Re: [Snort-users] SMB alerts

This is a discussion on Re: [Snort-users] SMB alerts within the Snort forums, part of the System Security and Security Related category; We dumped it, it was a fun idea back in ~1.0 but it's a bad idea now. =20= ...


Go Back   Usenet Forums > System Security and Security Related > Snort

Reload this Page Re: [Snort-users] SMB alerts

FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply

 

LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 08-17-2004
Martin Roesch
 
Posts: n/a
Default Re: [Snort-users] SMB alerts
We dumped it, it was a fun idea back in ~1.0 but it's a bad idea now. =20=

I'd recommend post processing events with swatch or something similar=20
to get the same capability back.

-Marty

On Aug 13, 2004, at 5:09 PM, Joshua Berry wrote:

> I believe that the smb output plugin was removed from Snort 2.1.3.=A0 =
It=20
> is not even an option in my configure script.
>
> =A0
>
> -----Original Message-----
> From: snort-users-admin@lists.sourceforge.net=20
> [mailto:snort-users-admin@lists.sourceforge.net] On Behalf Of Scott=20
> Elgram
> Sent: Friday, August 13, 2004 3:55 PM
> To: snort-users@lists.sourceforge.net
> Subject: [Snort-users] SMB alerts
>
> =A0
>
> Hello,
>
> =A0=A0=A0 I am having a bit of trouble getting SMB alerts to work.=A0 =
I have=20
> compiled snort-2.1.3 "--with-mysql=3D/usr/local/mysql=20
> --enable-smbalerts".=A0 And I added this to the ruleset containing the=20=

> rules I want to be alerted for.
>
> =A0
>
> ruletype smb_db_alert {
>
> =A0=A0=A0 type alert
>
> =A0=A0=A0 output alert_msb: workstation.list
>
> =A0=A0=A0 output database: log, mysql, user=3D<dbuser> =
password=3D<password>=20
> dbname=3Dsnort host=3Dlocalhost encoding=3Dhex detail=3DFull
>
> }
>
> =A0
>
> However, After all that when I start snort i get;
>
> =A0
>
> ERROR: unknown output plugin: 'alert_smb'Fatal Error, Quitting
>
> =A0
>
> Any help would be appreciated greatly.
>
> Thanks
>
> -Scott
>
--=20
Martin Roesch - Founder/CTO, Sourcefire Inc. - (410)290-1616
Sourcefire: Intelligent Security Monitoring
roesch@sourcefire.com - http://www.sourcefire.com
Snort: Open Source Network IDS - http://www.snort.org



-------------------------------------------------------
SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift.
http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/...fo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.p...st=snort-users
Reply With Quote
Reply
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT +1. The time now is 11:15 PM.

Contact Us - Usenet Forums - Archive - Top

Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0