Snort mailing list archives
Re: snort unable to log alert to database mysql
From: "Michael Steele" <michaels () winsnort com>
Date: Sun, 2 Dec 2012 16:29:28 -0500
It may have been removed from the code but there were versions of Snort released that did in fact have the output database option in the snort.conf. Was this confusing and misleading; I’m thinking it was. When Snort was ran it stated the output database was deprecated, why was the error output not as informative. Just a thought. This is going to happen from time to time with all the outdated guides out there, and messages referencing ‘output database’. Michael... WINSNORT.com Management Team Member -- ****************** Established ~ 2001 ******************* * Visit Us @ <http://www.winsnort.com> http://www.winsnort.com * * ~~ FREE WinIDS Snort installation guides ~~ * * ~~ FREE support forums ~~ * * Snort: Open Source Network IDS - <http://www.snort.org> http://www.snort.org * ********************************************************* From: Joel Esler [mailto:jesler () sourcefire com] Sent: Sunday, December 02, 2012 11:40 AM To: Michael Steele Cc: <snort-users () lists sourceforge net> Subject: Re: [Snort-users] snort unable to log alert to database mysql No. We didn't fail to remove it. When it was removed, it was removed. We've been asking people not to use it forever. -- Joel Esler Sent from my iPad On Dec 2, 2012, at 11:05 AM, "Michael Steele" <michaels () winsnort com <mailto:michaels () winsnort com> > wrote: I think the problem might be that Sourcefire failed to remove the database output option in some of the Snort releases after the option had been deprecated leaving users, especially new users, with the assumption that Snort would handle database output. It seems to me Snort could display a more descriptive error message when the ‘database’ output plugin option has been detected in the snort.conf. I think users can look at Banyard2 the same way as they have database options listed in the configuration file that are not supported. Michael... WINSNORT.com <http://WINSNORT.com> Management Team -- ****************** Established ~ 2001 ******************* * Visit Us @ <http://www.winsnort.com> http://www.winsnort.com * * ~~ FREE WinIDS Snort installation guides ~~ * * ~~ FREE support forums ~~ * * Snort: Open Source Network IDS - <http://www.snort.org> http://www.snort.org * ********************************************************* From: Y M [mailto:snort () outlook com] Sent: Sunday, December 02, 2012 8:58 AM To: TermVRL M; Snort User (snort-users () lists sourceforge net <mailto:snort-users () lists sourceforge net> ); snort-users-request () lists sourceforge net <mailto:snort-users-request () lists sourceforge net> Subject: Re: [Snort-users] snort unable to log alert to database mysql Which version of snort are you using? At my best knowledge, snort's own database output plugin is deprecated since 2.9.3.x. In that case, you will have to use barnyard2 to get alerts into the database. YM _____ From: TermVRL M Sent: 12/2/2012 4:42 PM To: Snort User (snort-users () lists sourceforge net <mailto:snort-users () lists sourceforge net> ); snort-users-request () lists sourceforge net <mailto:snort-users-request () lists sourceforge net> Subject: [Snort-users] snort unable to log alert to database mysql Hi all, i get this error when try to log snort output to database.. ERROR: /usr/local/snort/etc/snort.conf(535) Unknown output plugin: "database" ------------------------------------------------------------------------------ Keep yourself connected to Go Parallel: DESIGN Expert tips on starting your parallel project right. http://goparallel.sourceforge.net/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net <mailto:Snort-users () lists sourceforge net> Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Keep yourself connected to Go Parallel: DESIGN Expert tips on starting your parallel project right. http://goparallel.sourceforge.net/
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- snort unable to log alert to database mysql TermVRL M (Dec 02)
- <Possible follow-ups>
- Re: snort unable to log alert to database mysql Y M (Dec 02)
- Re: snort unable to log alert to database mysql Michael Steele (Dec 02)
- Re: snort unable to log alert to database mysql Joel Esler (Dec 02)
- Re: snort unable to log alert to database mysql Michael Steele (Dec 02)
- Re: snort unable to log alert to database mysql Michael Steele (Dec 02)
- Re: snort unable to log alert to database mysql Y M (Dec 02)