Snort mailing list archives
Re: Snort 2.6.1 Stops Logging
From: "Eric J. Feldhusen" <efeldhusen.lists () gmail com>
Date: Wed, 22 Nov 2006 12:37:08 -0500
rmkml wrote: > do you have compiled snort ? > what version snort binary you have ?I used the snort 2.6.1 and snort 2.6.1-mysql rpms from the snort downloads. The ruleset I used is the non-scriber current as of November 19th. The OS is rhel4u4, minimum install, fully up to date, with the only other installed rpms being the rrdtool, rrd-devel, perl-rrd, and ntop from the Dag's repository, and webmin 1.300 rpm.
> how bandwith you have ?The snort box has dual gigabit ethernet interfaces, one for accessing the box via an IP, and the other is in promisious mode without an IP. My switch is sending about 16Mbps at peak to the stealth interface, average is about 12Mbps.
> do you use snort inline or only snort on ids mode ? IDS mode
snort.conf
See attached snortconf
ps axwwl
see attached snortpsaxwwl
snort cmd option
see attached snortcmdoption
your log
I wasn't sure which log here?
Best Regards Rmkml
-- Eric Feldhusen Network Administrator http://www.remc1.org eric () remc1 org PO Box 270 (906) 482-4520 x239 809 Hecla St (906) 482-5031 fax Hancock, MI 49930 (906) 370 6202 mobile
var HOME_NET [10.0.0.0/8,172.0.0.0/8] var EXTERNAL_NET any var DNS_SERVERS [172.16.100.10/32,10.2.100.10/32] var SMTP_SERVERS $HOME_NET var HTTP_SERVERS $HOME_NET var SQL_SERVERS $HOME_NET var TELNET_SERVERS $HOME_NET var SNMP_SERVERS [172.17.136.53/32] ## var HTTP_PORTS 80 ## include somefile.rules ## var HTTP_PORTS 8080 ## include somefile.rules var HTTP_PORTS 80 var SHELLCODE_PORTS !80 var ORACLE_PORTS 1521 var AIM_SERVERS [64.12.24.0/23,64.12.28.0/23,64.12.161.0/24,64.12.163.0/24,64.12.200.0/24,205.188.3.0/24,205.188.5.0/24,205.188.7.0/24,205.188.9.0/24,205.188.153.0/24,205.188.179.0/24,205.188.248.0/24] var RULE_PATH /etc/snort/rules # config disable_decode_alerts # config disable_tcpopt_experimental_alerts # config disable_tcpopt_obsolete_alerts # config disable_tcpopt_ttcp_alerts # config disable_tcpopt_alerts # config disable_ipopt_alerts # config enable_decode_oversized_alerts # config enable_decode_oversized_drops # config detection: search-method lowmem # config layer2resets: 00:06:76:DD:5F:E3 dynamicpreprocessor directory /usr/lib/snort-2.6.1_dynamicpreprocessor/ # dynamicpreprocessor file /usr/local/lib/snort_dynamicpreprocessor/libdynamicexample.so dynamicengine /usr/lib/snort-2.6.1_dynamicengine/libsf_engine.so # dynamicdetection directory /usr/local/lib/snort_dynamicrule/ # dynamicdetection file /usr/local/lib/snort_dynamicrule/libdynamicexamplerule.so preprocessor flow: stats_interval 0 hash 2 #preprocessor frag2 preprocessor frag3_global: max_frags 65536 preprocessor frag3_engine: policy first detect_anomalies preprocessor stream4: disable_evasion_alerts preprocessor stream4_reassemble preprocessor stream4_reassemble: both,ports 21 23 25 53 80 110 111 139 143 445 513 1433 # preprocessor stream5_tcp: policy first, use_static_footprint_sizes # preprocessor stream5_udp: ignore_any_rules preprocessor http_inspect: global \ iis_unicode_map unicode.map 1252 preprocessor http_inspect_server: server default \ profile all ports { 80 8080 8180 } oversize_dir_length 500 preprocessor rpc_decode: 111 32771 preprocessor bo preprocessor ftp_telnet: global \ encrypted_traffic yes \ inspection_type stateful preprocessor ftp_telnet_protocol: telnet \ normalize \ ayt_attack_thresh 200 preprocessor ftp_telnet_protocol: ftp server default \ def_max_param_len 100 \ alt_max_param_len 200 { CWD } \ cmd_validity MODE < char ASBCZ > \ cmd_validity MDTM < [ date nnnnnnnnnnnnnn[.n[n[n]]] ] string > \ chk_str_fmt { USER PASS RNFR RNTO SITE MKD } \ telnet_cmds yes \ data_chan preprocessor ftp_telnet_protocol: ftp client default \ max_resp_len 256 \ bounce yes \ telnet_cmds yes preprocessor smtp: \ ports { 25 } \ inspection_type stateful \ normalize cmds \ normalize_cmds { EXPN VRFY RCPT } \ alt_max_command_line_len 260 { MAIL } \ alt_max_command_line_len 300 { RCPT } \ alt_max_command_line_len 500 { HELP HELO ETRN } \ alt_max_command_line_len 255 { EXPN VRFY } preprocessor sfportscan: proto { all } \ memcap { 10000000 } \ sense_level { low } #preprocessor arpspoof #preprocessor arpspoof_detect_host: 192.168.40.1 f0:0f:00:f0:0f:00 #preprocessor ssh: server_ports { 22 } \ # max_client_bytes 19600 \ # max_encrypted_packets 20 #preprocessor dcerpc: \ # autodetect \ # max_frag_size 3000 \ # memcap 100000 preprocessor dns: \ ports { 53 } \ enable_rdata_overflow # output log_tcpdump: tcpdump.log output database: log, mysql, user=snort password=changedforlists dbname=snort host=localhost # output database: alert, postgresql, user=snort dbname=snort # output database: log, odbc, user=snort dbname=snort # output database: log, mssql, dbname=snort user=snort password=test # output database: log, oracle, dbname=snort user=snort password=test # output alert_unified: filename snort.alert, limit 128 # output log_unified: filename snort.log, limit 128 # output alert_prelude # output alert_prelude: profile=snort-profile-name include classification.config include reference.config #include $RULE_PATH/local.rules #include $RULE_PATH/bad-traffic.rules #include $RULE_PATH/exploit.rules #include $RULE_PATH/scan.rules #include $RULE_PATH/finger.rules #include $RULE_PATH/ftp.rules #include $RULE_PATH/telnet.rules #include $RULE_PATH/rpc.rules #include $RULE_PATH/rservices.rules #include $RULE_PATH/dos.rules #include $RULE_PATH/ddos.rules #include $RULE_PATH/dns.rules #include $RULE_PATH/tftp.rules #include $RULE_PATH/web-cgi.rules #include $RULE_PATH/web-coldfusion.rules #include $RULE_PATH/web-iis.rules #include $RULE_PATH/web-frontpage.rules #include $RULE_PATH/web-misc.rules #include $RULE_PATH/web-client.rules #include $RULE_PATH/web-php.rules #include $RULE_PATH/sql.rules #include $RULE_PATH/x11.rules #include $RULE_PATH/icmp.rules #include $RULE_PATH/netbios.rules #include $RULE_PATH/misc.rules #include $RULE_PATH/attack-responses.rules #include $RULE_PATH/oracle.rules #include $RULE_PATH/mysql.rules #include $RULE_PATH/snmp.rules #include $RULE_PATH/smtp.rules #include $RULE_PATH/imap.rules #include $RULE_PATH/pop2.rules #include $RULE_PATH/pop3.rules #include $RULE_PATH/nntp.rules #include $RULE_PATH/other-ids.rules # include $RULE_PATH/web-attacks.rules # include $RULE_PATH/backdoor.rules # include $RULE_PATH/shellcode.rules # include $RULE_PATH/policy.rules # include $RULE_PATH/porn.rules # include $RULE_PATH/info.rules # include $RULE_PATH/icmp-info.rules #include $RULE_PATH/virus.rules #include $RULE_PATH/chat.rules # include $RULE_PATH/multimedia.rules #include $RULE_PATH/p2p.rules #include $RULE_PATH/spyware-put.rules # include $RULE_PATH/experimental.rules include threshold.conf
F UID PID PPID PRI NI VSZ RSS WCHAN STAT TTY TIME COMMAND 4 0 1 0 16 0 2876 552 - S ? 0:01 init [3] 1 0 2 1 -100 - 0 0 migrat S ? 0:00 [migration/0] 1 0 3 1 34 19 0 0 ksofti SN ? 0:00 [ksoftirqd/0] 1 0 4 1 -100 - 0 0 migrat S ? 0:00 [migration/1] 1 0 5 1 34 19 0 0 ksofti SN ? 0:00 [ksoftirqd/1] 1 0 6 1 -100 - 0 0 migrat S ? 0:00 [migration/2] 1 0 7 1 34 19 0 0 ksofti SN ? 0:00 [ksoftirqd/2] 1 0 8 1 -100 - 0 0 migrat S ? 0:03 [migration/3] 1 0 9 1 34 19 0 0 ksofti SN ? 0:00 [ksoftirqd/3] 1 0 10 1 5 -10 0 0 worker S< ? 0:00 [events/0] 1 0 11 1 5 -10 0 0 worker S< ? 0:00 [events/1] 1 0 12 1 5 -10 0 0 worker S< ? 0:00 [events/2] 1 0 13 1 5 -10 0 0 worker S< ? 0:00 [events/3] 1 0 14 10 7 -10 0 0 worker S< ? 0:00 [khelper] 1 0 15 10 15 -10 0 0 worker S< ? 0:00 [kacpid] 1 0 30 10 5 -10 0 0 worker S< ? 0:00 [kblockd/0] 1 0 31 10 5 -10 0 0 worker S< ? 0:00 [kblockd/1] 1 0 32 10 5 -10 0 0 worker S< ? 0:00 [kblockd/2] 1 0 33 10 5 -10 0 0 worker S< ? 0:00 [kblockd/3] 1 0 54 10 10 -10 0 0 worker S< ? 0:00 [aio/0] 1 0 55 10 5 -10 0 0 worker S< ? 0:00 [aio/1] 1 0 56 10 5 -10 0 0 worker S< ? 0:00 [aio/2] 1 0 57 10 10 -10 0 0 worker S< ? 0:00 [aio/3] 1 0 34 1 15 0 0 0 hub_th S ? 0:00 [khubd] 1 0 53 1 15 0 0 0 kswapd S ? 0:00 [kswapd0] 1 0 201 1 25 0 0 0 serio_ S ? 0:00 [kseriod] 1 0 331 1 15 0 0 0 kjourn S ? 0:25 [kjournald] 4 0 1356 1 6 -10 2760 464 - S<s ? 0:00 udevd 1 0 1545 10 6 -10 0 0 kaudit S< ? 0:00 [kauditd] 1 0 1626 10 8 -10 0 0 worker S< ? 0:00 [kmirrord] 1 0 1646 1 15 0 0 0 kjourn S ? 0:00 [kjournald] 5 0 2383 1 16 0 1852 548 - Ss ? 0:09 syslogd -m 0 5 0 2387 1 16 0 1780 384 syslog Ss ? 0:00 klogd -x 5 0 2397 1 16 0 1708 300 - Ss ? 0:00 irqbalance 1 0 2427 1 16 0 6016 344 - Ss ? 0:00 rpc.idmapd 5 0 2486 1 18 0 1516 436 - Ss ? 0:00 /usr/sbin/acpid 5 0 2495 1 15 0 4744 1020 - Ss ? 0:00 /usr/sbin/sshd 5 0 2508 1 18 0 3012 756 - Ss ? 0:00 xinetd -stayalive -pidfile /var/run/xinetd.pid 5 0 2672 1 16 0 8168 2024 - Ss ? 0:00 sendmail: accepting connections 1 51 2680 1 16 0 8500 1628 pause Ss ? 0:00 sendmail: Queue runner@01:00:00 for /var/spool/clientmqueue 5 0 2690 1 16 0 2068 360 - Ss ? 0:00 gpm -m /dev/input/mice -t imps2 5 0 2700 1 16 0 15788 5576 - Ss ? 0:01 /usr/sbin/httpd 5 0 2709 1 15 0 5192 928 - Ss ? 0:00 crond 5 48 2718 2700 15 0 22944 10840 semtim S ? 0:27 /usr/sbin/httpd 5 48 2719 2700 15 0 23056 11496 semtim S ? 0:42 /usr/sbin/httpd 5 48 2720 2700 15 0 22860 10732 semtim S ? 1:39 /usr/sbin/httpd 5 48 2721 2700 15 0 22920 10752 semtim S ? 4:54 /usr/sbin/httpd 5 48 2722 2700 16 0 23032 10952 - S ? 0:29 /usr/sbin/httpd 5 48 2723 2700 15 0 22924 10804 semtim S ? 4:00 /usr/sbin/httpd 5 48 2724 2700 15 0 23020 10848 semtim S ? 3:27 /usr/sbin/httpd 5 48 2725 2700 15 0 23016 10868 semtim S ? 0:35 /usr/sbin/httpd 5 0 2743 1 16 0 3044 420 - Ss ? 0:00 /usr/sbin/atd 5 81 2752 1 15 0 3740 956 - Ss ? 0:00 dbus-daemon-1 --system 5 0 2763 1 16 0 5508 296 - Ss ? 0:00 rhnsd --interval 240 5 0 2775 1 16 0 7344 4132 - Ss ? 0:33 hald 5 0 2839 1 16 0 9828 5824 - Ss ? 0:00 /usr/bin/perl /usr/libexec/webmin/miniserv.pl /etc/webmin/miniserv.conf 4 0 2843 1 18 0 2908 412 - Ss+ tty1 0:00 /sbin/mingetty tty1 4 0 2844 1 18 0 2724 412 - Ss+ tty2 0:00 /sbin/mingetty tty2 4 0 2845 1 18 0 2132 412 - Ss+ tty3 0:00 /sbin/mingetty tty3 4 0 2846 1 18 0 2532 412 - Ss+ tty4 0:00 /sbin/mingetty tty4 4 0 2847 1 18 0 2732 412 - Ss+ tty5 0:00 /sbin/mingetty tty5 4 0 2848 1 18 0 1484 412 - Ss+ tty6 0:00 /sbin/mingetty tty6 1 0 26700 13 15 0 0 0 pdflus S ? 0:00 [pdflush] 1 0 27045 13 15 0 0 0 pdflus S ? 0:03 [pdflush] 5 100 32745 1 16 0 138200 44048 - Ssl ? 178:36 ntop -d -L @/etc/ntop.conf 4 0 16774 2495 17 0 8320 2408 - Ss ? 0:00 sshd: eric [priv] 5 500 16776 16774 15 0 8488 1648 - S ? 0:09 sshd: eric@pts/0 0 500 16777 16776 15 0 5364 1408 wait Ss pts/0 0:00 -bash 4 0 16803 16777 15 0 4536 1468 wait S pts/0 0:00 /bin/bash 4 0 17044 1 25 0 4380 1252 wait S pts/0 0:00 /bin/sh /usr/bin/mysqld_safe --defaults-file=/etc/my.cnf --pid-file=/var/run/mysqld/mysqld.pid 4 27 17077 17044 16 0 128816 27124 - Sl pts/0 12:24 /usr/libexec/mysqld --defaults-file=/etc/my.cnf --basedir=/usr --datadir=/var/lib/mysql --user=mysql --pid-file=/var/run/mysqld/mysqld.pid --skip-locking --socket=/var/lib/mysql/mysql.sock 5 503 17801 1 15 0 52780 9380 - Ss ? 0:06 /usr/sbin/snort -b -D -i eth1 -u snort -g snort -c /etc/snort/snort.conf -l /var/log/snort 4 0 17834 16803 16 0 2540 652 - R+ pts/0 0:00 ps axwwl
Running in IDS mode with inferred config file: ./snort.conf --== Initializing Snort ==-- Initializing Output Plugins! Var 'any_ADDRESS' defined, value len = 15 chars, value = 0.0.0.0/0.0.0.0 Var 'lo_ADDRESS' defined, value len = 19 chars, value = 127.0.0.0/255.0.0.0 Initializing Preprocessors! Initializing Plug-ins! Parsing Rules file ./snort.conf +++++++++++++++++++++++++++++++++++++++++++++++++++ Initializing rule chains... Var 'HOME_NET' defined, value len = 24 chars, value = [10.0.0.0/8,172.0.0.0/8] Var 'EXTERNAL_NET' defined, value len = 3 chars, value = any Var 'DNS_SERVERS' defined, value len = 33 chars, value = [172.16.100.10/32,10.2.100.10/32] Var 'SMTP_SERVERS' defined, value len = 24 chars, value = [10.0.0.0/8,172.0.0.0/8] Var 'HTTP_SERVERS' defined, value len = 24 chars, value = [10.0.0.0/8,172.0.0.0/8] Var 'SQL_SERVERS' defined, value len = 24 chars, value = [10.0.0.0/8,172.0.0.0/8] Var 'TELNET_SERVERS' defined, value len = 24 chars, value = [10.0.0.0/8,172.0.0.0/8] Var 'SNMP_SERVERS' defined, value len = 18 chars, value = [172.17.136.53/32] Var 'HTTP_PORTS' defined, value len = 2 chars, value = 80 Var 'SHELLCODE_PORTS' defined, value len = 3 chars, value = !80 Var 'ORACLE_PORTS' defined, value len = 4 chars, value = 1521 Var 'AIM_SERVERS' defined, value len = 185 chars [64.12.24.0/23,64.12.28.0/23,64.12.161.0/24,64.12.163.0/24,64.12.200.0/24,205.188.3.0/24,205.188.5.0/24,205.188.7.0/24,205.188.9 .0/24,205.188.153.0/24,205.188.179.0/24,205.188.248.0/24] Var 'RULE_PATH' defined, value len = 16 chars, value = /etc/snort/rules ,-----------[Flow Config]---------------------- | Stats Interval: 0 | Hash Method: 2 | Memcap: 10485760 | Rows : 4099 | Overhead Bytes: 16400(%0.16) `---------------------------------------------- Frag3 global config: Max frags: 65536 Fragment memory cap: 4194304 bytes Frag3 engine config: Target-based policy: FIRST Fragment timeout: 60 seconds Fragment min_ttl: 1 Fragment ttl_limit: 5 Fragment Problems: 1 Bound Addresses: 0.0.0.0/0.0.0.0 Stream4 config: Stateful inspection: ACTIVE Session statistics: INACTIVE Session timeout: 30 seconds Session memory cap: 8388608 bytes Session count max: 8192 sessions Session cleanup count: 5 State alerts: INACTIVE Evasion alerts: INACTIVE Scan alerts: INACTIVE Log Flushed Streams: INACTIVE MinTTL: 1 TTL Limit: 5 Async Link: 0 State Protection: 0 Self preservation threshold: 50 Self preservation period: 90 Suspend threshold: 200 Suspend period: 30 Enforce TCP State: INACTIVE Midstream Drop Alerts: INACTIVE Allow Blocking of TCP Sessions in Inline: ACTIVE Server Data Inspection Limit: -1 WARNING ./snort.conf(438) => flush_behavior set in config file, using old static flushpoints (0) Stream4_reassemble config: Server reassembly: INACTIVE Client reassembly: ACTIVE Reassembler alerts: ACTIVE Zero out flushed packets: INACTIVE Flush stream on alert: INACTIVE flush_data_diff_size: 500 Reassembler Packet Preferance : Favor Old Packet Sequence Overlap Limit: -1 Flush behavior: Small (<255 bytes) Ports: 21 23 25 42 53 80 110 111 135 136 137 139 143 445 513 1433 1521 3306 Emergency Ports: 21 23 25 42 53 80 110 111 135 136 137 139 143 445 513 1433 1521 3306 WARNING ./snort.conf(439) => flush_behavior set in config file, using old static flushpoints (0) Stream4_reassemble config: Server reassembly: ACTIVE Client reassembly: ACTIVE Reassembler alerts: ACTIVE Zero out flushed packets: INACTIVE Flush stream on alert: INACTIVE flush_data_diff_size: 500 Reassembler Packet Preferance : Favor Old Packet Sequence Overlap Limit: -1 Flush behavior: Small (<255 bytes) Ports: 21 23 25 53 80 110 111 139 143 445 513 1433 Emergency Ports: 21 23 25 42 53 80 110 111 135 136 137 139 143 445 513 1433 1521 3306 HttpInspect Config: GLOBAL CONFIG Max Pipeline Requests: 0 Inspection Type: STATELESS Detect Proxy Usage: NO IIS Unicode Map Filename: ./unicode.map IIS Unicode Map Codepage: 1252 DEFAULT SERVER CONFIG: Server profile: All Ports: 80 8080 8180 Flow Depth: 300 Max Chunk Length: 500000 Inspect Pipeline Requests: YES URI Discovery Strict Mode: NO Allow Proxy Usage: NO Disable Alerting: NO Oversize Dir Length: 500 Only inspect URI: NO Ascii: YES alert: NO Double Decoding: YES alert: YES %U Encoding: YES alert: YES Bare Byte: YES alert: YES Base36: OFF UTF 8: OFF IIS Unicode: YES alert: YES Multiple Slash: YES alert: NO IIS Backslash: YES alert: NO Directory Traversal: YES alert: NO Web Root Traversal: YES alert: YES Apache WhiteSpace: YES alert: NO IIS Delimiter: YES alert: NO IIS Unicode Map: GLOBAL IIS UNICODE MAP CONFIG Non-RFC Compliant Characters: NONE Whitespace Characters: 0x09 0x0b 0x0c 0x0d rpc_decode arguments: Ports to decode RPC on: 111 32771 alert_fragments: INACTIVE alert_large_fragments: ACTIVE alert_incomplete: ACTIVE alert_multiple_requests: ACTIVE Portscan Detection Config: Detect Protocols: TCP UDP ICMP IP Detect Scan Type: portscan portsweep decoy_portscan distributed_portscan Sensitivity Level: Low Memcap (in bytes): 10000000 Number of Nodes: 36900 0 Snort rules read... 0 Option Chains linked into 0 Chain Headers 0 Dynamic rules +++++++++++++++++++++++++++++++++++++++++++++++++++ Tagged Packet Limit: 256 +-----------------------[thresholding-config]---------------------------------- | memory-cap : 1048576 bytes +-----------------------[thresholding-global]---------------------------------- | none +-----------------------[thresholding-local]----------------------------------- | none +-----------------------[suppression]------------------------------------------ | gen-id=1 sig-id=1411 tracking=srcip=172.17.136.53 mask=255.255.255.255 | gen-id=1 sig-id=1411 tracking=srcip=172.17.136.75 mask=255.255.255.255 | gen-id=1 sig-id=1432 tracking=srcip=172.0.0.0 mask=255.0.0.0 | gen-id=1 sig-id=1432 tracking=srcip=172.0.0.0 mask=255.0.0.0 | gen-id=1 sig-id=556 tracking=srcip=10.0.0.0 mask=255.0.0.0 | gen-id=1 sig-id=556 tracking=srcip=10.0.0.0 mask=255.0.0.0 | gen-id=1 sig-id=1417 tracking=srcip=172.17.136.53 mask=255.255.255.255 | gen-id=1 sig-id=1417 tracking=srcip=172.17.136.75 mask=255.255.255.255 ------------------------------------------------------------------------------- Rule application order: ->activation->dynamic->pass->drop->alert->log Log directory = /var/log/snort Loading dynamic engine /usr/lib/snort-2.6.1_dynamicengine/libsf_engine.so... done Loading all dynamic preprocessor libs from /usr/lib/snort-2.6.1_dynamicpreprocessor/... Loading dynamic preprocessor library /usr/lib/snort-2.6.1_dynamicpreprocessor//libsf_smtp_preproc.so... done Loading dynamic preprocessor library /usr/lib/snort-2.6.1_dynamicpreprocessor//libsf_dns_preproc.so... done Loading dynamic preprocessor library /usr/lib/snort-2.6.1_dynamicpreprocessor//libsf_ftptelnet_preproc.so... done Finished Loading all dynamic preprocessor libs from /usr/lib/snort-2.6.1_dynamicpreprocessor/ FTPTelnet Config: GLOBAL CONFIG Inspection Type: stateful Check for Encrypted Traffic: YES alert: YES Continue to check encrypted data: NO TELNET CONFIG: Ports: 23 Are You There Threshold: 200 Normalize: YES Detect Anomalies: NO FTP CONFIG: FTP Server: default Ports: 21 Check for Telnet Cmds: YES alert: YES Identify open data channels: YES FTP Client: default Check for Bounce Attacks: YES alert: YES Check for Telnet Cmds: YES alert: YES Max Response Length: 256 SMTP Config: Ports: 25 Inspection Type: STATEFUL Normalize Spaces: YES Ignore Data: NO Ignore TLS Data: NO Ignore Alerts: NO Max Command Length: 0 Max Header Line Length: 0 Max Response Line Length: 0 X-Link2State Alert: YES Drop on X-Link2State Alert: NO DNS config: DNS Client rdata txt Overflow Alert: ACTIVE Obsolete DNS RR Types Alert: INACTIVE Experimental DNS RR Types Alert: INACTIVE Ports: 53 Verifying Preprocessor Configurations! 0 out of 512 flowbits in use. *** *** interface device lookup found: eth0 *** Initializing Network Interface eth0 ERROR: OpenPcap() FSM compilation failed: syntax error PCAP command: cmd option Fatal Error, Quitting..
------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort 2.6.1 Stops Logging Colin Grady (Nov 21)
- Re: Snort 2.6.1 Stops Logging Jason Haar (Nov 21)
- Re: Snort 2.6.1 Stops Logging Eric J. Feldhusen (Nov 21)
- Re: Snort 2.6.1 Stops Logging Colin Grady (Nov 21)
- Re: Snort 2.6.1 Stops Logging Martin Roesch (Nov 21)
- Re: Snort 2.6.1 Stops Logging Jason Haar (Nov 22)
- Re: Snort 2.6.1 Stops Logging Eric Feldhusen (Nov 22)
- Message not available
- Re: Snort 2.6.1 Stops Logging Eric J. Feldhusen (Nov 22)
- Message not available
- Re: Snort 2.6.1 Stops Logging Eric J. Feldhusen (Nov 22)
- Re: Snort 2.6.1 Stops Logging Eric J. Feldhusen (Nov 21)
- Re: Snort 2.6.1 Stops Logging Jason Haar (Nov 21)