#1  
Old 27th March 2008, 11:14
draw draw is offline
Junior Member
 
Join Date: Mar 2008
Posts: 3
Thanks: 0
Thanked 0 Times in 0 Posts
Default Snort Prelude Ubuntu

Hello,

I'm having issues when following this tutorial:

http://howtoforge.com/snort-ossec-pr...u-gutsy-gibbon

I've successfully installed the prelude manager, sensor-agent and web gui (prewikka). My prelude lml sensor is registered, events are populating and I'm able to query via the web gui, so everything is working as it should as far as prelude is concerned.

My problem is Snort. Specifically, I get error "FATAL ERROR: unknown output plugin: 'alert_prelude'" when starting snort. I did compile with the --enable-prelude option, and was originally getting this error:

*** The libprelude-config script installed by LIBPRELUDE could not be found
*** If LIBPRELUDE was installed in PREFIX, make sure PREFIX/bin is in
*** your path, or set the LIBPRELUDE_CONFIG environment variable to the
*** full path to libprelude-config.

I did an 'updatedb', then 'locate libprelude-config' after receiving this error and nothing was returned. I found that really odd because as I said before, prelude is 100% functional and you would think this would have been installed already.

Anyway, after googling around, I found that installing the following packages eliminate the above error:

'libprelude-dev' and 'libpreludedb-dev'

I thought I was in the clear, but I still get the FATAL ERROR: unknown output plugin: 'alert_prelude' when starting snort.

This is what is in my snort.conf:

#output alert_prelude
output alert_prelude: profile=snort

I've tried uncommenting the top line too, but no luck.

I'm installing on Ubuntu 7.10-server and using the newest version of snort (2.8.0.2).

Any help would be appreciated.

Thanks in advance,
draw
Reply With Quote
Sponsored Links
  #2  
Old 28th March 2008, 14:10
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,741 Times in 2,575 Posts
Default

http://www.howtoforge.com/forums/sho...t+plugin+snort
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 28th March 2008, 15:47
draw draw is offline
Junior Member
 
Join Date: Mar 2008
Posts: 3
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Thanks falkco. Thats the exact thread in which I found out how to eliminate my original error by installing the libprelude packages. I was trying to find a solution, not a workaround, but it looks like thats what I'm going to have to do too.

Thanks again.
draw
Reply With Quote
  #4  
Old 29th March 2008, 03:32
draw draw is offline
Junior Member
 
Join Date: Mar 2008
Posts: 3
Thanks: 0
Thanked 0 Times in 0 Posts
 
Default Fyi

The above link worked for me.

-draw
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Cannot connect snort with prelude manager - libprelude file 'missing' chillifire HOWTO-Related Questions 10 21st January 2010 13:56
Intrusion Detection: Snort, Base, MySQL, and Apache2 On Ubuntu 7.10 tokke HOWTO-Related Questions 5 31st January 2008 11:01
Problem on restart bind9 satimis Server Operation 6 30th October 2007 02:01
Log for Debugging jwan Installation/Configuration 5 27th October 2006 14:34
SNORT and BASE on a CLEAN "The Perfect Setup - Debian Sarge (3.1)" edge Suggest HOWTO 5 10th September 2006 00:07


All times are GMT +2. The time now is 22:28.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.