[Snort-users] SMB alerts

Scott Elgram SElgram at ...10477...
Fri Aug 13 14:14:11 EDT 2004

would you or anyone happen to know why it was removed?
  ----- Original Message ----- 
  From: Joshua Berry 
  To: Scott Elgram 
  Cc: snort-users at lists.sourceforge.net 
  Sent: Friday, August 13, 2004 2:09 PM
  Subject: RE: [Snort-users] SMB alerts

  I believe that the smb output plugin was removed from Snort 2.1.3.  It is not even an option in my configure script.


  -----Original Message-----
  From: snort-users-admin at lists.sourceforge.net [mailto:snort-users-admin at ...2902...ists.sourceforge.net] On Behalf Of Scott Elgram
  Sent: Friday, August 13, 2004 3:55 PM
  To: snort-users at lists.sourceforge.net
  Subject: [Snort-users] SMB alerts



      I am having a bit of trouble getting SMB alerts to work.  I have compiled snort-2.1.3 "--with-mysql=/usr/local/mysql --enable-smbalerts".  And I added this to the ruleset containing the rules I want to be alerted for.


  ruletype smb_db_alert {

      type alert

      output alert_msb: workstation.list

      output database: log, mysql, user=<dbuser> password=<password> dbname=snort host=localhost encoding=hex detail=Full



  However, After all that when I start snort i get;


  ERROR: unknown output plugin: 'alert_smb'Fatal Error, Quitting


  Any help would be appreciated greatly.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20040813/5c9182cb/attachment.html>

More information about the Snort-users mailing list