[Snort-users] NO output from Snort to MySql

Bristol, Gary L. gbristol at ...10387...
Fri Oct 8 16:36:12 EDT 2004


I have a Sensor that has been built using Fedora Core 1.

I'm trying to get it to output it's information to a MySql database on
another system.

Snort 2.1.0, MySql Client were installed from rpm's on the Previously
working sensor image, (I'm trying to update it).

Upgraded the packages installed using YUM.
Installed the Snort 2.1.3 and Snort-Mysql 2.1.3 from Snort.org.

I'm getting alert generation but nothing added to the database, on the
other server.

I switched to Unified output and it generates the files but when I start
Barnyard I get the following error.

[root at ...12532... bin]# ./barnyard -c /etc/snort/barnyard.conf -g
/etc/snort/gen-msg.map -s /etc/snort/sid-msg.map -d /var/log/snort -f
snort.log -w /var/log/snort/bylog.waldo
Barnyard Version 0.2.0 (Build 32)
Opened spool file '/var/log/snort/snort.log.1097273924'
ERROR: No input plugin found for magic: a1b2c3d4
Fatal Error, Quitting..
Exiting

The Snort Configuration is now back to trying to connect to the other
server with no luck.

Ideas on where to look would be appreciated.

This has been very frustrating as I tried to do a fresh image install
first, installing the Mysql, Snort and everything else from source and I
couldn't get Snort to recognize that it had been compiled with the MySql
option.




Gary L. Bristol
ISSO
University of Oklahoma
IT Department
175 Kuhlman Court
Norman, OK 73019
405-325-2236

**********************************************************************

This transmission may contain information that is privileged,
confidential and/or exempt from disclosure under applicable law. If you
are not the intended recipient, you are hereby notified that any
disclosure, copying, distribution, or use of the information contained
herein (including any reliance thereon) is STRICTLY PROHIBITED. If you
received this transmission in error, please immediately contact the
sender and destroy the material in its entirety, whether in electronic
or hard copy format. Thank you

**********************************************************************





More information about the Snort-users mailing list