Snort mailing list archives
Re: R?p. : Freebsd + snort (error when Snort start)
From: Joel Esler <joel.esler () sourcefire com>
Date: Tue, 19 Dec 2006 19:26:47 -0500
So your command line would be: /usr/local/bin/snort -i rl0 -c /usr/local/etc/snort/snort.conf FYI. J On Tue, Dec 19, 2006 at 04:46:46PM -0500, it looks like Todd Wease sent me:
FRANCIS PROVENCHER wrote:For more complete log it look like this; Dec 19 16:12:12 portableBS snort[28402]: Var 'lo0_ADDRESS' defined, value len = 19 chars Dec 19 16:12:12 portableBS snort[28402]: , value = 127.0.0.0/255.0.0.0 Dec 19 16:12:12 portableBS snort[28402]: Parsing Rules file /usr/local/etc/snort/snort.conf Dec 19 16:12:12 portableBS snort[28402]: Var 'HOME_NET' defined, value len = 3 chars Dec 19 16:12:12 portableBS snort[28402]: , value = any Dec 19 16:12:12 portableBS snort[28402]: Var 'EXTERNAL_NET' defined, value len = 3 chars Dec 19 16:12:12 portableBS snort[28402]: , value = any Dec 19 16:12:12 portableBS snort[28402]: Var 'DNS_SERVERS' defined, value len = 3 chars Dec 19 16:12:12 portableBS snort[28402]: , value = any Dec 19 16:12:12 portableBS snort[28402]: Var 'SMTP_SERVERS' defined, value len = 3 chars Dec 19 16:12:12 portableBS snort[28402]: , value = any Dec 19 16:12:12 portableBS snort[28402]: Var 'HTTP_SERVERS' defined, value len = 3 chars Dec 19 16:12:12 portableBS snort[28402]: , value = any Dec 19 16:12:12 portableBS snort[28402]: Var 'SQL_SERVERS' defined, value len = 3 chars Dec 19 16:12:12 portableBS snort[28402]: , value = any Dec 19 16:12:12 portableBS snort[28402]: Var 'TELNET_SERVERS' defined, value len = 3 chars Dec 19 16:12:12 portableBS snort[28402]: , value = any Dec 19 16:12:12 portableBS snort[28402]: Var 'SNMP_SERVERS' defined, value len = 3 chars Dec 19 16:12:12 portableBS snort[28402]: , value = any Dec 19 16:12:12 portableBS snort[28402]: Var 'HTTP_PORTS' defined, value len = 2 chars Dec 19 16:12:12 portableBS snort[28402]: , value = 80 Dec 19 16:12:12 portableBS snort[28402]: Var 'SHELLCODE_PORTS' defined, value len = 3 chars Dec 19 16:12:12 portableBS snort[28402]: , value = !80 Dec 19 16:12:12 portableBS snort[28402]: Var 'ORACLE_PORTS' defined, value len = 4 chars Dec 19 16:12:12 portableBS snort[28402]: , value = 1521 Dec 19 16:12:12 portableBS snort[28402]: Var 'AIM_SERVERS' defined, value len = 185 chars Dec 19 16:12:12 portableBS snort[28402]: Dec 19 16:12:12 portableBS snort[28402]: [64.12.24.0/23,64.12.28.0/23,64.12.161.0/24,64.12.163.0/24,64.12.200.0/24,205.188 .3.0/24,205.188.5.0/24,205.188.7.0/24,205.188.9 Dec 19 16:12:12 portableBS snort[28402]: .0/24,205.188.153.0/24,205.188.179.0/24,205.188.248.0/24] Dec 19 16:12:12 portableBS snort[28402]: Var 'RULE_PATH' defined, value len = 27 chars Dec 19 16:12:12 portableBS snort[28402]: , value = /usr/local/etc/snort/rules/ Dec 19 16:12:12 portableBS snort[28402]: ,-----------[Flow Config]---------------------- Dec 19 16:12:12 portableBS snort[28402]: | Stats Interval: 0 Dec 19 16:12:12 portableBS snort[28402]: | Hash Method: 2 Dec 19 16:12:12 portableBS snort[28402]: | Memcap: 10485760 Dec 19 16:12:12 portableBS snort[28402]: | Rows : 4099 Dec 19 16:12:12 portableBS snort[28402]: | Overhead Bytes: 16400(%0.16) Dec 19 16:12:12 portableBS snort[28402]: `---------------------------------------------- Dec 19 16:12:12 portableBS snort[28402]: Frag3 global config: Dec 19 16:12:12 portableBS snort[28402]: Max frags: 65536 Dec 19 16:12:12 portableBS snort[28402]: Fragment memory cap: 4194304 bytes Dec 19 16:12:12 portableBS snort[28402]: Frag3 engine config: Dec 19 16:12:12 portableBS snort[28402]: Target-based policy: FIRST Dec 19 16:12:12 portableBS snort[28402]: Fragment timeout: 60 seconds Dec 19 16:12:12 portableBS snort[28402]: Fragment min_ttl: 1 Dec 19 16:12:12 portableBS snort[28402]: Fragment ttl_limit: 5 Dec 19 16:12:12 portableBS snort[28402]: Fragment Problems: 1 Dec 19 16:12:12 portableBS snort[28402]: Bound Addresses: 0.0.0.0/0.0.0.0 Dec 19 16:12:12 portableBS snort[28402]: Stream4 config: Dec 19 16:12:12 portableBS snort[28402]: Stateful inspection: ACTIVE Dec 19 16:12:12 portableBS snort[28402]: Session statistics: INACTIVE Dec 19 16:12:12 portableBS snort[28402]: Session timeout: 30 seconds Dec 19 16:12:12 por tableBS snort[28402]: Session memory cap: 8388608 bytes Dec 19 16:12:12 portableBS snort[28402]: Session count max: 8192 sessions Dec 19 16:12:12 portableBS snort[28402]: Session cleanup count: 5 Dec 19 16:12:12 portableBS snort[28402]: State alerts: INACTIVE Dec 19 16:12:12 portableBS snort[28402]: Evasion alerts: INACTIVE Dec 19 16:12:12 portableBS snort[28402]: Scan alerts: INACTIVE Dec 19 16:12:12 portableBS snort[28402]: Log Flushed Streams: INACTIVE Dec 19 16:12:12 portableBS snort[28402]: MinTTL: 1 Dec 19 16:12:12 portableBS snort[28402]: TTL Limit: 5 Dec 19 16:12:12 portableBS snort[28402]: Async Link: 0 Dec 19 16:12:12 portableBS snort[28402]: State Protection: 0 Dec 19 16:12:12 portableBS snort[28402]: Self preservation threshold: 50 Dec 19 16:12:12 portableBS snort[28402]: Self preservation period: 90 Dec 19 16:12:12 portableBS snort[28402]: Suspend threshold: 200 Dec 19 16:12:12 portableBS snort[28402]: Suspend period: 30 Dec 19 16:12:12 portableBS snort[28402]: Enforce TCP State: INACTIVE Dec 19 16:12:12 portableBS snort[28402]: Midstream Drop Alerts: INACTIVE Dec 19 16:12:12 portableBS snort[28402]: Allow Blocking of TCP Sessions in Inline: ACTIVE Dec 19 16:12:12 portableBS snort[28402]: Server Data Inspection Limit: -1 Dec 19 16:12:12 portableBS snort[28402]: WARNING /usr/local/etc/snort/snort.conf(408) => flush_behavior set in config file, u sing old static flushpoints (0) Dec 19 16:12:12 portableBS snort[28402]: Stream4_reassemble config: Dec 19 16:12:12 portableBS snort[28402]: Server reassembly: INACTIVE Dec 19 16:12:12 portableBS snort[28402]: Client reassembly: ACTIVE Dec 19 16:12:12 portableBS snort[28402]: Reassembler alerts: ACTIVE Dec 19 16:12:12 portableBS snort[28402]: Zero out flushed packets: INACTIVE Dec 19 16:12:12 portableBS snort[28402]: Flush stream on alert: INACTIVE Dec 19 16:12:12 portableBS snort[28402]: flush_data_diff_size: 500 Dec 19 16:12:12 portableBS snort[28402]: Reassembler Packet Preferance : Favor Old Dec 19 16:12:12 portableBS snort[28402]: Packet Sequence Overlap Limit: -1 Dec 19 16:12:12 portableBS snort[28402]: Flush behavior: Small (<255 bytes) Dec 19 16:12:12 portableBS snort[28402]: Ports: 21 23 25 42 53 80 110 111 135 136 137 139 143 445 513 1433 1521 3306 Dec 19 16:12:12 portableBS snort[28402]: Emergency Ports: 21 23 25 42 53 80 110 111 135 136 137 139 143 445 513 1433 1521 3306 Dec 19 16:12:12 portableBS snort[28402]: HttpInspect Config: Dec 19 16:12:12 portableBS snort[28402]: GLOBAL CONFIG Dec 19 16:12:12 portableBS snort[28402]: Max Pipeline Requests: 0 Dec 19 16:12:12 portableBS snort[28402]: Inspection Type: STATELESS Dec 19 16:12:12 portableBS snort[28402]: Detect Proxy Usage: NO Dec 19 16:12:12 portableBS snort[28402]: IIS Unicode Map Filename: /usr/local/etc/snort/unicode.map Dec 19 16:12:12 portableBS snort[28402]: IIS Unicode Map Codepage: 1252 Dec 19 16:12:12 portableBS snort[28402]: DEFAULT SERVER CONFIG: Dec 19 16:12:12 portableBS snort[28402]: Server profile: All Dec 19 16:12:12 portableBS snort[28402]: Ports: 80 8080 8180 Dec 19 16:12:12 portableBS snort[28402]: Flow Depth: 300 Dec 19 16:12:12 portableBS snort[28402]: Max Chunk Length: 500000 Dec 19 16:12:12 portableBS snort[28402]: Inspect Pipeline Requests: YES Dec 19 16:12:12 portableBS snort[28402]: URI Discovery Strict Mode: NO Dec 19 16:12:12 portableBS snort[28402]: Allow Proxy Usage: NO Dec 19 16:12:12 portableBS snort[28402]: Disable Alerting: NO Dec 19 16:12:12 portableBS snort[28402]: Oversize Dir Length: 500 Dec 19 16:12:12 portableBS snort[28402]: Only inspect URI: NO Dec 19 16:12:12 portableBS snort[28402]: Ascii: YES alert: NO Dec 19 16:12:12 portableBS snort[28402]: Double Decoding: YES alert: YES Dec 19 16:12:12 portableBS snort[28402]: %U Encoding: YES alert: YES Dec 19 16:12:12 portableBS snort[28402]: Bare Byte: YES alert: YES Dec 19 16:12:12 portableBS snort[28402]: Base36: OFF Dec 19 16:12:12 portableBS snort[28402]: UTF 8: OFF Dec 19 16:12:12 portableBS snort[28402]: IIS Unicode: YES alert: YES Dec 19 16:12:12 portableBS snort[28402]: Multiple Slash: YES alert: NO Dec 19 16:12:12 portableBS snort[28402]: IIS Backslash: YES alert: NO Dec 19 16:12:12 portableBS snort[28402]: Directory Traversal: YES alert: NO Dec 19 16:12:12 portableBS snort[28402]: Web Root Traversal: YES alert: YES Dec 19 16:12:12 portableBS snort[28402]: Apache WhiteSpace: YES alert: NO Dec 19 16:12:12 portableBS snort[28402]: IIS Delimiter: YES alert: NO Dec 19 16:12:12 portableBS snort[28402]: IIS Unicode Map: GLOBAL IIS UNICODE MAP CONFIG Dec 19 16:12:12 portableBS snort[28402]: Non-RFC Compliant Characters: NONE Dec 19 16:12:12 portableBS snort[28402]: Whitespace Characters: 0x09 0x0b 0x0c 0x0d Dec 19 16:12:12 portableBS snort[28402]: rpc_decode arguments: Dec 19 16:12:12 portableBS snort[28402]: Ports to decode RPC on: 111 32771 Dec 19 16:12:12 portableBS snort[28402]: alert_fragments: INACTIVE Dec 19 16:12:12 portableBS snort[28402]: alert_large_fragments: ACTIVE Dec 19 16:12:12 portableBS snort[28402]: alert_incomplete: ACTIVE Dec 19 16:12:12 portableBS snort[28402]: alert_multiple_requests: ACTIVE Dec 19 16:12:12 portableBS snort[28402]: Portscan Detection Config: Dec 19 16:12:12 portableBS snort[28402]: Detect Protocols: TCP UDP ICMP IP Dec 19 16:12:12 portableBS snort[28402]: Detect Scan Type: portscan portsweep decoy_portscan distributed_portscan Dec 19 16:12:12 portableBS snort[28402]: Sensitivity Level: Low Dec 19 16:12:12 portableBS snort[28402]: Memcap (in bytes): 10000000 Dec 19 16:12:12 portableBS snort[28402]: Number of Nodes: 36900 Dec 19 16:12:12 portableBS snort[28402]: Dec 19 16:12:13 portableBS snort[28402]: Tagged Packet Limit: 256 Dec 19 16:12:13 portableBS snort[28402]: Dec 19 16:12:13 portableBS snort[28402]: +-----------------------[thresholding-config]---------------------------------- Dec 19 16:12:13 portableBS snort[28402]: | memory-cap : 1048576 bytes Dec 19 16:12:13 portableBS snort[28402]: +-----------------------[thresholding-global]---------------------------------- Dec 19 16:12:13 portableBS snort[28402]: | none Dec 19 16:12:13 portableBS snort[28402]: +-----------------------[thresholding-local]----------------------------------- Dec 19 16:12:13 portableBS snort[28402]: | gen-id=1 sig-id=3152 type=Threshold tracking=src count=5 seconds=2 Dec 19 16:12:13 portableBS snort[28402]: | gen-id=1 sig-id=7760 type=Limit tracking=src count=1 seconds=600 Dec 19 16:12:13 portableBS snort[28402]: | gen-id=1 sig-id=6127 type=Limit tracking=src count=1 seconds=300 Dec 19 16:12:13 portableBS snort[28402]: | gen-id=1 sig-id=7801 type=Limit tracking=src count=1 seconds=300 Dec 19 16:12:13 portableBS snort[28402]: | gen-id=1 sig-id=7706 type=Limit tracking=src count=1 seconds=300 Dec 19 16:12:13 portableBS snort[28402]: | gen-id=1 sig-id=6128 type=Limit tracking=src count=1 seconds=600 Dec 19 16:12:13 portableBS snort[28402]: | gen-id=1 sig-id=7649 type=Limit tracking=src count=1 seconds=300 Dec 19 16:12:13 portableBS snort[28402]: | gen-id=1 sig-id=7758 type=Limit tracking=src count=1 seconds=300 Dec 19 16:12:13 portableBS snort[28402]: | gen-id=1 sig-id=7669 type=Limit tracking=src count=1 seconds=120 Dec 19 16:12:13 portableBS snort[28402]: | gen-id=1 sig-id=7646 type=Limit tracking=src count=1 seconds=300 Dec 19 16:12:13 portableBS snort[28402]: | gen-id=1 sig-id=7068 type=Limit tracking=src count=1 seconds=300 Dec 19 16:12:13 portableBS snort[28402]: | gen-id=1 sig-id=7759 type=Lim it tracking=src count=1 seconds=300 Dec 19 16:12:13 portableBS snort[28402]: | gen-id=1 sig-id=5322 type=Limit tracking=src count=1 seconds=60 Dec 19 16:12:13 portableBS snort[28402]: | gen-id=1 sig-id=7069 type=Limit tracking=src count=1 seconds=300 Dec 19 16:12:13 portableBS snort[28402]: | gen-id=1 sig-id=7118 type=Limit tracking=src count=1 seconds=600 Dec 19 16:12:13 portableBS snort[28402]: | gen-id=1 sig-id=7712 type=Limit tracking=src count=1 seconds=300 Dec 19 16:12:13 portableBS snort[28402]: | gen-id=1 sig-id=5321 type=Limit tracking=src count=1 seconds=60 Dec 19 16:12:13 portableBS snort[28402]: | gen-id=1 sig-id=3542 type=Threshold tracking=src count=5 seconds=2 Dec 19 16:12:13 portableBS snort[28402]: | gen-id=1 sig-id=2924 type=Threshold tracking=dst count=10 seconds=60 Dec 19 16:12:13 portableBS snort[28402]: | gen-id=1 sig-id=7655 type=Limit tracking=src count=1 seconds=300 Dec 19 16:12:13 portableBS snort[28402]: | gen-id=1 sig-id=7711 type=Limit tracking=src count=1 seconds=300 Dec 19 16:12:13 portableBS snort[28402]: | gen-id=1 sig-id=6336 type=Limit tracking=src count=1 seconds=300 Dec 19 16:12:13 portableBS snort[28402]: | gen-id=1 sig-id=7861 type=Limit tracking=src count=1 seconds=300 Dec 19 16:12:13 portableBS snort[28402]: | gen-id=1 sig-id=2275 type=Threshold tracking=dst count=5 seconds=60 Dec 19 16:12:13 portableBS snort[28402]: | gen-id=1 sig-id=7613 type=Limit tracking=src count=1 seconds=300 Dec 19 16:12:13 portableBS snort[28402]: | gen-id=1 sig-id=7074 type=Limit tracking=src count=1 seconds=600 Dec 19 16:12:13 portableBS snort[28402]: | gen-id=1 sig-id=2923 type=Threshold tracking=dst count=10 seconds=60 Dec 19 16:12:13 portableBS snort[28402]: | gen-id=1 sig-id=6146 type=Limit tracking=src count=1 seconds=300 Dec 19 16:12:13 portableBS snort[28402]: | gen-id=1 sig-id=6176 type=Limit tracking=src count=1 seconds=300 Dec 19 16:12:13 portableBS snort[28402]: | gen-id=1 sig-id=6176 type=Limit tracking=src count=1 seconds=300 Dec 19 16:12:13 portableBS snort[28402]: | gen-id=1 sig-id=7642 type=Limit tracking=src count=1 seconds=300 Dec 19 16:12:13 portableBS snort[28402]: | gen-id=1 sig-id=6322 type=Limit tracking=src count=1 seconds=3000 Dec 19 16:12:13 portableBS snort[28402]: | gen-id=1 sig-id=7802 type=Limit tracking=src count=1 seconds=300 Dec 19 16:12:13 portableBS snort[28402]: | gen-id=1 sig-id=6398 type=Limit tracking=src count=1 seconds=300 Dec 19 16:12:13 portableBS snort[28402]: | gen-id=1 sig-id=7727 type=Limit tracking=src count=1 seconds=300 Dec 19 16:12:13 portableBS snort[28402]: | gen-id=1 sig-id=6321 type=Limit tracking=src count=1 seconds=3000 Dec 19 16:12:13 portableBS snort[28402]: | gen-id=1 sig-id=4984 type=Threshold tracking=src count=5 seconds=2 Dec 19 16:12:13 portableBS snort[28402]: | gen-id=1 sig-id=8477 type=Limit tracking=src count=1 seconds=300 Dec 19 16:12:13 portableBS snort[28402]: | gen-id=1 sig-id=6122 type=Limit tracking=src count=1 seconds=600 Dec 19 16:12:13 portableBS snort[28402]: | gen-id=1 sig-id=7647 type=Limit tracking=src count=1 seconds=300 Dec 19 16:12:13 portableBS snort[28402]: | gen-id=1 sig-id=3543 type=Threshold tracking=src count=5 seconds=2 Dec 19 16:12:13 portableBS snort[28402]: | gen-id=1 sig-id=7624 type=Limit tracking=src count=1 seconds=300 Dec 19 16:12:13 portableBS snort[28402]: | gen-id=1 sig-id=5323 type=Limit tracking=src count=1 seconds=60 Dec 19 16:12:13 portableBS snort[28402]: | gen-id=1 sig-id=2523 type=Both tracking=dst count=10 seconds=10 Dec 19 16:12:13 portableBS snort[28402]: | gen-id=1 sig-id=8549 type=Limit tracking=src count=1 seconds=300 Dec 19 16:12:13 portableBS snort[28402]: | gen-id=1 sig-id=7691 type=Limit tracking=src count=1 seconds=300 Dec 19 16:12:13 portableBS snort[28402]: | gen-id=1 sig-id=7732 type=Limit tracking=src count=1 seconds=300 Dec 19 16:12:13 portableBS snort[28402]: | gen-id=1 sig-id=7034 type=Limit tracking=src count=1 seconds=60 Dec 19 16:12:13 portableBS snort[28402]: | gen-id=1 sig-id=3273 type=Threshold tracking=src count=5 seconds=2 Dec 19 16:12:13 portableBS snort[28402]: | gen-id=1 sig-id=7739 type=Limit tracking=src count=1 seconds=300 Dec 19 16:12:13 portableBS snort[28402]: | gen-id=1 sig-id=7033 type=Limit tracking=src count=1 seconds=60 Dec 19 16:12:13 portableBS snort[28402]: | gen-id=1 sig-id=6174 type=Limit tracking=src count=1 seconds=300 Dec 19 16:12:13 portableBS snort[28402]: | gen-id=1 sig-id=6290 type=Limit tracking=src count=1 seconds=300 Dec 19 16:12:13 portableBS snort[28402]: | gen-id=1 sig-id=3527 type=Limit tracking=dst count=5 seconds=60 Dec 19 16:12:13 portableBS snort[28402]: | gen-id=1 sig-id=6107 type=Limit tracking=src count=1 seconds=600 Dec 19 16:12:13 portableBS snort[28402]: | gen-id=1 sig-id=6324 type=Limit tracking=src count=1 seconds=300 Dec 19 16:12:13 portableBS snort[28402]: | gen-id=1 sig-id=7822 type=Limit tracking=src count=1 seconds=300 Dec 19 16:12:13 portableBS snort[28402]: +-----------------------[suppression]------------------------------------------ Dec 19 16:12:13 portableBS snort[28402]: | none Dec 19 16:12:13 portableBS snort[28402]: ------------------------------------------------------------------------------- Dec 19 16:12:13 portableBS snort[28402]: Rule application order: ->activation->dynamic->pass->drop->alert->log Dec 19 16:12:13 portableBS snort[28402]: Log directory = /var/log/snort Dec 19 16:12:13 portableBS snort[28402]: Loading dynamic engine /usr/local/lib/snort/dynamicengine/libsf_engine.so... Dec 19 16:12:13 portableBS snort[28402]: done Dec 19 16:12:13 portableBS snort[28402]: Loading all dynamic preprocessor libs from /usr/local/lib/snort/dynamicpreprocessor/ ... Dec 19 16:12:13 portableBS snort[28402]: Loading dynamic preprocessor library /usr/local/lib/snort/dynamicpreprocessor//lib sf_ftptelnet_preproc.so... Dec 19 16:12:13 portableBS snort[28402]: done Dec 19 16:12:13 portableBS snort[28402]: Loading dynamic preprocessor library /usr/local/lib/snort/dynamicpreprocessor//lib sf_smtp_preproc.so... Dec 19 16:12:13 portableBS snort[28402]: done Dec 19 16:12:13 portableBS snort[28402]: Loading dynamic preprocessor library /usr/local/lib/snort/dynamicpreprocessor//lib sf_ssh_preproc.so... Dec 19 16:12:13 portableBS snort[28402]: done Dec 19 16:12:13 portableBS snort[28402]: Loading dynamic preprocessor library /usr/local/lib/snort/dynamicpreprocessor//lib sf_dcerpc_preproc.so... Dec 19 16:12:13 portableBS snort[28402]: done Dec 19 16:12:13 portableBS snort[28402]: Loading dynamic preprocessor library /usr/local/lib/snort/dynamicpreprocessor//lib sf_dns_preproc.so... Dec 19 16:12:13 portableBS snort[28402]: done Dec 19 16:12:13 portableBS snort[28402]: Finished Loading all dynamic preprocessor libs from /usr/local/lib/snort/dynamicpr eprocessor/ Dec 19 16:12:13 portableBS snort[28402]: FTPTelnet Config: Dec 19 16:12:13 portableBS snort[28402]: GLOBAL CONFIG Dec 19 16:12:13 portableBS snort[28402]: Inspection Type: stateful Dec 19 16:12:13 portableBS snort[28402]: Check for Encrypted Traffic: YES alert: YES Dec 19 16:12:13 portableBS snort[28402]: Continue to check encrypted data: NO Dec 19 16:12:13 portableBS snort[28402]: TELNET CONFIG: Dec 19 16:12:13 portableBS snort[28402]: Ports: 23 Dec 19 16:12:13 portableBS snort[28402 ]: Are You There Threshold: 200 Dec 19 16:12:13 portableBS snort[28402]: Normalize: YES Dec 19 16:12:13 portableBS snort[28402]: Detect Anomalies: NO Dec 19 16:12:13 portableBS snort[28402]: FTP CONFIG: Dec 19 16:12:13 portableBS snort[28402]: FTP Server: default Dec 19 16:12:13 portableBS snort[28402]: Ports: 21 Dec 19 16:12:13 portableBS snort[28402]: Check for Telnet Cmds: YES alert: YES Dec 19 16:12:13 portableBS snort[28402]: Identify open data channels: YES Dec 19 16:12:13 portableBS snort[28402]: FTP Client: default Dec 19 16:12:13 portableBS snort[28402]: Check for Bounce Attacks: YES alert: YES Dec 19 16:12:13 portableBS snort[28402]: Check for Telnet Cmds: YES alert: YES Dec 19 16:12:13 portableBS snort[28402]: Max Response Length: 256 Dec 19 16:12:13 portableBS snort[28402]: SMTP Config: Dec 19 16:12:13 portableBS snort[28402]: Ports: Dec 19 16:12:13 portableBS snort[28402]: 25 Dec 19 16:12:13 portableBS snort[28402]: Dec 19 16:12:13 portableBS snort[28402]: Inspection Type: STATEFUL Dec 19 16:12:13 portableBS snort[28402]: Normalize Spaces: YES Dec 19 16:12:13 portableBS snort[28402]: Ignore Data: NO Dec 19 16:12:13 portableBS snort[28402]: Ignore TLS Data: NO Dec 19 16:12:13 portableBS snort[28402]: Ignore Alerts: NO Dec 19 16:12:13 portableBS snort[28402]: Max Command Length: 0 Dec 19 16:12:13 portableBS snort[28402]: Max Header Line Length: 0 Dec 19 16:12:13 portableBS snort[28402]: Max Response Line Length: 0 Dec 19 16:12:13 portableBS snort[28402]: X-Link2State Alert: YES Dec 19 16:12:13 portableBS snort[28402]: Drop on X-Link2State Alert: NO Dec 19 16:12:13 portableBS snort[28402]: Warning: flowbits key 'dce.bind.netware_cs' is checked but not ever set. Dec 19 16:12:13 portableBS snort[28402]: Warning: flowbits key 'dce.isystemactivator.bind' is checked but not ever set. Dec 19 16:12:13 portableBS snort[28402]: Warning: flowbits key 'dce.bind.veritas' is set but not ever checked. Dec 19 16:12:13 portableBS snort[28402]: Warning: flowbits key 'realplayer.playlist' is checked but not ever set. Dec 19 16:12:13 portableBS snort[28402]: Warning: flowbits key 'ms_sql_seen_dns' is checked but not ever set. Dec 19 16:12:13 portableBS snort[28402]: 248 out of 512 flowbits in use. Dec 19 16:12:13 portableBS snort[28402]: *** *** interface device lookup found: rl0 *** Dec 19 16:12:13 portableBS snort[28402]: Initializing daemon mode Dec 19 16:12:13 portableBS snort[28403]: PID path stat checked out ok, PID path set to /var/run/ Dec 19 16:12:13 portableBS snort[28403]: Writing PID "28403" to file "/var/run//snort_rl0.pid" Dec 19 16:12:13 portableBS snort[28402]: Daemon parent exiting Dec 19 16:12:13 portableBS snort[28403]: Daemon initialized, signaled parent pid: 28402 If i lunch the command like this for example; /usr/local/bin/snort -i rl0 /usr/local/etc/snort/snort.conf i received this error message; ..... Verifying Preprocessor Configurations! Warning: flowbits key 'dce.bind.netware_cs' is checked but not ever set. Warning: flowbits key 'dce.bind.veritas' is set but not ever checked. Warning: flowbits key 'realplayer.playlist' is checked but not ever set. Warning: flowbits key 'dce.isystemactivator.bind' is checked but not ever set. Warning: flowbits key 'ms_sql_seen_dns' is checked but not ever set. 248 out of 512 flowbits in use. Initializing Network Interface rl0 ERROR: OpenPcap() FSM compilation failed: syntax error PCAP command: /usr/local/etc/snort/snort.conf Fatal Error, Quitting..In the above command line you forgot to use the -c switch with the config file so Snort was trying to compile a bpf filter with the config path. ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
+---------------------------------------------------------------------+ joel esler senior security consultant 1-706-627-2101 Sourcefire Security for the /Real/ World -- http://www.sourcefire.com Snort - Open Source Network IPS/IDS -- http://www.snort.org gpg key: http://demo.sourcefire.com/jesler.pgp.key +---------------------------------------------------------------------+ ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Rép. : Freebsd + snort (error when Snort start) FRANCIS PROVENCHER (Dec 19)
- Re: Rép. : Freebsd + snort (error when Snort start) Todd Wease (Dec 19)
- Re: R?p. : Freebsd + snort (error when Snort start) Joel Esler (Dec 19)
- Re: Rép. : Freebsd + snort (error when Snort start) Todd Wease (Dec 19)