[Snort-users] SMB alerts

Martin Roesch roesch at ...1935...
Mon Aug 16 16:36:33 EDT 2004


We dumped it, it was a fun idea back in ~1.0 but it's a bad idea now.  
I'd recommend post processing events with swatch or something similar 
to get the same capability back.

      -Marty

On Aug 13, 2004, at 5:09 PM, Joshua Berry wrote:

> I believe that the smb output plugin was removed from Snort 2.1.3.  It 
> is not even an option in my configure script.
>
>  
>
> -----Original Message-----
> From: snort-users-admin at lists.sourceforge.net 
> [mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Scott 
> Elgram
> Sent: Friday, August 13, 2004 3:55 PM
> To: snort-users at lists.sourceforge.net
> Subject: [Snort-users] SMB alerts
>
>  
>
> Hello,
>
>     I am having a bit of trouble getting SMB alerts to work.  I have 
> compiled snort-2.1.3 "--with-mysql=/usr/local/mysql 
> --enable-smbalerts".  And I added this to the ruleset containing the 
> rules I want to be alerted for.
>
>  
>
> ruletype smb_db_alert {
>
>     type alert
>
>     output alert_msb: workstation.list
>
>     output database: log, mysql, user=<dbuser> password=<password> 
> dbname=snort host=localhost encoding=hex detail=Full
>
> }
>
>  
>
> However, After all that when I start snort i get;
>
>  
>
> ERROR: unknown output plugin: 'alert_smb'Fatal Error, Quitting
>
>  
>
> Any help would be appreciated greatly.
>
> Thanks
>
> -Scott
>
-- 
Martin Roesch - Founder/CTO, Sourcefire Inc. - (410)290-1616
Sourcefire: Intelligent Security Monitoring
roesch at ...1935... - http://www.sourcefire.com
Snort: Open Source Network IDS - http://www.snort.org





More information about the Snort-users mailing list