Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Syslog,MySql, IDS Center /Eagle X

From: Ueli Kistler <iuk () gmx ch>
Date: Mon, 19 May 2003 19:03:40 +0200
Hello

McBurnett, Jim wrote:


Ok all,
I have searched all the archives, googled this to death and I am still drawing a blank.. 
I know I am missing something.
I am running this on a Windows XP, Fresh install, norton AV.
System is running a 2.6 Ghz P4 with 512M RAM..
Started with the Eagle X package.
MySql, ACID it all works great...
sure, but it's old.. at leat update to Snort 2.0.. update will be available soon after putting online the new website: www.engagesecurity.com
I tried to add Syslog to it and Bingo-- It crashes every time it sends a message.. I tried to send to an external syslog.. no go. I tried an on Machine Syslog. 
No go.. System has 3 NICS, and I am using the 2nd NIC.
Snort 2.0 has a broken syslog support (i think.. correct me if i should be wrong .. but i don't think so) note that snort always tries to bind the socket to NIC 1! You must have -s option activated ("Log settings"->"Logging parameters".. Type hostname of the syslog server) 


I thought maybe it was an issue with Snort 1.9. So I updated to Snort 2.0
no .. activate "-s" option AND add an output plugin (syslog output plugin) in the output plugin wizard
No go, same problem, but now the snort service won't even start with Syslog enabled There is nothing in the Event log of relevance, the Test of the Config looks fine. I can post or email offlist the config file if anyone is willing to help me... 

Does anyone have any ideas?


Don't bother Chris Reid .. i'm sure he's working on this (or perhaps not) ;)


Thanks,
Jim


Regards,
   Ueli Kistler
eclipse () engagesecurity com www.engagesecurity.com (soon online) 

--



-------------------------------------------------------
This SF.net email is sponsored by: If flattening out C++ or Java
code to make your application fit in a relational database is painful, don't do it! Check out ObjectStore. Now part of Progress Software. 
http://www.objectstore.net/sourceforge
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: