Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: error at logging to database

From: beenph <beenph () gmail com>
Date: Wed, 19 Jun 2013 11:15:56 -0400
On Wed, Jun 12, 2013 at 7:17 AM, Miquel Tur <mtur () ce bdigital org> wrote:

Hi,

I trying to log at my database log alerts, but if the rule is like:

log tcp any...

It doesn't work and display this warning:

WARNING database [Database()]: Called with Event[0x0] Event Type [0]
(P)acket [0x9954860], information has not been outputed.

but if the rule is an alert:

alert tcp any... (with the same rule, only changing this)

It works.

I use the output unified2 in snort and a postgresql database for the
barnyard2 output.

The most curious is that all work correctly if the rule is an alert, but if
it is an log, i only can see the warning and the event is notsaved in the
database.


http://manual.snort.org/node29.html#SECTION00421000000000000000


alert - generate an alert using the selected alert method, and then
log the packet

log - log the packet

Barnyard2 Need a event and a packet to output to database.

As i understand it if you only use LOG as a rule action, only the
packet thus the behavior your observe.

-elz

------------------------------------------------------------------------------
This SF.net email is sponsored by Windows:

Build for Windows Store.

http://p.sf.net/sfu/windows-dev2dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: