Snort mailing list archives
Upgrade from 2.5.8.1 to 2.8.6 and no alerts!
From: "Chambers, Richard A. (LARC-B703)[RAYTHEON TECHNICAL SERVICES COMPANY]" <richard.a.chambers () nasa gov>
Date: Tue, 27 Apr 2010 12:29:40 -0500
Guys, Currently running version 2.8.5.1 with no issues. Got the source code today for 2.8.6 - configed/compiled as before but seem to be having issues. It launches with no errors but doesn't generate any alerts: Apr 27 13:14:18 feign snort[14491]: Packet Wire Totals: Apr 27 13:14:18 feign snort[14491]: Received: 5887624 Apr 27 13:14:18 feign snort[14491]: Analyzed: 5825494 (98.945%) Apr 27 13:14:18 feign snort[14491]: Dropped: 62115 (1.055%) Apr 27 13:14:18 feign snort[14491]: Outstanding: 15 (0.000%) Apr 27 13:14:18 feign snort[14491]: =============================================================================== Apr 27 13:14:18 feign snort[14491]: Breakdown by protocol (includes rebuilt packets): Apr 27 13:14:18 feign snort[14491]: ETH: 5825642 (100.000%) Apr 27 13:14:18 feign snort[14491]: ETHdisc: 0 (0.000%) Apr 27 13:14:18 feign snort[14491]: VLAN: 0 (0.000%) Apr 27 13:14:18 feign snort[14491]: IPV6: 0 (0.000%) Apr 27 13:14:18 feign snort[14491]: IP6 EXT: 0 (0.000%) Apr 27 13:14:18 feign snort[14491]: IP6opts: 0 (0.000%) Apr 27 13:14:18 feign snort[14491]: IP6disc: 0 (0.000%) Apr 27 13:14:18 feign snort[14491]: IP4: 5825642 (100.000%) Apr 27 13:14:18 feign snort[14491]: IP4disc: 0 (0.000%) Apr 27 13:14:18 feign snort[14491]: TCP 6: 0 (0.000%) Apr 27 13:14:18 feign snort[14491]: UDP 6: 0 (0.000%) Apr 27 13:14:18 feign snort[14491]: ICMP6: 0 (0.000%) Apr 27 13:14:18 feign snort[14491]: ICMP-IP: 0 (0.000%) Apr 27 13:14:18 feign snort[14491]: TCP: 5715187 (98.104%) Apr 27 13:14:18 feign snort[14491]: UDP: 97763 (1.678%) Apr 27 13:14:18 feign snort[14491]: ICMP: 3409 (0.059%) Apr 27 13:14:18 feign snort[14491]: TCPdisc: 0 (0.000%) Apr 27 13:14:18 feign snort[14491]: UDPdisc: 0 (0.000%) Apr 27 13:14:18 feign snort[14491]: ICMPdis: 0 (0.000%) Apr 27 13:14:18 feign snort[14491]: FRAG: 296 (0.005%) Apr 27 13:14:18 feign snort[14491]: FRAG 6: 0 (0.000%) Apr 27 13:14:18 feign snort[14491]: ARP: 0 (0.000%) Apr 27 13:14:18 feign snort[14491]: EAPOL: 0 (0.000%) Apr 27 13:14:18 feign snort[14491]: ETHLOOP: 0 (0.000%) Apr 27 13:14:18 feign snort[14491]: IPX: 0 (0.000%) Apr 27 13:14:18 feign snort[14491]: OTHER: 8999 (0.154%) Apr 27 13:14:18 feign snort[14491]: DISCARD: 0 (0.000%) Apr 27 13:14:18 feign snort[14491]: InvChkSum: 5715187 (98.104%) Apr 27 13:14:18 feign snort[14491]: S5 G 1: 0 (0.000%) Apr 27 13:14:18 feign snort[14491]: S5 G 2: 0 (0.000%) Apr 27 13:14:18 feign snort[14491]: Total: 5825642 Apr 27 13:14:18 feign snort[14491]: =============================================================================== Apr 27 13:14:18 feign snort[14491]: Action Stats: Apr 27 13:14:18 feign snort[14491]: ALERTS: 0 Apr 27 13:14:18 feign snort[14491]: LOGGED: 0 Apr 27 13:14:18 feign snort[14491]: PASSED: 5262 Apr 27 13:14:18 feign snort[14491]: =============================================================================== Apr 27 13:14:18 feign snort[14491]: Frag3 statistics: Apr 27 13:14:18 feign snort[14491]: Total Fragments: 296 Apr 27 13:14:18 feign snort[14491]: Frags Reassembled: 148 Apr 27 13:14:18 feign snort[14491]: Discards: 0 Apr 27 13:14:18 feign snort[14491]: Memory Faults: 0 Apr 27 13:14:18 feign snort[14491]: Timeouts: 0 Apr 27 13:14:18 feign snort[14491]: Overlaps: 0 Apr 27 13:14:18 feign snort[14491]: Anomalies: 0 Apr 27 13:14:18 feign snort[14491]: Alerts: 0 Apr 27 13:14:18 feign snort[14491]: Drops: 0 Apr 27 13:14:18 feign snort[14491]: FragTrackers Added: 148 Apr 27 13:14:18 feign snort[14491]: FragTrackers Dumped: 148 Apr 27 13:14:18 feign snort[14491]: FragTrackers Auto Freed: 0 Any thoughts? Thanks Richard A. Chambers IT Security Raytheon, ConITS Richard.A.Chambers () nasa gov 757-864-5080 ---- IT Security itsecurity () larc nasa gov 757-864-4200 ------------------------------------------------------------------------------ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Upgrade from 2.5.8.1 to 2.8.6 and no alerts! Chambers, Richard A. (LARC-B703)[RAYTHEON TECHNICAL SERVICES COMPANY] (Apr 27)
- Re: Upgrade from 2.5.8.1 to 2.8.6 and no alerts! Joel Esler (Apr 27)
- Re: Upgrade from 2.5.8.1 to 2.8.6 and no alerts! Chambers, Richard A. (LARC-B703)[RAYTHEON TECHNICAL SERVICES COMPANY] (Apr 27)
- Re: Upgrade from 2.5.8.1 to 2.8.6 and no alerts! Ryan Jordan (Apr 27)
- Re: Upgrade from 2.5.8.1 to 2.8.6 and no alerts! rmkml (Apr 27)
- Re: Upgrade from 2.5.8.1 to 2.8.6 and no alerts! Joel Esler (Apr 27)