Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Question about snortd vs webmin snort configuration

From: Robb Stacy <rstacy () floridadigital net>
Date: Tue, 19 Nov 2002 11:38:15 -0500
I've been trying to figure out what has been happening here and it doesn't
make a lot of sense to me.  I start snortd when I boot up the machine.  The
entry in snortd is as follows:

 

daemon /usr/sbin/snort -A fast -b -l /var/log/snort -d -D \

                 -i $INTERFACE -c /etc/snort/snort.conf

 

Doing this causes the following to show in the messages file

 

snort: WARNING: command line overrides rules file alert plugin! 

snort: WARNING: command line overrides rules file logging plugin! 

snort: WARNING: command line overrides rules file alert plugin! 

snort: WARNING: command line overrides rules file logging plugin! 

snort: WARNING: command line overrides rules file alert plugin! 

snort: WARNING: command line overrides rules file logging plugin! 

snort: WARNING: unknown output plugin: 'trap_snmp'

last message repeated 3 times

snort: Snort initialization completed successfully, Snort running

 

At this point, I get a pid and the status is running, but I get NO logging I
can see.  The /var/log/snort has the following entries:

 

-rw-------    1 root     root            0 Nov 15 08:09 alert

-rw-------    1 root     root            0 Nov 18 08:44 portscan.log

-rw-------    1 snort    snort           0 Nov 15 05:46 scan.log

-rw-------    1 root     root            0 Nov 19 06:26 snort.log.1037705179

 

So since the -A fast option causes the "command line overrides rules file
alert plugin!" error

 I take that out of snortd.  But when I do, it gives me instead :

 

snort: WARNING: command line overrides rules file logging plugin! 

snort: database: 'mysql' support is not compiled into this build of snort  

snort: FATAL ERROR: If this build of snort was obtained as a binary
distribution (e.g., rpm, or Windows), then check for alternate builds that
cont

ains the necessary 'mysql' support.  If this build of snort was compiled by
you, then 

re-run the the ./configure script using the '--with-mysql' switch. For
non-standard in

stallations of a database, the '--with-mysql=DIR' syntax may need to be used
to specif

y the base directory of the DB install.  See the database documentation for
cursory de

tails (doc/README.database). and the URL to the most recent database plugin
documentation. 

kernel: device eth1 left promiscuous mode

 

I replaced the entry above in snortd with the one that is in webmin and it
was like this:

 

/usr/local/bin/snort -U -d -D -c /etc/snort/snort.conf  

 

and I get the same as above error

 

thanks 

 

Robb Stacy
Previous By Date Next
Previous By Thread Next

Current thread: