Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Dynamic Preprocessor Example doesn't log in Database

From: Nick Moore <nmoore () sourcefire com>
Date: Mon, 4 Apr 2011 06:46:22 -0500
Thomas,

Can you provide a copy of your snort.conf and barnyard.conf files?

Thanks!

Nick

On Mon, Apr 4, 2011 at 3:06 AM, Thomas LESTRIEZ <thomas.lestriez () edf fr>wrote:



Hello,

I am using Snort 2.9.0.3 in a Debian.

I can log in database thanks to the snort's classic rule system, like does
my "test.rules" file contains a rule alerting when the port 200 is used in
the network. So my Mysql database works and my snort.conf and barnyard2.conf
seems to be well configured.

I installed and compiled the Dynamic Preprocessor Example of Snort. It
works well, and I can see logs in the syslog file when the Dynamic
Preprocessor Example matches the port I configured in snorf.conf (11123).

My problem is: * Only the dynamic preprocessor example doesn't log in
Mysql database* (It just logs in the syslog). The example use the
"_dpd.addAlert(.......);  " function, but it seems it doesn't work for me...

Could you help me please?

Thank you.

PS: I tested with another dynamic prepreocessor, it doesn't log in database
neither.

Regards,


      *Thomas LESTRIEZ**
Apprenti Ingénieur*
EDF - R&D
SINETICS
1, avenue du Général de Gaulle
BP 408
92141 Clamart Cedex

*thomas.lestriez () edf fr*
Tél. : 0147653811   Un geste simple pour l'environnement, n'imprimez ce
message que si vous en avez l'utilité.



Ce message et toutes les pièces jointes (ci-après le 'Message') sont
établis à l'intention exclusive des destinataires et les informations qui y
figurent sont strictement confidentielles. Toute utilisation de ce Message
non conforme à sa destination, toute diffusion ou toute publication totale
ou partielle, est interdite sauf autorisation expresse.

Si vous n'êtes pas le destinataire de ce Message, il vous est interdit de
le copier, de le faire suivre, de le divulguer ou d'en utiliser tout ou
partie. Si vous avez reçu ce Message par erreur, merci de le supprimer de
votre système, ainsi que toutes ses copies, et de n'en garder aucune trace
sur quelque support que ce soit. Nous vous remercions également d'en avertir
immédiatement l'expéditeur par retour du message.

Il est impossible de garantir que les communications par messagerie
électronique arrivent en temps utile, sont sécurisées ou dénuées de toute
erreur ou virus.
____________________________________________________

This message and any attachments (the 'Message') are intended solely for
the addressees. The information contained in this Message is confidential.
Any use of information contained in this Message not in accord with its
purpose, any dissemination or disclosure, either whole or partial, is
prohibited except formal approval.

If you are not the addressee, you may not copy, forward, disclose or use
any part of it. If you have received this message in error, please delete it
and all copies from your system and notify the sender immediately by return
message.

E-mail communication cannot be guaranteed to be timely secure, error or
virus-free.

------------------------------------------------------------------------------
Create and publish websites with WebMatrix
Use the most popular FREE web apps or write code yourself;
WebMatrix provides all the features you need to develop and
publish your website. http://p.sf.net/sfu/ms-webmatrix-sf

_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel





-- 
Nick Moore, SFCE, CISSP, CISA
Sr. Systems Engineer
Voice 708-336-9041
Email nick.moore () sourcefire com
IM    nickgmoore (Yahoo)
       nickgmoore38 (AIM)

    ,,_
   o"  )~   Sourcefire - The Creators of Snort
    ''''

www.sourcefire.com         www.snort.org


------------------------------------------------------------------------------
Xperia(TM) PLAY
It's a major breakthrough. An authentic gaming
smartphone on the nation's most reliable network.
And it wants your games.
http://p.sf.net/sfu/verizon-sfdev
_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel
Previous By Date Next
Previous By Thread Next

Current thread: