Snort mailing list archives

SMB alerts

From: "Scott Elgram" <SElgram () verifpoint com>
Date: Fri, 13 Aug 2004 13:54:59 -0700

Hello,
    I am having a bit of trouble getting SMB alerts to work.  I have compiled snort-2.1.3 
"--with-mysql=/usr/local/mysql --enable-smbalerts".  And I added this to the ruleset containing the rules I want to be 
alerted for.

ruletype smb_db_alert {
    type alert
    output alert_msb: workstation.list
    output database: log, mysql, user=<dbuser> password=<password> dbname=snort host=localhost encoding=hex detail=Full
}

However, After all that when I start snort i get;

ERROR: unknown output plugin: 'alert_smb'Fatal Error, Quitting

Any help would be appreciated greatly.
Thanks
-Scott

Current thread:

SMB alerts Scott Elgram (Aug 13)
- <Possible follow-ups>
- RE: SMB alerts Joshua Berry (Aug 13)
  - Re: SMB alerts Scott Elgram (Aug 13)
    - Re: SMB alerts Jason Haar (Aug 13)
    - Re: SMB alerts Frank Knobbe (Aug 13)
    - Re: SMB alerts Jason Haar (Aug 13)
  - Re: SMB alerts Martin Roesch (Aug 16)