Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: BASE installation in snort

From: "Joel Esler (jesler)" <jesler () cisco com>
Date: Mon, 12 May 2014 13:24:04 +0000
On May 12, 2014, at 8:33 AM, basant subba <basantsubba () gmail com<mailto:basantsubba () gmail com>> wrote:

Hello Snort Users. I am trying to log my alerts to mysql database. The snort.conf files says that for debian systems 
I've to do database configurations in database.conf file as listed below.....

# On Debian Systems, the database configuration is kept in a separate file:
# /etc/snort/database.conf.
# This file can be empty, if you are not using any database information
# If you are using databases, please edit that file instead of this one, to
# ensure smoother upgrades to future versions of this package.

My database.conf file is

output database: alert, mysql, user=snort password=snort dbname=snort host=localhost

However when I am running snort, I am getting this error.

ERROR: database.conf(1) Unknown output plugin: "database"
Fatal Error, Quitting..

Can anyone please help me fix this problem?

The database output plugin was removed in Snort 2.9.3.0, you need to have Snort output in unified2 format, and use a 
program called barnyard2 to process those files for insertion into the database.

--
Joel Esler
Open Source Manager
Threat Intelligence Team Lead
Vulnerability Research Team

------------------------------------------------------------------------------
"Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
Instantly run your Selenium tests across 300+ browser/OS combos.
Get unparalleled scalability from the best Selenium testing platform available
Simple to use. Nothing to install. Get started now for free."
http://p.sf.net/sfu/SauceLabs
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: