I'm on my research deploying SnortSam with Snort-2.8.0 (BASE and Barnyard installed). The packages are:
There is something that I want to ask,
I had been used unified output plugin to used with Barnyard, so I can use MySQL and BASE. The active response with SnortSam, have another output plugin on Snort that have to use, so it can connect to SnortSam agent run on firewall host to block the malicious traffic. What I have to do with Snort output plugin, so I can use both of them? Is it fine, to use two output plugin in a configuration file?
I have no problem with patching the Snort, but, when I run 'aclocal' to recompile Snort, I get this messages:
/usr/share/aclocal/xdelta.m4:7: warning: underquoted definition of AM_PATH_XDELTA
run info '(automake)Extending aclocal'
or see http://sources.redhat.com/automake/automake.html#Extending%20aclocal
What should I do?
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around