Snort mailing list archives
Re: Snort-1.9 on OBSD-3.2
From: <bthaler () webstream net>
Date: Tue, 28 Jan 2003 09:35:14 -0500
Here's some more detail: Command Line = /usr/local/bin/snort -c /etc/snort/snort.conf -i xl0 -D (same as Snort-1.8.7) Here's my preprocessors (pretty much default, as I haven't tweaked this install yet) preprocessor frag2 preprocessor stream4: disable_evasion_alerts, ttl_limit 0 preprocessor stream4_reassemble: noalerts preprocessor http_decode: 80 unicode iis_alt_unicode double_encode iis_flip_slash full_whitespace preprocessor rpc_decode: 111 32771 preprocessor conversation: allowed_ip_protocols all, timeout 60, max_conversations 32000 preprocessor portscan2: scanners_max 3200, targets_max 5000, target_limit 5, port_limit 20, timeout 60 And the output plugin (again this was working fine with Snort-1.8.7) output database: log, mysql, user=snort dbname=snort password=snort host=10.1.1.3 sensor_name=Webstream Since my first message, I have built Snort-1.8.7 and it's running smoothly (so far). Sincerely, Brad Thaler Technical Support WebStream Internet Solutions bthaler () webstream net http://www.webstream.net (954) 730-7405 Help Desk (954) 733-7067 Fax *** For further assistance you can go to http://helpdesk.webstream.net where you can find most of the answers you need. WebStream accepts no liability for the content of this email, or for the consequences of any actions taken on the basis of the information provided, unless that information is subsequently confirmed in writing. Any views or opinions presented in this email are solely those of the author and do not necessarily represent those of WebStream. WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. WebStream accepts no liability for any damage caused by any virus transmitted by this email. ----- Original Message ----- From: "Gonzalez, Albert" <albert.gonzalez () eds com> To: <bthaler () webstream net>; <snort-users () lists sourceforge net> Sent: Tuesday, January 28, 2003 9:21 AM Subject: RE: [Snort-users] Snort-1.9 on OBSD-3.2
well, you aren't providing much detail. I was running Snort 1.9.0 with OBSD 3.1 and upgraded my system to 3.2 without any problems. What exactly does your setup look like? What commands are you passing on the command line? what preprocessors are you running? etc..... Cheers! --- Alberto Gonzalez EDS - Global Security Operations Center Security and Privacy Professional Servics -----Original Message----- From: bthaler () webstream net [mailto:bthaler () webstream net] Sent: Tuesday, January 28, 2003 9:03 AM To: snort-users () lists sourceforge net Subject: [Snort-users] Snort-1.9 on OBSD-3.2 Is anyone else running Snort-1.9 on OpenBSD-3.2? I recently upgraded my OBSD-3.1 running Snort-1.8 to OBSD-3.2 running Snort-1.9, and now the entire OS crashes, but only if Snort is running. I made the mistake of upgrading both Snort and OBSD at the same time, so I'm not exactly sure which of these is causing the problem. I do know that Snort-1.8 was running fine on OBSD-3.1. I also know that with the same rules enabled, Snort-1.9 has about 30% packet loss, while Snort-1.8 only gave me 1%. Any ideas here? I'm probably going to remove Snort-1.9 and go back to 1.8 due to the packet loss issue, unless someone has a better idea. Sincerely, Brad Thaler ------------------------------------------------------- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort-1.9 on OBSD-3.2 bthaler (Jan 28)
- <Possible follow-ups>
- RE: Snort-1.9 on OBSD-3.2 Gonzalez, Albert (Jan 28)
- Re: Snort-1.9 on OBSD-3.2 bthaler (Jan 28)
- Re: Snort-1.9 on OBSD-3.2 Erek Adams (Jan 28)
- Re: Snort-1.9 on OBSD-3.2 bthaler (Jan 28)
- Re: Snort-1.9 on OBSD-3.2 bthaler (Jan 28)
- RE: Snort-1.9 on OBSD-3.2 Eric Bonner (Jan 28)