Snort mailing list archives
reg Snort IDMEF plugin problem, NULL facility
From: Mayank Bhatnagar <mayank () ncb ernet in>
Date: Wed, 30 Mar 2005 15:20:28 +0530 (IST)
hi Snort Users, I have installed Snort IDMEF plugin. There were some initial problems with patching but that were sorted by manually patching the file. I didnt get further problems in configure and make, make install. Then I enabled IDMEF plugin in configuration in snort.conf, with the following minimum but MUST arguments, ----------------------------------------------------------- output idmef: 172.16.5.0/24 output=log logto=/var/log/snort/idmef_alerts.log analyzerid=IDS1 dtd=/data/EIDS/CodeTrials/EC/Tools/snort-idmef/idmef-message.dtd ----------------------------------------------------------- and ran snort for some time in default alert mode with -dev options, I am getting the following error ----------------------------------------------------------- ERROR: IDMEF: cannot output messages on a NULL facility ----------------------------------------------------------- I referred for this error in Snort Users archive and found a similar posting, http://archives.neohapsis.com/archives/snort/2003-09/0565.html The error refers to the same NULL facility, but there has been no answers/reply. Please suggest what could be problem. I am sure there is some configuration problem with respect to the output idmef: plugin. But since Snort initially says ----------------------------------------------------------- IDMEF: No stored alert id. Continuing with alert id = 1 Snort IDMEF Plugin successfully initialized ----------------------------------------------------------- it is sugesting IDMEF has been properly initialised. My OS: Fedora Core release 2 (Tettnang) Snort version: snort-2.3.0 snort-idmef version: snort-idmef-plugin-1.2.1alpha2.0.5 Libidmef: libidmef-0.7.3-beta (source bz2) Regards, Mayank Bhatnagar mayank () ncb ernet in 68 Electronics City , CDAC (Formerly NCST), Bangalore-560100. Ph: 080-28523300/28520259-1200 Fax: 080-28520239 __________________________________________________________________ ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- reg Snort IDMEF plugin problem, NULL facility Mayank Bhatnagar (Mar 30)
- <Possible follow-ups>
- reg Snort IDMEF plugin problem, NULL facility Mayank Bhatnagar (Mar 30)