snort-mysql and xml output

To: debian-user@lists.debian.org
Cc: debian-security@lists.debian.org
Subject: snort-mysql and xml output
From: Juergen Fiedler <juergen@fiedlerfamily.net>
Date: Tue, 14 May 2002 14:00:29 -0400
Message-id: <[🔎] 20020514180029.GA30355@fiedlerfamily.net>
Mail-followup-to: debian-user@lists.debian.org, debian-security@lists.debian.org
Reply-to: juergen@fiedlerfamily.net

Hi,

I have a Woody system with snort-mysql 1.8.4beta1-2 installed. My
snort.conf contains (among others) the following lines:

=======
output alert_fast: alert
output xml: alert, file=/perl/snort.pl protocol=http host=localhost port=80
=======

I can call http://localhost/perl/snort.pl and OK, but if I pound the
host with nmap, the corresponding messages get written to
/var/log/snort/alert, but snort.pl is never called. 
A 'snort -c /etc/snort/snort.conf -T' gives me:

=======
ProcessFileOption: /var/log/snort/alert
xml_plugin: Logging to /perl/snort.pl
xml_plugin: Using http protocol
xml_plugin: Host set to localhost
xml_plugin: Port set to 80
xml_plugin: Using the "alert" facility
[...]
=======

Looks like the XML plugin is initialized correctly. Does anybody know
what I have to do to get it to actually do something?

Thanks in advance
--j

Attachment: pgpGVZzI0N7w3.pgp
Description: PGP signature

Reply to:

Prev by Date: NOCC: cross-site-scripting bug
Next by Date: Re: LDAP and TLS in woody
Previous by thread: Re: NOCC: cross-site-scripting bug
Next by thread: Fw: 培養相同的感動
Index(es):
- Date
- Thread