Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

prelude & snort problem
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
_Razorblade_
n00b
n00b


Joined: 01 Jan 2004
Posts: 33
PostPosted: Mon Jan 16, 2006 12:55 am    Post subject: prelude & snort problem Reply with quote
Hello,

I think the current version of snort and libprelude in ~x86 do not work together:
net-analyzer/snort-2.4.3
dev-libs/libprelude-0.9.3


prelude-manager, lml and prewikka are running fine...

I tried to register snort with uid 0 (and run snort as root) or register snort with uid 101 (and run snort as user snort) but both give me the following error message when starting snort:

Code:

Rule application order: ->activation->dynamic->drop->alert->pass->log
Log directory = /var/log/snort

Basic file configuration does not exist. Please run :
prelude-adduser register snort, "idmef:w" <manager address> --uid 0 --gid 0
program to setup the analyzer.

Be aware that you should replace the "<manager address>" argument with
the server address this analyzer is reporting to as argument.
"prelude-adduser" should be called for each configured server address.

ERROR: config-file: Unable to initialize prelude client: No such file or directory.
Fatal Error, Quitting..
Waiting for asynchronous operation to complete.



I have no idea, what "config-file" snort is looking for at this point... but I already tried to go ahead with a "/etc/prelude/profile/snort/config" which didn't change anything.


Best regards,
Razorblade
Back to top
View user's profile Send private message
m4chine
Apprentice
Apprentice


Joined: 12 Mar 2003
Posts: 271
Location: Ventura, CA, USA
PostPosted: Wed Apr 26, 2006 8:13 pm    Post subject: Reply with quote
Post your snort.conf, I'm specifically interested in the line:
Code:
output alert_prelude

Which allows for snort/prelude communication. We'll go from there.
_________________
never trust a man who can count to 1023 on his fingers.

-m4chine
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2025 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy