[Snort-users] SMB alerts

Scott Elgram SElgram at ...10477...
Fri Aug 13 14:14:11 EDT 2004


would you or anyone happen to know why it was removed?
  ----- Original Message ----- 
  From: Joshua Berry 
  To: Scott Elgram 
  Cc: snort-users at lists.sourceforge.net 
  Sent: Friday, August 13, 2004 2:09 PM
  Subject: RE: [Snort-users] SMB alerts


  I believe that the smb output plugin was removed from Snort 2.1.3.  It is not even an option in my configure script.

   

  -----Original Message-----
  From: snort-users-admin at lists.sourceforge.net [mailto:snort-users-admin at ...2902...ists.sourceforge.net] On Behalf Of Scott Elgram
  Sent: Friday, August 13, 2004 3:55 PM
  To: snort-users at lists.sourceforge.net
  Subject: [Snort-users] SMB alerts

   

  Hello,

      I am having a bit of trouble getting SMB alerts to work.  I have compiled snort-2.1.3 "--with-mysql=/usr/local/mysql --enable-smbalerts".  And I added this to the ruleset containing the rules I want to be alerted for.

   

  ruletype smb_db_alert {

      type alert

      output alert_msb: workstation.list

      output database: log, mysql, user=<dbuser> password=<password> dbname=snort host=localhost encoding=hex detail=Full

  }

   

  However, After all that when I start snort i get;

   

  ERROR: unknown output plugin: 'alert_smb'Fatal Error, Quitting

   

  Any help would be appreciated greatly.

  Thanks

  -Scott
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20040813/5c9182cb/attachment.html>


More information about the Snort-users mailing list