[Snort-users] MySQL support for Snort 2.9.4

Jeremy Hoel jthoel at ...11827...
Mon Dec 10 21:39:01 EST 2012


On Mon, Dec 10, 2012 at 7:37 PM, Kaya Saman <kayasaman at ...11827...> wrote:
> On 12/11/2012 02:33 AM, Jeremy Hoel wrote:
>>
>> On Mon, Dec 10, 2012 at 7:28 PM, Kaya Saman <kayasaman at ...11827...> wrote:
>>>
>>> On 12/11/2012 02:22 AM, Jeremy Hoel wrote:
>>>>
>>>> yes.. you can use ipvar for just ipv4 only.
>>>>
>>>> Now that I'm in front on a computer.. I see I may have over simplified
>>>> something..
>>>>
>>>> You have preprocessor stanszas in your config (frag, stream, ftp,
>>>> smtp, etc).. so you need to have those preprocessors loaded.  When you
>>>> mentioned the folder they had been looking for was empty, did you by
>>>> chance look for them in another folder?
>>>
>>>
>>> I finally found the information and it's all where it's supposed to be.
>>
>> Ok.. that's good. I know it was a genaric response, but I was in the
>> car.. so sorry. :-)  glad you found the files.  Was the path wrong in
>> the snort.conf?
>
>
> The path was correct! I just didn't recurse into the directory properly it
> seems..... causing a false negative.
>
> Emailing and driving? That's a new one :-)

hahaa..  drive through..  takes forever!

>>
>>>> You are using OpenBSD 5.2 SPARC64 and I haven't used that, so it could
>>>> be they got installed somewhere else.
>>>>
>>>> did you install from source or from the package manager?
>>>
>>>
>>> Installed from source as OpenBSD doesn't yet "officially" support version
>>> 2.9.x
>>>
>>> I am using Daq version 2.0.0 from my first test with Snort 2.9.4 - could
>>> this be the issue? Should I downgrade to 1.1.1?
>>>
>>> However, the install went ok with no errors at all from Snorts point of
>>> view!
>>
>> Daw 2 should be fine, the errors you had been getting where snot.conf
>> errors.  If DAQ throughs an error, you'll know.  haha
>>
>> So Snorts working, good.  a always like to add the output to an alert
>> text file, or syslog, so I can make sure I'm getting alerts,..then I
>> do the unified2 part and remove the syslog/text file when I'm done.
>>
>> Have fun and keep playing!
>
>
> Erm nope :-( Snort isn't working still.... same old errors :-( :-(
>
>
> This is full output:

Can you paste your snort.conf?




More information about the Snort-users mailing list