[Snort-users] on snort

Joel Esler jesler at ...1935...
Fri Feb 10 10:08:30 EST 2012


Here's my dilemma....  help you troubleshoot this, or point to the warning
in the start up:

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!! WARNING: The database output plugins are considered deprecated as
!!          of Snort 2.9.2 and will be removed in Snort 2.9.3.
!!          The recommended approach to logging is to use unified2 with
!!          barnyard2 or similar.
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

I'm going to go ahead and suggest you forgot logging to the db directly and
use unified2 with barnyard2.

On Fri, Feb 10, 2012 at 7:45 AM, Jagan Mohan Reddy D <
jagan.mohan507 at ...11827...> wrote:

> While running the following command, i got some database errors.
>
> I was configured with Mysql+BASE+ Barnyard2
>
> $ sudo /usr/local/snort/bin/snort -i eth0 --daq-dir=/usr/local/lib/daq -l
> /var/log/snort -c /usr/local/snort/etc/snort.conf
>
> Running in IDS mode
>
>         --== Initializing Snort ==--
> Initializing Output Plugins!
> Initializing Preprocessors!
> Initializing Plug-ins!
> Parsing Rules file "/usr/local/snort/etc/snort.conf"
> PortVar 'HTTP_PORTS' defined :  [ 80:81 311 591 593 901 1220 1414 1830
> 2301 2381 2809 3128 3702 4343 5250 7001 7145 7510 7777 7779 8000 8008 8014
> 8028 8080 8088 8118 8123 8180:8181 8243 8280 8800 8888 8899 9080 9090:9091
> 9443 9999 11371 55555 ]
> PortVar 'SHELLCODE_PORTS' defined :  [ 0:79 81:65535 ]
> PortVar 'ORACLE_PORTS' defined :  [ 1024:65535 ]
> PortVar 'SSH_PORTS' defined :  [ 22 ]
> PortVar 'FTP_PORTS' defined :  [ 21 2100 3535 ]
> PortVar 'SIP_PORTS' defined :  [ 5060:5061 5600 ]
> PortVar 'FILE_DATA_PORTS' defined :  [ 80:81 110 143 311 591 593 901 1220
> 1414 1830 2301 2381 2809 3128 3702 4343 5250 7001 7145 7510 7777 7779 8000
> 8008 8014 8028 8080 8088 8118 8123 8180:8181 8243 8280 8800 8888 8899 9080
> 9090:9091 9443 9999 11371 55555 ]
> PortVar 'GTP_PORTS' defined :  [ 2123 2152 3386 ]
> Detection:
>    Search-Method = AC-Full-Q
>     Split Any/Any group = enabled
>     Search-Method-Optimizations = enabled
>     Maximum pattern length = 20
> Tagged Packet Limit: 256
> Loading dynamic engine
> /usr/local/snort/lib/snort_dynamicengine/libsf_engine.so... done
> Loading all dynamic detection libs from
> /usr/local/snort/lib/snort_dynamicrules...
>   Loading dynamic detection library
> /usr/local/snort/lib/snort_dynamicrules/netbios.so... done
>   Loading dynamic detection library
> /usr/local/snort/lib/snort_dynamicrules/multimedia.so... done
>   Loading dynamic detection library
> /usr/local/snort/lib/snort_dynamicrules/nntp.so... done
>   Loading dynamic detection library
> /usr/local/snort/lib/snort_dynamicrules/snmp.so... done
>   Loading dynamic detection library
> /usr/local/snort/lib/snort_dynamicrules/dos.so... done
>   Loading dynamic detection library
> /usr/local/snort/lib/snort_dynamicrules/web-client.so... done
>   Loading dynamic detection library
> /usr/local/snort/lib/snort_dynamicrules/imap.so... done
>   Loading dynamic detection library
> /usr/local/snort/lib/snort_dynamicrules/web-iis.so... done
>   Loading dynamic detection library
> /usr/local/snort/lib/snort_dynamicrules/bad-traffic.so... done
>   Loading dynamic detection library
> /usr/local/snort/lib/snort_dynamicrules/web-misc.so... done
>   Loading dynamic detection library
> /usr/local/snort/lib/snort_dynamicrules/smtp.so... done
>   Loading dynamic detection library
> /usr/local/snort/lib/snort_dynamicrules/exploit.so... done
>   Loading dynamic detection library
> /usr/local/snort/lib/snort_dynamicrules/specific-threats.so... done
>   Loading dynamic detection library
> /usr/local/snort/lib/snort_dynamicrules/p2p.so... done
>   Loading dynamic detection library
> /usr/local/snort/lib/snort_dynamicrules/misc.so... done
>   Loading dynamic detection library
> /usr/local/snort/lib/snort_dynamicrules/web-activex.so... done
>   Loading dynamic detection library
> /usr/local/snort/lib/snort_dynamicrules/icmp.so... done
>   Loading dynamic detection library
> /usr/local/snort/lib/snort_dynamicrules/chat.so... done
>   Finished Loading all dynamic detection libs from
> /usr/local/snort/lib/snort_dynamicrules
> Loading all dynamic preprocessor libs from
> /usr/local/snort/lib/snort_dynamicpreprocessor/...
>   Loading dynamic preprocessor library
> /usr/local/snort/lib/snort_dynamicpreprocessor//libsf_pop_preproc.so... done
>   Loading dynamic preprocessor library
> /usr/local/snort/lib/snort_dynamicpreprocessor//libsf_imap_preproc.so...
> done
>   Loading dynamic preprocessor library
> /usr/local/snort/lib/snort_dynamicpreprocessor//libsf_dnp3_preproc.so...
> done
>   Loading dynamic preprocessor library
> /usr/local/snort/lib/snort_dynamicpreprocessor//libsf_ftptelnet_preproc.so...
> done
>   Loading dynamic preprocessor library
> /usr/local/snort/lib/snort_dynamicpreprocessor//libsf_sdf_preproc.so... done
>   Loading dynamic preprocessor library
> /usr/local/snort/lib/snort_dynamicpreprocessor//libsf_ssl_preproc.so... done
>   Loading dynamic preprocessor library
> /usr/local/snort/lib/snort_dynamicpreprocessor//libsf_dce2_preproc.so...
> done
>   Loading dynamic preprocessor library
> /usr/local/snort/lib/snort_dynamicpreprocessor//libsf_smtp_preproc.so...
> done
>   Loading dynamic preprocessor library
> /usr/local/snort/lib/snort_dynamicpreprocessor//libsf_dns_preproc.so... done
>   Loading dynamic preprocessor library
> /usr/local/snort/lib/snort_dynamicpreprocessor//libsf_sip_preproc.so... done
>   Loading dynamic preprocessor library
> /usr/local/snort/lib/snort_dynamicpreprocessor//libsf_reputation_preproc.so...
> done
>   Loading dynamic preprocessor library
> /usr/local/snort/lib/snort_dynamicpreprocessor//libsf_ssh_preproc.so... done
>   Loading dynamic preprocessor library
> /usr/local/snort/lib/snort_dynamicpreprocessor//libsf_modbus_preproc.so...
> done
>   Loading dynamic preprocessor library
> /usr/local/snort/lib/snort_dynamicpreprocessor//libsf_gtp_preproc.so... done
>   Finished Loading all dynamic preprocessor libs from
> /usr/local/snort/lib/snort_dynamicpreprocessor/
> Log directory = /var/log/snort
> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
> !! WARNING: The database output plugins are considered deprecated as
> !!          of Snort 2.9.2 and will be removed in Snort 2.9.3.
> !!          The recommended approach to logging is to use unified2 with
> !!          barnyard2 or similar.
> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
> database: must enter database name in configuration file
>
>
> USAGE: database plugin
>
>  output database: [log | alert], [type of database], [parameter list]
>
>  [log | alert] selects whether the plugin will use the alert or
>  log facility.
>
>  For the first argument, you must supply the type of database.
>  The possible values are mysql, postgresql, odbc, oracle and
>  mssql
>  The parameter list consists of key value pairs. The proper
>  format is a list of key=value pairs each separated a space.
>
>  The only parameter that is absolutely necessary is "dbname".
>  All other parameters are optional but may be necessary
>  depending on how you have configured your RDBMS.
>
>  dbname - the name of the database you are connecting to
>
>  host - the host the RDBMS is on
>
>  port - the port number the RDBMS is listening on
>
>  user - connect to the database as this user
>
>  password - the password for given user
>
>  sensor_name - specify your own name for this snort sensor. If you
>         do not specify a name one will be generated automatically
>
>  encoding - specify a data encoding type (hex, base64, or ascii)
>
>  detail - specify a detail level (full or fast)
>
>  ignore_bpf - specify if you want to ignore the BPF part for a sensor
>
>               definition (yes or no, no is default)
>
>  FOR EXAMPLE:
>  The configuration I am currently using is MySQL with the database
>  name of "snort". The user "snortusr at ...274..." has INSERT and SELECT
>  privileges on the "snort" database and does not require a password.
>  The following line enables snort to log to this database.
>
>  output database: log, mysql, dbname=snort user=snortusr host=localhost
>
> ERROR:
> Fatal Error, Quitting..
>
> What happen to my snort.....?
>
> Can any one help me on this......
>
> ----------------
> D J M Reddy
>
>
>
> ------------------------------------------------------------------------------
> Virtualization & Cloud Management Using Capacity Planning
> Cloud computing makes use of virtualization - but cloud computing
> also focuses on allowing computing to be delivered as a service.
> http://www.accelacomm.com/jaw/sfnl/114/51521223/
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
>



-- 
Joel Esler
Senior Research Engineer, VRT
OpenSource Community Manager
Sourcefire
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20120210/8c5508e2/attachment.html>


More information about the Snort-users mailing list