Snort mailing list archives

Re: SMB alerts

From: "Scott Elgram" <SElgram () verifpoint com>
Date: Fri, 13 Aug 2004 14:14:04 -0700

would you or anyone happen to know why it was removed?
  ----- Original Message ----- 
  From: Joshua Berry 
  To: Scott Elgram 
  Cc: snort-users () lists sourceforge net 
  Sent: Friday, August 13, 2004 2:09 PM
  Subject: RE: [Snort-users] SMB alerts


  I believe that the smb output plugin was removed from Snort 2.1.3.  It is not even an option in my configure script.

   

  -----Original Message-----
  From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of 
Scott Elgram
  Sent: Friday, August 13, 2004 3:55 PM
  To: snort-users () lists sourceforge net
  Subject: [Snort-users] SMB alerts

   

  Hello,

      I am having a bit of trouble getting SMB alerts to work.  I have compiled snort-2.1.3 
"--with-mysql=/usr/local/mysql --enable-smbalerts".  And I added this to the ruleset containing the rules I want to be 
alerted for.

   

  ruletype smb_db_alert {

      type alert

      output alert_msb: workstation.list

      output database: log, mysql, user=<dbuser> password=<password> dbname=snort host=localhost encoding=hex 
detail=Full

  }

   

  However, After all that when I start snort i get;

   

  ERROR: unknown output plugin: 'alert_smb'Fatal Error, Quitting

   

  Any help would be appreciated greatly.

  Thanks

  -Scott

Current thread:

SMB alerts Scott Elgram (Aug 13)
- <Possible follow-ups>
- RE: SMB alerts Joshua Berry (Aug 13)
  - Re: SMB alerts Scott Elgram (Aug 13)
    - Re: SMB alerts Jason Haar (Aug 13)
    - Re: SMB alerts Frank Knobbe (Aug 13)
    - Re: SMB alerts Jason Haar (Aug 13)
  - Re: SMB alerts Martin Roesch (Aug 16)