56,687
社区成员
发帖
与我相关
我的任务
分享用snort+mysql+acid做的入侵检测,数据写不到库里去,求解。
D:\Snort\bin>snort -c d:\snort\etc\snort.conf
Running in IDS mode
--== Initializing Snort ==--
Initializing Output Plugins!
Initializing Preprocessors!
Initializing Plug-ins!
Parsing Rules file "d:\snort\etc\snort.conf"
PortVar 'HTTP_PORTS' defined : [ 36 80:90 311 383 591 593 631 801 818 901 972 1
220 1414 1741 1830 2301 2381 2809 3037 3057 3128 3443 3702 4000 4343 4848 5250 6
080 6988 7000:7001 7144:7145 7510 7777 7779 8000 8008 8014 8028 8080 8085 8088 8
090 8118 8123 8180:8181 8222 8243 8280 8300 8500 8800 8888 8899 9000 9060 9080 9
090:9091 9443 9999:10000 11371 34443:34444 41080 50000 50002 55555 ]
PortVar 'SHELLCODE_PORTS' defined : [ 0:79 81:65535 ]
PortVar 'ORACLE_PORTS' defined : [ 1024:65535 ]
PortVar 'SSH_PORTS' defined : [ 22 ]
PortVar 'FTP_PORTS' defined : [ 21 2100 3535 ]
PortVar 'SIP_PORTS' defined : [ 5060:5061 5600 ]
PortVar 'FILE_DATA_PORTS' defined : [ 36 80:90 110 143 311 383 591 593 631 801
818 901 972 1220 1414 1741 1830 2301 2381 2809 3037 3057 3128 3443 3702 4000 434
3 4848 5250 6080 6988 7000:7001 7144:7145 7510 7777 7779 8000 8008 8014 8028 808
0 8085 8088 8090 8118 8123 8180:8181 8222 8243 8280 8300 8500 8800 8888 8899 900
0 9060 9080 9090:9091 9443 9999:10000 11371 34443:34444 41080 50000 50002 55555
]
PortVar 'GTP_PORTS' defined : [ 2123 2152 3386 ]
Detection:
Search-Method = AC-Full-Q
Split Any/Any group = enabled
Search-Method-Optimizations = enabled
Maximum pattern length = 20
Tagged Packet Limit: 256
Log directory = log
ERROR: d:\snort\etc\snort.conf(700) Unknown output plugin: "database"
Fatal Error, Quitting..
snort.conf脚本里最后一句话是:
output database:alert,mysql,host=localhost user=root password=123456 dbname=snort encoding=hex detail=full
Running in IDS mode
--== Initializing Snort ==--
Initializing Output Plugins!
Initializing Preprocessors!
Initializing Plug-ins!
Parsing Rules file "d:\snort\etc\snort.conf"
PortVar 'HTTP_PORTS' defined : [ 36 80:90 311 383 591 593 631 801 818 901 972 1
220 1414 1741 1830 2301 2381 2809 3037 3057 3128 3443 3702 4000 4343 4848 5250 6
080 6988 7000:7001 7144:7145 7510 7777 7779 8000 8008 8014 8028 8080 8085 8088 8
090 8118 8123 8180:8181 8222 8243 8280 8300 8500 8800 8888 8899 9000 9060 9080 9
090:9091 9443 9999:10000 11371 34443:34444 41080 50000 50002 55555 ]
PortVar 'SHELLCODE_PORTS' defined : [ 0:79 81:65535 ]
PortVar 'ORACLE_PORTS' defined : [ 1024:65535 ]
PortVar 'SSH_PORTS' defined : [ 22 ]
PortVar 'FTP_PORTS' defined : [ 21 2100 3535 ]
PortVar 'SIP_PORTS' defined : [ 5060:5061 5600 ]
PortVar 'FILE_DATA_PORTS' defined : [ 36 80:90 110 143 311 383 591 593 631 801
818 901 972 1220 1414 1741 1830 2301 2381 2809 3037 3057 3128 3443 3702 4000 434
3 4848 5250 6080 6988 7000:7001 7144:7145 7510 7777 7779 8000 8008 8014 8028 808
0 8085 8088 8090 8118 8123 8180:8181 8222 8243 8280 8300 8500 8800 8888 8899 900
0 9060 9080 9090:9091 9443 9999:10000 11371 34443:34444 41080 50000 50002 55555
]
PortVar 'GTP_PORTS' defined : [ 2123 2152 3386 ]
Detection:
Search-Method = AC-Full-Q
Split Any/Any group = enabled
Search-Method-Optimizations = enabled
Maximum pattern length = 20
Tagged Packet Limit: 256
Log directory = log
ERROR: d:\snort\etc\snort.conf(700) Unknown output plugin: "database"
Fatal Error, Quitting..
snort.conf脚本里最后一句话是:
output database:alert,mysql,host=localhost user=root password=123456 dbname=snort encoding=hex detail=full
...全文
请发表友善的回复…
发表回复
lyf455 2015-11-11
- 打赏
- 举报
请问解决了吗?遇到同样的问题,不知道咋搞了!
u011121190 2015-04-14
- 打赏
- 举报
遇到一样的问题,你修改好了么?
zuoke 2014-07-03
- 打赏
- 举报
D:\Snort\bin>snort -c "..\etc\snort.conf" -l "..\log"
Running in IDS mode
--== Initializing Snort ==--
Initializing Output Plugins!
Initializing Preprocessors!
Initializing Plug-ins!
Parsing Rules file "..\etc\snort.conf"
PortVar 'HTTP_PORTS' defined : [ 36 80:90 311 383 591 593 631 801 818 901 972 1
220 1414 1741 1830 2301 2381 2809 3037 3057 3128 3443 3702 4000 4343 4848 5250 6
080 6988 7000:7001 7144:7145 7510 7777 7779 8000 8008 8014 8028 8080 8085 8088 8
090 8118 8123 8180:8181 8222 8243 8280 8300 8500 8800 8888 8899 9000 9060 9080 9
090:9091 9443 9999:10000 11371 34443:34444 41080 50000 50002 55555 ]
PortVar 'SHELLCODE_PORTS' defined : [ 0:79 81:65535 ]
PortVar 'ORACLE_PORTS' defined : [ 1024:65535 ]
PortVar 'SSH_PORTS' defined : [ 22 ]
PortVar 'FTP_PORTS' defined : [ 21 2100 3535 ]
PortVar 'SIP_PORTS' defined : [ 5060:5061 5600 ]
PortVar 'FILE_DATA_PORTS' defined : [ 36 80:90 110 143 311 383 591 593 631 801
818 901 972 1220 1414 1741 1830 2301 2381 2809 3037 3057 3128 3443 3702 4000 434
3 4848 5250 6080 6988 7000:7001 7144:7145 7510 7777 7779 8000 8008 8014 8028 808
0 8085 8088 8090 8118 8123 8180:8181 8222 8243 8280 8300 8500 8800 8888 8899 900
0 9060 9080 9090:9091 9443 9999:10000 11371 34443:34444 41080 50000 50002 55555
]
PortVar 'GTP_PORTS' defined : [ 2123 2152 3386 ]
Detection:
Search-Method = AC-Full-Q
Split Any/Any group = enabled
Search-Method-Optimizations = enabled
Maximum pattern length = 20
Tagged Packet Limit: 256
Loading dynamic engine D:\Snort\lib\snort_dynamicengine\sf_engine.dll... done
Loading all dynamic preprocessor libs from D:\Snort\lib\snort_dynamicpreprocesso
r...
Loading dynamic preprocessor library D:\Snort\lib\snort_dynamicpreprocessor\sf
_dce2.dll... done
Loading dynamic preprocessor library D:\Snort\lib\snort_dynamicpreprocessor\sf
_dnp3.dll... done
Loading dynamic preprocessor library D:\Snort\lib\snort_dynamicpreprocessor\sf
_dns.dll... done
Loading dynamic preprocessor library D:\Snort\lib\snort_dynamicpreprocessor\sf
_ftptelnet.dll... done
Loading dynamic preprocessor library D:\Snort\lib\snort_dynamicpreprocessor\sf
_gtp.dll... done
Loading dynamic preprocessor library D:\Snort\lib\snort_dynamicpreprocessor\sf
_imap.dll... done
Loading dynamic preprocessor library D:\Snort\lib\snort_dynamicpreprocessor\sf
_modbus.dll... done
Loading dynamic preprocessor library D:\Snort\lib\snort_dynamicpreprocessor\sf
_pop.dll... done
Loading dynamic preprocessor library D:\Snort\lib\snort_dynamicpreprocessor\sf
_reputation.dll... done
Loading dynamic preprocessor library D:\Snort\lib\snort_dynamicpreprocessor\sf
_sdf.dll... done
Loading dynamic preprocessor library D:\Snort\lib\snort_dynamicpreprocessor\sf
_sip.dll... done
Loading dynamic preprocessor library D:\Snort\lib\snort_dynamicpreprocessor\sf
_smtp.dll... done
Loading dynamic preprocessor library D:\Snort\lib\snort_dynamicpreprocessor\sf
_ssh.dll... done
Loading dynamic preprocessor library D:\Snort\lib\snort_dynamicpreprocessor\sf
_ssl.dll... done
Finished Loading all dynamic preprocessor libs from D:\Snort\lib\snort_dynamic
preprocessor
Log directory = ..\log
ERROR: ..\etc\snort.conf(700) Unknown output plugin: "database"
Fatal Error, Quitting..
D:\Snort\bin>
dianzichina 2014-06-16
- 打赏
- 举报
现在能写进去了么?
dianzichina 2014-05-26
- 打赏
- 举报
会不会是版本不兼容的问题?
zuoke 2014-05-25
- 打赏
- 举报
e有人能回答一下么?
rnon637 2014-05-20
- 打赏
- 举报
output database: log, mysql, user=root password=你的密码 dbname=你创建的数据库 host=127.0.0.1
你可以直接mysql 看下是否有snort这个数据库。
zuoke 2014-05-20
- 打赏
- 举报
没有人能看一下吗?
zuoke 2014-05-20
- 打赏
- 举报
15:17:49
小李探花 2014/5/20 15:17:49
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| snort |
| snort_archive |
| test |
+--------------------+
5 rows in set (0.00 sec)
zuoke 2014-05-20
- 打赏
- 举报
谢谢,这个是有的。
