[Snort-users] Snort-Prelude Problem

Joel Esler jesler at ...1935...
Fri May 11 10:26:42 EDT 2012


There have been many features added to Snort recently that are not
supported by Prelude.  The Prelude plugin is not QA tested by us, and
frankly we don't know if it works.  The developer of the prelude plugin
(from prelude) has not responded to any emails from us over the past two
years and attempts to contact Prelude have been unsuccessful.

We are standardizing on the unified2 output module and encourage people to
use barnyard2 to process the unified2 files.  It's up to the barnyard2
folks if they would like to incorporate the plugins that we are dropping
from Snort into barnyard2.

Joel

On Fri, May 11, 2012 at 3:34 AM, Ralf Spenneberg <ralf at ...15636...>wrote:

> Hi Joel,
>
> Am Mittwoch, den 18.04.2012, 12:41 -0400 schrieb Joel Esler:
> > That being said, prelude support is being removed in the next major
> version of Snort (2.9.3)
> What is the reasoning behind removing the support? Are there any
> features added which are not supported by Prelude?
>
> Kind regards,
>
> Ralf
>
> >
> > --
> > Joel Esler
> > Senior Research Engineer, VRT
> > OpenSource Community Manager
> > Sourcefire
> >
> >
> > On Apr 18, 2012, at 3:03 AM, Faegheh Majidzadeh wrote:
> >
> > > Hello,
> > >
> > > I have 3 snort IDSs which are installed on vm and ubuntu 10.4 OS. I
> have to correlate these snorts so I use prelude as a correlator. I
> installed snort-2.9.2 on 3 vm through the installation manual (
> www.snort.org/assets/158/014-snortinstallguide292.pdf)  but a little
> changes in configuring snort by . /configure -enable-prelude. Then I add
> the snort to the prelude manager and changed in the snort.conf output-alert
> prelude: profile snort. I have some problems:
> > >
> > > 1)  When running snort it shows an error: output-alert prelude:
> profile snort is not recognized. I doubted if there is any problem with
> snort-2.9.2 and prelude.
> > > 2) Snort doesn’t show up as an agent in prelude manager.
> > >
> > > Is there anyone who experienced installing snort as a prelude sensor?
> > > Does snort version cause the problem?
> > >
> > > Thanks in advance,
> > > F.Majidzadeh
> > >
> ------------------------------------------------------------------------------
> > > Better than sec? Nothing is better than sec when it comes to
> > > monitoring Big Data applications. Try Boundary one-second
> > > resolution app monitoring today. Free.
> > >
> http://p.sf.net/sfu/Boundary-dev2dev_______________________________________________
> > > Snort-users mailing list
> > > Snort-users at lists.sourceforge.net
> > > Go to this URL to change user options or unsubscribe:
> > > https://lists.sourceforge.net/lists/listinfo/snort-users
> > > Snort-users list archive:
> > > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> > >
> > > Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
> >
> >
> >
> ------------------------------------------------------------------------------
> > Better than sec? Nothing is better than sec when it comes to
> > monitoring Big Data applications. Try Boundary one-second
> > resolution app monitoring today. Free.
> > http://p.sf.net/sfu/Boundary-dev2dev
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> >
> > Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
>
>
>


-- 
Joel Esler
Senior Research Engineer, VRT
OpenSource Community Manager
Sourcefire
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20120511/0b593ea5/attachment.html>


More information about the Snort-users mailing list