Snort mailing list archives
Re: RE: SMB Alerts w/MySQL
From: Phil Wood <cpw () lanl gov>
Date: Fri, 24 Aug 2001 16:00:52 -0600
The output processor is invoked using: output alert_smb: $NETBIOS_HOSTS_FILE On Fri, Aug 24, 2001 at 04:39:13PM -0400, Kevin Pietersma wrote:
Did you compile SMB support into SNORT? ./configure --enable-smbalerts --with-mysql=/usr kev At 02:36 PM 8/24/01 -0600, Paul D. Shaffer wrote:Yeah, I tried that (even though I couldn't find it in the documentation anywhere). Snort says: "WARNING* unknown output plugin "smbalert", ignoring! -M works fine on the cmdline, so what have I overlooked? Paul -----Original Message----- From: Kevin Pietersma [mailto:kev () attcanada net] Sent: Friday, August 24, 2001 2:05 PM To: Paul D. Shaffer; snort-users () lists sourceforge net Subject: Re: [Snort-users] SMB Alerts w/MySQL Don't use -M on the command-line. Specify SMB output in your snort.conf output database: alert, mysql, dbname=snort user=snort host=10.*.*.* password=***** sensor_name=name detail=full output smbalert: /etc/snort/smbhosts cheers, kev At 01:15 PM 8/24/01 -0600, Paul D. Shaffer wrote:Does anyone know a way to get SMB alert working in conjunction with MySQL logging? Is there a way to config SMB alert as an output plugin in snort.conf? Whenever I use the -M switch on the cmdline, MySQL logging stops - with the obligatory warning about command-line override, of course. tks... cheers, Paul _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- Phil Wood, cpw () lanl gov _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- SMB Alerts w/MySQL Paul D. Shaffer (Aug 24)
- Re: SMB Alerts w/MySQL Kevin Pietersma (Aug 24)
- RE: SMB Alerts w/MySQL Paul D. Shaffer (Aug 24)
- RE: SMB Alerts w/MySQL Kevin Pietersma (Aug 24)
- Re: RE: SMB Alerts w/MySQL Phil Wood (Aug 24)
- RE: SMB Alerts w/MySQL Paul D. Shaffer (Aug 24)
- Re: SMB Alerts w/MySQL Kevin Pietersma (Aug 24)