Old 27th March 2008, 12:14
draw draw is offline
Junior Member
Join Date: Mar 2008
Posts: 3
Thanks: 0
Thanked 0 Times in 0 Posts
Default Snort Prelude Ubuntu


I'm having issues when following this tutorial:


I've successfully installed the prelude manager, sensor-agent and web gui (prewikka). My prelude lml sensor is registered, events are populating and I'm able to query via the web gui, so everything is working as it should as far as prelude is concerned.

My problem is Snort. Specifically, I get error "FATAL ERROR: unknown output plugin: 'alert_prelude'" when starting snort. I did compile with the --enable-prelude option, and was originally getting this error:

*** The libprelude-config script installed by LIBPRELUDE could not be found
*** If LIBPRELUDE was installed in PREFIX, make sure PREFIX/bin is in
*** your path, or set the LIBPRELUDE_CONFIG environment variable to the
*** full path to libprelude-config.

I did an 'updatedb', then 'locate libprelude-config' after receiving this error and nothing was returned. I found that really odd because as I said before, prelude is 100% functional and you would think this would have been installed already.

Anyway, after googling around, I found that installing the following packages eliminate the above error:

'libprelude-dev' and 'libpreludedb-dev'

I thought I was in the clear, but I still get the FATAL ERROR: unknown output plugin: 'alert_prelude' when starting snort.

This is what is in my snort.conf:

#output alert_prelude
output alert_prelude: profile=snort

I've tried uncommenting the top line too, but no luck.

I'm installing on Ubuntu 7.10-server and using the newest version of snort (

Any help would be appreciated.

Thanks in advance,
Reply With Quote
Sponsored Links
Old 28th March 2008, 15:10
falko falko is offline
Super Moderator
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,752 Times in 2,582 Posts

Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
Old 28th March 2008, 16:47
draw draw is offline
Junior Member
Join Date: Mar 2008
Posts: 3
Thanks: 0
Thanked 0 Times in 0 Posts

Thanks falkco. Thats the exact thread in which I found out how to eliminate my original error by installing the libprelude packages. I was trying to find a solution, not a workaround, but it looks like thats what I'm going to have to do too.

Thanks again.
Reply With Quote
Old 29th March 2008, 04:32
draw draw is offline
Junior Member
Join Date: Mar 2008
Posts: 3
Thanks: 0
Thanked 0 Times in 0 Posts
Default Fyi

The above link worked for me.

Reply With Quote


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Cannot connect snort with prelude manager - libprelude file 'missing' chillifire HOWTO-Related Questions 10 21st January 2010 14:56
Intrusion Detection: Snort, Base, MySQL, and Apache2 On Ubuntu 7.10 tokke HOWTO-Related Questions 5 31st January 2008 12:01
Problem on restart bind9 satimis Server Operation 6 30th October 2007 03:01
Log for Debugging jwan Installation/Configuration 5 27th October 2006 15:34
SNORT and BASE on a CLEAN "The Perfect Setup - Debian Sarge (3.1)" edge Suggest HOWTO 5 10th September 2006 01:07

All times are GMT +2. The time now is 17:04.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.