Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
[Snort-users] prelude issue with snort 2.9.4.5
106 views
Skip to first unread message
Ashraf Ali
Apr 26, 2013, 8:49:25 AM4/26/13
to
Hi All
i have install snort/barnyard2 , and configure barnyard2.conf for prelude output (output alert_prelude: profile=snort)ERROR: /usr/local/snort/etc/barnyard2.conf(9) Unknown output plugin: "alert_prelude"
Fatal Error, Quitting.
what is the issue..?
if above error cannot be rectified, is there any alternative way to send data to prelude from snort ?
Ashraf
beenph
Apr 26, 2013, 9:10:41 AM4/26/13
to
On Fri, Apr 26, 2013 at 8:49 AM, Ashraf Ali <ashraf...@gmail.com> wrote:
> Hi All
> i have install snort/barnyard2 , and configure barnyard2.conf for prelude
> output (output alert_prelude: profile=snort)
>
> but when i am trying to run the barnyard i am getting the following error.
>
> ERROR: /usr/local/snort/etc/barnyard2.conf(9) Unknown output plugin:
> "alert_prelude"
> Fatal Error, Quitting.
>
> what is the issue..?
>
If you compiled from source you probably didn't use the proper
> Hi All
> i have install snort/barnyard2 , and configure barnyard2.conf for prelude
> output (output alert_prelude: profile=snort)
>
> but when i am trying to run the barnyard i am getting the following error.
>
> ERROR: /usr/local/snort/etc/barnyard2.conf(9) Unknown output plugin:
> "alert_prelude"
> Fatal Error, Quitting.
>
> what is the issue..?
>
configure flag to enable prelude support.
./configure --hel | grep prelude
--enable-prelude Enable Prelude Hybrid IDS support
--with-libprelude-prefix=PFX
Prefix where libprelude is installed (optional)
Once you have run configure with the proper flags,
make clean
make
and then make install or copy the binary where you need it and use
alert_prelude.
Cheers,
-elz
------------------------------------------------------------------------------
Try New Relic Now & We'll Send You this Cool Shirt
New Relic is the only SaaS-based application performance monitoring service
that delivers powerful full stack analytics. Optimize and monitor your
browser, app, & servers with just a few lines of code. Try New Relic
and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_apr
_______________________________________________
Snort-users mailing list
Snort...@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
Please visit http://blog.snort.org to stay current on all the latest Snort news!
Ashraf Ali
Apr 26, 2013, 9:35:09 AM4/26/13
to
well i have used ./configure --enable-prelude && make && make install
still it is not recognition the alert_prelude ....
beenph
Apr 26, 2013, 9:43:22 AM4/26/13
to
On Fri, Apr 26, 2013 at 9:35 AM, Ashraf Ali <ashraf...@gmail.com> wrote:
> well i have used ./configure --enable-prelude && make && make install
>
> still it is not recognition the alert_prelude
>
> do i need to also specify --with-libprelude-prefix=PFX
>
Validate that you have libprelude installed and that it is in your library path
> well i have used ./configure --enable-prelude && make && make install
>
> still it is not recognition the alert_prelude
>
> do i need to also specify --with-libprelude-prefix=PFX
>
so it can be detected at compile time.
Also if you had already by2 compiled, before running make and make install,
make sure you do a make clean.
0 new messages