[Snort-users] error at logging to database
beenph at ...11827...
Wed Jun 19 11:15:56 EDT 2013
On Wed, Jun 12, 2013 at 7:17 AM, Miquel Tur <mtur at ...16412...> wrote:
> I trying to log at my database log alerts, but if the rule is like:
> log tcp any...
> It doesn't work and display this warning:
> WARNING database [Database()]: Called with Event[0x0] Event Type 
> (P)acket [0x9954860], information has not been outputed.
> but if the rule is an alert:
> alert tcp any... (with the same rule, only changing this)
> It works.
> I use the output unified2 in snort and a postgresql database for the
> barnyard2 output.
> The most curious is that all work correctly if the rule is an alert, but if
> it is an log, i only can see the warning and the event is notsaved in the
alert - generate an alert using the selected alert method, and then
log the packet
log - log the packet
Barnyard2 Need a event and a packet to output to database.
As i understand it if you only use LOG as a rule action, only the
packet thus the behavior your observe.
More information about the Snort-users