[Snort-users] BASE installation in snort

Joel Esler (jesler) jesler at ...589...
Mon May 12 09:24:04 EDT 2014


On May 12, 2014, at 8:33 AM, basant subba <basantsubba at ...11827...<mailto:basantsubba at ...11827...>> wrote:

Hello Snort Users. I am trying to log my alerts to mysql database. The snort.conf files says that for debian systems I've to do database configurations in database.conf file as listed below.....

# On Debian Systems, the database configuration is kept in a separate file:
# /etc/snort/database.conf.
# This file can be empty, if you are not using any database information
# If you are using databases, please edit that file instead of this one, to
# ensure smoother upgrades to future versions of this package.

My database.conf file is

output database: alert, mysql, user=snort password=snort dbname=snort host=localhost

However when I am running snort, I am getting this error.

ERROR: database.conf(1) Unknown output plugin: "database"
Fatal Error, Quitting..

Can anyone please help me fix this problem?

The database output plugin was removed in Snort 2.9.3.0, you need to have Snort output in unified2 format, and use a program called barnyard2 to process those files for insertion into the database.

--
Joel Esler
Open Source Manager
Threat Intelligence Team Lead
Vulnerability Research Team
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140512/6d0ec84e/attachment.html>


More information about the Snort-users mailing list