Re: NO output from Snort to MySql

["Shawn Kottke" <skottke () datalink com>]

Check the snort-users archives. Someone not to long ago was trying the same thing without much success, but he did get 
things working. Also in response to that someone else (sorry I don't recall the authors name) took some existing 
documentation and altered it to assist in this type of setup. 

Hope this helps to point you in the right direction. 





-----Original Message-----
From: snort-users-admin () lists sourceforge net <snort-users-admin () lists sourceforge net>
To: snort-users () lists sourceforge net <snort-users () lists sourceforge net>
Sent: Fri Oct 08 18:31:31 2004
Subject: [Snort-users] NO output from Snort to MySql

I have a Sensor that has been built using Fedora Core 1.

I'm trying to get it to output it's information to a MySql database on
another system.

Snort 2.1.0, MySql Client were installed from rpm's on the Previously
working sensor image, (I'm trying to update it).

Upgraded the packages installed using YUM.
Installed the Snort 2.1.3 and Snort-Mysql 2.1.3 from Snort.org.

I'm getting alert generation but nothing added to the database, on the
other server.

I switched to Unified output and it generates the files but when I start
Barnyard I get the following error.

[root@provost bin]# ./barnyard -c /etc/snort/barnyard.conf -g
/etc/snort/gen-msg.map -s /etc/snort/sid-msg.map -d /var/log/snort -f
snort.log -w /var/log/snort/bylog.waldo
Barnyard Version 0.2.0 (Build 32)
Opened spool file '/var/log/snort/snort.log.1097273924'
ERROR: No input plugin found for magic: a1b2c3d4
Fatal Error, Quitting..
Exiting

The Snort Configuration is now back to trying to connect to the other
server with no luck.

Ideas on where to look would be appreciated.

This has been very frustrating as I tried to do a fresh image install
first, installing the Mysql, Snort and everything else from source and I
couldn't get Snort to recognize that it had been compiled with the MySql
option.




Gary L. Bristol
ISSO
University of Oklahoma
IT Department
175 Kuhlman Court
Norman, OK 73019
405-325-2236

**********************************************************************

This transmission may contain information that is privileged,
confidential and/or exempt from disclosure under applicable law. If you
are not the intended recipient, you are hereby notified that any
disclosure, copying, distribution, or use of the information contained
herein (including any reliance thereon) is STRICTLY PROHIBITED. If you
received this transmission in error, please immediately contact the
sender and destroy the material in its entirety, whether in electronic
or hard copy format. Thank you

**********************************************************************



-------------------------------------------------------
This SF.net email is sponsored by: IT Product Guide on ITManagersJournal
Use IT products in your business? Tell us what you think of them. Give us
Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more
http://productguide.itmanagersjournal.com/guidepromo.tmpl
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=ort-users