[Snort-users] MySQL support for Snort 2.9.4

Jeremy Hoel jthoel at ...11827...
Mon Dec 10 21:33:41 EST 2012


On Mon, Dec 10, 2012 at 7:28 PM, Kaya Saman <kayasaman at ...11827...> wrote:
> On 12/11/2012 02:22 AM, Jeremy Hoel wrote:
>>
>> yes.. you can use ipvar for just ipv4 only.
>>
>> Now that I'm in front on a computer.. I see I may have over simplified
>> something..
>>
>> You have preprocessor stanszas in your config (frag, stream, ftp,
>> smtp, etc).. so you need to have those preprocessors loaded.  When you
>> mentioned the folder they had been looking for was empty, did you by
>> chance look for them in another folder?
>
>
> I finally found the information and it's all where it's supposed to be.

Ok.. that's good. I know it was a genaric response, but I was in the
car.. so sorry. :-)  glad you found the files.  Was the path wrong in
the snort.conf?

>>
>> You are using OpenBSD 5.2 SPARC64 and I haven't used that, so it could
>> be they got installed somewhere else.
>>
>> did you install from source or from the package manager?
>
>
> Installed from source as OpenBSD doesn't yet "officially" support version
> 2.9.x
>
> I am using Daq version 2.0.0 from my first test with Snort 2.9.4 - could
> this be the issue? Should I downgrade to 1.1.1?
>
> However, the install went ok with no errors at all from Snorts point of
> view!

Daw 2 should be fine, the errors you had been getting where snot.conf
errors.  If DAQ throughs an error, you'll know.  haha

So Snorts working, good.  a always like to add the output to an alert
text file, or syslog, so I can make sure I'm getting alerts,..then I
do the unified2 part and remove the syslog/text file when I'm done.

Have fun and keep playing!




More information about the Snort-users mailing list