Snort Failing to start on Ubuntu 9.04

0

EDIT: Hey! To anyone stumbling across this question who followed this guide: https://help.ubuntu.com/community/SnortIDS It's too old and WILL NOT work! Find a different one!

I'm trying to get Snort IDS set up on an old laptop with Ubuntu 9.04 Server. I am following this guide exactly: https://help.ubuntu.com/community/SnortIDS

Sadly, upon trying to start snort, I get this error:

* Starting Network Intrusion Detection System  snort       [fail]


I investigated and found this error in syslog:

snort[3885]: FATAL ERROR: Undefined variable name: (/etc/snort/snort.conf:791):

So... then I went to line 791 in my snort.conf file:

output database: log, mysql, user=snort password=redacted dbname=snort host=localhost

From what I've seen, that is correct, so I'm not sure what I did wrong!

Floofies

Posted 2015-06-20T21:39:39.797

Reputation: 167

Answers

1

What version of Snort? Snort hasn't supported direct database inserts for some time now, you need to use Unified2 output instead, and have your choice of Unified2 tool (Barnyard2 or Pigsty usually) handle the database insertion.

Oh, so the guide I followed is outdated. I installed Snort 2.7.0.

That's very, very old - from 2007. Try the current version, 2.9.7.3 (or Suricata 2.0.4).

Cry Havok

Posted 2015-06-20T21:39:39.797

Reputation: 3 486

Oh, so the guide I followed is outdated. I installed Snort 2.7.0. – Floofies – 2015-06-20T21:46:55.457

Asked: 2015-06-20T21:39:39.797

Viewed: 500 times

Active: 2015-07-22T16:30:41.347