Snort mailing list archives
Re: MySQL support for Snort 2.9.4
From: Jeremy Hoel <jthoel () gmail com>
Date: Mon, 10 Dec 2012 19:39:01 -0700
On Mon, Dec 10, 2012 at 7:37 PM, Kaya Saman <kayasaman () gmail com> wrote:
On 12/11/2012 02:33 AM, Jeremy Hoel wrote:On Mon, Dec 10, 2012 at 7:28 PM, Kaya Saman <kayasaman () gmail com> wrote:On 12/11/2012 02:22 AM, Jeremy Hoel wrote:yes.. you can use ipvar for just ipv4 only. Now that I'm in front on a computer.. I see I may have over simplified something.. You have preprocessor stanszas in your config (frag, stream, ftp, smtp, etc).. so you need to have those preprocessors loaded. When you mentioned the folder they had been looking for was empty, did you by chance look for them in another folder?I finally found the information and it's all where it's supposed to be.Ok.. that's good. I know it was a genaric response, but I was in the car.. so sorry. :-) glad you found the files. Was the path wrong in the snort.conf?The path was correct! I just didn't recurse into the directory properly it seems..... causing a false negative. Emailing and driving? That's a new one :-)
hahaa.. drive through.. takes forever!
You are using OpenBSD 5.2 SPARC64 and I haven't used that, so it could be they got installed somewhere else. did you install from source or from the package manager?Installed from source as OpenBSD doesn't yet "officially" support version 2.9.x I am using Daq version 2.0.0 from my first test with Snort 2.9.4 - could this be the issue? Should I downgrade to 1.1.1? However, the install went ok with no errors at all from Snorts point of view!Daw 2 should be fine, the errors you had been getting where snot.conf errors. If DAQ throughs an error, you'll know. haha So Snorts working, good. a always like to add the output to an alert text file, or syslog, so I can make sure I'm getting alerts,..then I do the unified2 part and remove the syslog/text file when I'm done. Have fun and keep playing!Erm nope :-( Snort isn't working still.... same old errors :-( :-( This is full output:
Can you paste your snort.conf? ------------------------------------------------------------------------------ LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial Remotely access PCs and mobile devices and provide instant support Improve your efficiency, and focus on delivering more value-add services Discover what IT Professionals Know. Rescue delivers http://p.sf.net/sfu/logmein_12329d2d _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Re: MySQL support for Snort 2.9.4, (continued)
- Re: MySQL support for Snort 2.9.4 beenph (Dec 10)
- Re: MySQL support for Snort 2.9.4 Kaya Saman (Dec 10)
- Re: MySQL support for Snort 2.9.4 Jeremy Hoel (Dec 10)
- Re: MySQL support for Snort 2.9.4 Kaya Saman (Dec 10)
- Re: MySQL support for Snort 2.9.4 Jeremy Hoel (Dec 10)
- Re: MySQL support for Snort 2.9.4 Kaya Saman (Dec 10)
- Re: MySQL support for Snort 2.9.4 Jeremy Hoel (Dec 10)
- Re: MySQL support for Snort 2.9.4 Kaya Saman (Dec 10)
- Re: MySQL support for Snort 2.9.4 Jeremy Hoel (Dec 10)
- Re: MySQL support for Snort 2.9.4 Kaya Saman (Dec 10)
- Re: MySQL support for Snort 2.9.4 Jeremy Hoel (Dec 10)
- Re: MySQL support for Snort 2.9.4 Kaya Saman (Dec 10)
- Re: MySQL support for Snort 2.9.4 Jeremy Hoel (Dec 10)
- Re: MySQL support for Snort 2.9.4 Kaya Saman (Dec 10)
- Re: MySQL support for Snort 2.9.4 Jeremy Hoel (Dec 10)
- Re: MySQL support for Snort 2.9.4 Kaya Saman (Dec 10)
- Re: MySQL support for Snort 2.9.4 Kaya Saman (Dec 11)
- Re: MySQL support for Snort 2.9.4 Jeremy Hoel (Dec 11)
- Re: MySQL support for Snort 2.9.4 Kaya Saman (Dec 11)
- Re: MySQL support for Snort 2.9.4 Kaya Saman (Dec 11)
- Re: MySQL support for Snort 2.9.4 Joel Esler (Dec 11)