Re: unknown output plugin: 'alert_syslog'

[Matt Kettler <mkettler () evi-inc com>]

At 03:29 PM 5/22/2003 -0400, Jeff Dickens wrote:
> I installed the RPM from snort.org "snort-1.9.1-1snort.i386.rpm" on Red Hat
> linux 7.3."
> When I try to use the "alert_syslog" output plugin I get this message:
>
> WARNING: unknown output plugin 'alert_syslog'
>
> In fact, if I just try to start up snort with the "-s" switch I get a usage
> message.  Did I get the wrong package ?

Note: Snort 1.9.1 is REMOTELY EXPLOITABLE due to a defect in the stream4 
preprocessor. DO NOT use 1.9.1 unless you disable stream4, as you will be 
vulnerable to attack for execution of arbitrary code at the user privilege 
level snort runs as (often root).

Really, I'd advise downloading a source tarball and building that. Binary 
RPMs are inherently fraught with problems unless they are made by your 
distribution provider, or explicitly for your specific distribution and 
release. For example a RPM that works for RedHat 8.0 may not work on 7.3 
due to shared library differences.

All that said, alert_syslog should work...

Could you quote the exact line in your config that you are using to invoke 
the plugin?

As for snort -s what other command line parameters did you pass? you need 
to give more than just a -s... snort -s -c /etc/snort.conf is a good start









-------------------------------------------------------
This SF.net email is sponsored by: ObjectStore.
If flattening out C++ or Java code to make your application fit in a
relational database is painful, don't do it! Check out ObjectStore.
Now part of Progress Software. http://www.objectstore.net/sourceforge
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users