[Snort-users] error at logging to database

Miquel Tur mtur at ...16412...
Wed Jun 12 07:17:36 EDT 2013


Hi,

I trying to log at my database log alerts, but if the rule is like:

*log tcp any...*

It doesn't work and display this warning:

* WARNING database [Database()]: Called with Event[0x0] Event Type [0]
(P)acket [0x9954860], information has not been outputed.*
*
*
but if the rule is an alert:

*alert tcp any... (with the same rule, only changing this)*

It works.

I use the output unified2 in snort and a postgresql database for the
barnyard2 output.

The most curious is that all work correctly if the rule is an alert, but if
it is an log, i only can see the warning and the event is notsaved in the
database.

thanks for your help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20130612/30c6ba87/attachment.html>


More information about the Snort-users mailing list