Snort Prelude Ubuntu

Discussion in 'HOWTO-Related Questions' started by draw, Mar 27, 2008.

  1. draw

    draw New Member

    Hello,

    I'm having issues when following this tutorial:

    http://howtoforge.com/snort-ossec-prelude-on-ubuntu-gutsy-gibbon

    I've successfully installed the prelude manager, sensor-agent and web gui (prewikka). My prelude lml sensor is registered, events are populating and I'm able to query via the web gui, so everything is working as it should as far as prelude is concerned.

    My problem is Snort. Specifically, I get error "FATAL ERROR: unknown output plugin: 'alert_prelude'" when starting snort. I did compile with the --enable-prelude option, and was originally getting this error:

    *** The libprelude-config script installed by LIBPRELUDE could not be found
    *** If LIBPRELUDE was installed in PREFIX, make sure PREFIX/bin is in
    *** your path, or set the LIBPRELUDE_CONFIG environment variable to the
    *** full path to libprelude-config.

    I did an 'updatedb', then 'locate libprelude-config' after receiving this error and nothing was returned. I found that really odd because as I said before, prelude is 100% functional and you would think this would have been installed already.

    Anyway, after googling around, I found that installing the following packages eliminate the above error:

    'libprelude-dev' and 'libpreludedb-dev'

    I thought I was in the clear, but I still get the FATAL ERROR: unknown output plugin: 'alert_prelude' when starting snort.

    This is what is in my snort.conf:

    #output alert_prelude
    output alert_prelude: profile=snort

    I've tried uncommenting the top line too, but no luck.

    I'm installing on Ubuntu 7.10-server and using the newest version of snort (2.8.0.2).

    Any help would be appreciated.

    Thanks in advance,
    draw
     
  2. falko

    falko Super Moderator

  3. draw

    draw New Member

    Thanks falkco. Thats the exact thread in which I found out how to eliminate my original error by installing the libprelude packages. I was trying to find a solution, not a workaround, but it looks like thats what I'm going to have to do too.

    Thanks again.
    draw
     
  4. draw

    draw New Member

    Fyi

    The above link worked for me.

    -draw
     

Share This Page