Snort mailing list archives

Previous By Date Next
Previous By Thread Next

NO output from Snort to MySql

From: "Bristol, Gary L." <gbristol () ou edu>
Date: Fri, 8 Oct 2004 18:31:31 -0500
I have a Sensor that has been built using Fedora Core 1.

I'm trying to get it to output it's information to a MySql database on
another system.

Snort 2.1.0, MySql Client were installed from rpm's on the Previously
working sensor image, (I'm trying to update it).

Upgraded the packages installed using YUM.
Installed the Snort 2.1.3 and Snort-Mysql 2.1.3 from Snort.org.

I'm getting alert generation but nothing added to the database, on the
other server.

I switched to Unified output and it generates the files but when I start
Barnyard I get the following error.

[root@provost bin]# ./barnyard -c /etc/snort/barnyard.conf -g
/etc/snort/gen-msg.map -s /etc/snort/sid-msg.map -d /var/log/snort -f
snort.log -w /var/log/snort/bylog.waldo
Barnyard Version 0.2.0 (Build 32)
Opened spool file '/var/log/snort/snort.log.1097273924'
ERROR: No input plugin found for magic: a1b2c3d4
Fatal Error, Quitting..
Exiting

The Snort Configuration is now back to trying to connect to the other
server with no luck.

Ideas on where to look would be appreciated.

This has been very frustrating as I tried to do a fresh image install
first, installing the Mysql, Snort and everything else from source and I
couldn't get Snort to recognize that it had been compiled with the MySql
option.




Gary L. Bristol
ISSO
University of Oklahoma
IT Department
175 Kuhlman Court
Norman, OK 73019
405-325-2236

**********************************************************************

This transmission may contain information that is privileged,
confidential and/or exempt from disclosure under applicable law. If you
are not the intended recipient, you are hereby notified that any
disclosure, copying, distribution, or use of the information contained
herein (including any reliance thereon) is STRICTLY PROHIBITED. If you
received this transmission in error, please immediately contact the
sender and destroy the material in its entirety, whether in electronic
or hard copy format. Thank you

**********************************************************************



-------------------------------------------------------
This SF.net email is sponsored by: IT Product Guide on ITManagersJournal
Use IT products in your business? Tell us what you think of them. Give us
Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more
http://productguide.itmanagersjournal.com/guidepromo.tmpl
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: