Snort mailing list archives
Re: Warning: flowbits key '*****' is checked but not ever set
From: sog1024 <sog1024 () corpnet eu>
Date: Mon, 26 Oct 2009 14:04:30 +0100
Thanks for your answers, How can i get those rules which sets the flowbits? Do i need to update the vrt subscription rules? Is it not strange that you can enable rules that never ever are checked? is there a relation whith a another message on my screen? "DynamicPlugin: Rule [3:13308] not enabled in configuration, rule will not be used." ps, indeed i`m using 2.8.5 ;) regards, Sog On Mon, Oct 26, 2009 at 11:55 AM, Todd Wease <twease () sourcefire com> wrote:
This just means you have a rule or rules that has flowbits:isset without a rule or rules that has flowbits:set. Essentially, the rules with flowbits:isset in this case will never fire because there is not a rule that sets the flowbit. You need the corresponding rule that sets the flowbit. On 10/26/2009 05:49 AM, sog1024 wrote:Hi, After searching the Internet, i`m not able to resolve an issue on my snort sensor deployment. I can`t image that i`m the only one whiff this issue. Ik have compiled snort 1.8.5 on my centos 5.3 platform and latest subscription ruleset. During the compilation fase i have used the "./configure --enable-dynamicplugin --enable-reload --enable-perfprofiling" parameters and coped the so rules to the location in the snort.conf file. When i start snort, i get "Warning: flowbits key '*****'is checked but not ever set." messages . What does did mean? What need i to do, so snort will check this? Best regards Sog ------------------------------------------------------------------------------ Come build with us! The BlackBerry(R) Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9 - 12, 2009. Register now! http://p.sf.net/sfu/devconference _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- Met vriendelijke groet, Pascal van Maanen p.vmaanen () corpnet eu
------------------------------------------------------------------------------ Come build with us! The BlackBerry(R) Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9 - 12, 2009. Register now! http://p.sf.net/sfu/devconference
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Warning: flowbits key '*****' is checked but not ever set sog1024 (Oct 26)
- Re: Warning: flowbits key '*****' is checked but not ever set Todd Wease (Oct 26)
- Re: Warning: flowbits key '*****' is checked but not ever set sog1024 (Oct 26)
- Re: Warning: flowbits key '*****' is checked but not ever set Todd Wease (Oct 26)