of them without problem. This is the snort's
$ ./configure --prefix=/usr/local/snort --mandir=/usr/local/man
The following alert is received and snort is dead.... (/var/log/snort/alert)
[**] [1:1411:3] SNMP public access udp [**]
[Classification: Attempted Information Leak] [Priority: 2]
09/29-00:11:49.034901 192.168.0.50:1074 -> 192.168.0.1:161
UDP TTL:64 TOS:0x0 ID:0 IpLen:20 DgmLen:117 DF
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0013][Xref
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0013][Xref> => ht
and snort is dead!
This is the IDMEF setting in my snort.conf file.
output idmef: $HOME_NET logto=/var/log/snort/idmef_alerts.log
rt/etc/idmef-message.dtd analyzerid=IDS1 output=alert name=biff
Do you have any idea where I stuck?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users