[Snort-users] snort unable to log alert to database mysql

Michael Steele michaels at ...9077...
Sun Dec 2 11:05:34 EST 2012


I think the problem might be that Sourcefire failed to remove the database output option in some of the Snort releases after the option had been deprecated leaving users, especially new users, with the assumption that Snort would handle database output.

 

It seems to me Snort could display a more descriptive error message when the ‘database’ output plugin option has been detected in the snort.conf.

 

I think users can look at Banyard2 the same way as they have database options listed in the configuration file that are not supported.

 

Michael...

 

WINSNORT.com Management Team

 

--

****************** Established ~ 2001 *******************

*          Visit Us @  <http://www.winsnort.com> http://www.winsnort.com           *

*      ~~ FREE WinIDS Snort installation guides ~~      *

*               ~~ FREE support forums ~~               *

* Snort: Open Source Network IDS -  <http://www.snort.org> http://www.snort.org *

*********************************************************

 

From: Y M [mailto:snort at ...15979...] 
Sent: Sunday, December 02, 2012 8:58 AM
To: TermVRL M; Snort User (snort-users at lists.sourceforge.net); snort-users-request at lists.sourceforge.net
Subject: Re: [Snort-users] snort unable to log alert to database mysql

 

Which version of snort are you using?

At my best knowledge, snort's own database output plugin is deprecated since 2.9.3.x.

In that case, you will have to use barnyard2 to get alerts into the database.

YM

  _____  

From: TermVRL M
Sent: 12/2/2012 4:42 PM
To: Snort User (snort-users at lists.sourceforge.net <mailto:snort-users at ...7287....sourceforge.net> ); snort-users-request at lists.sourceforge.net <mailto:snort-users-request at lists.sourceforge.net> 
Subject: [Snort-users] snort unable to log alert to database mysql

Hi all,

i get this error when try to log snort output to database..

ERROR: /usr/local/snort/etc/snort.conf(535) Unknown output plugin: "database"

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20121202/c14e2392/attachment.html>


More information about the Snort-users mailing list