[Snort-users] BASE installation in snort

Joel Esler (jesler) jesler at ...589...
Mon May 12 09:24:04 EDT 2014

On May 12, 2014, at 8:33 AM, basant subba <basantsubba at ...11827...<mailto:basantsubba at ...11827...>> wrote:

Hello Snort Users. I am trying to log my alerts to mysql database. The snort.conf files says that for debian systems I've to do database configurations in database.conf file as listed below.....

# On Debian Systems, the database configuration is kept in a separate file:
# /etc/snort/database.conf.
# This file can be empty, if you are not using any database information
# If you are using databases, please edit that file instead of this one, to
# ensure smoother upgrades to future versions of this package.

My database.conf file is

output database: alert, mysql, user=snort password=snort dbname=snort host=localhost

However when I am running snort, I am getting this error.

ERROR: database.conf(1) Unknown output plugin: "database"
Fatal Error, Quitting..

Can anyone please help me fix this problem?

The database output plugin was removed in Snort, you need to have Snort output in unified2 format, and use a program called barnyard2 to process those files for insertion into the database.

Joel Esler
Open Source Manager
Threat Intelligence Team Lead
Vulnerability Research Team
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140512/6d0ec84e/attachment.html>

More information about the Snort-users mailing list