Wednesday, July 18, 2012

Database output is dead. R.I.P.

Last June (2011) we gave you a heads up (and several reminders since) that in Snort, we were going to remove the spo_database output module as well as Aruba and Prelude outputs.

For those of you that originally compiled Snort like: ./configure --enable-mysql

Or, if you look in your snort.conf and your "output" lines look like this:
output database: alert
output database: log

this will affect YOU.

Our recommendation is that after you upgrade to Snort, you move to full unified2 logging and use barnyard2 to read those unified2 files and input them into your mysql database.

You can find more information about barnyard2 here:

As always questions can be asked on the Snort Mailing Lists!  Thank you!


  1. WE are getting an error of "unknown output plugin :database' how to get the output plugin for database.

    1. Because it doesn't exist anymore. It's dead. Hence this post. It's been moved to Barnyard2.

  2. how can i get a windows version of baryard2? i am running snort in windows 7 and i want to store the log in mysql database.