xml plugin

[Juergen Fiedler <juergen () fiedlerfamily net>]

Hi,

I have a Woody system with snort-mysql 1.8.4beta1-2 installed. My
snort.conf contains (among others) the following lines:

=======
output alert_fast: alert
output xml: alert, file=/perl/snort.pl protocol=http host=localhost port=80
=======

I can call http://localhost/perl/snort.pl and OK, but if I pound the
host with nmap, the corresponding messages get written to
/var/log/snort/alert, but snort.pl is never called.
A 'snort -c /etc/snort/snort.conf -T' gives me:

=======
ProcessFileOption: /var/log/snort/alert
xml_plugin: Logging to /perl/snort.pl
xml_plugin: Using http protocol
xml_plugin: Host set to localhost
xml_plugin: Port set to 80
xml_plugin: Using the "alert" facility
[...]
=======

Looks like the XML plugin is initialized correctly. Does anybody know
what I have to do to get it to actually do something?

Thanks in advance
--j

Attachment: _bin
Description: