Snort mailing list archives
Re: (no subject)
From: Joel Esler <jesler () sourcefire com>
Date: Tue, 1 Mar 2011 08:17:35 -0500
On Mar 1, 2011, at 4:28 AM, sasa susmanto wrote:
I have try to run snort configurations using options below : snort -i3 -s -l c:\snort\log -c c:\snort\etc\snort.conf -T in the following screen i see information like this : Warning: 'ignore_any_rules' option for Stream5 UDP disabled because of UDP rule with flow or flowbits option ICMP tracking disabled, no ICMP sessions allocated
These two are just warnings, saying that you have ignore_any_rules turned on in stream5, but you have UDP rules with "flow" tracking on. Not a big deal, Snort resolves that by itself. The second being that you don't have ICMP tracking turned on in stream5. Check out the README.stream5 for more information. The Readme can be found in the /doc directory of the Snort tarball.
warning: flowbits key 'http.pub' is checked but not ever set
This means that there are two (or more (in this case there are 10 rules that deal with http.pub)) rules that track the http.pub flowbit. It looks like you have rules on that check to see if the flowbit is on, but you don't have the rule that sets the http.pub flowbit on. (sid:13473 btw in the web-misc.rules file) for further information on flowbits, check out the README.flowbits in the above referenced directory. -- Joel Esler jesler () sourcefire.com http://blog.snort.org && http://blog.clamav.net ------------------------------------------------------------------------------ Free Software Download: Index, Search & Analyze Logs and other IT data in Real-Time with Splunk. Collect, index and harness all the fast moving IT data generated by your applications, servers and devices whether physical, virtual or in the cloud. Deliver compliance at lower cost and gain new business insights. http://p.sf.net/sfu/splunk-dev2dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- (no subject) sasa susmanto (Mar 01)
- Re: (no subject) Joel Esler (Mar 01)
- Re: (no subject) Alan Ptak (Mar 02)
- Re: (no subject) waldo kitty (Mar 02)
- Re: (no subject) Jason Wallace (Mar 03)
- Re: (no subject) Jefferson, Shawn (Mar 03)
- Re: (no subject) JJC (Mar 03)
- Re: (no subject) Jefferson, Shawn (Mar 03)
- Re: (no subject) Dave Venman (Mar 03)
- Re: (no subject) Joel Esler (Mar 04)
- Re: (no subject) Alan Ptak (Mar 02)
- Re: (no subject) Joel Esler (Mar 01)
- <Possible follow-ups>
- (no subject) sasa susmanto (Mar 02)