Snort mailing list archives
Re: Reputation Preprocessor
From: Hui Cao <hcao () sourcefire com>
Date: Mon, 12 Dec 2011 15:05:19 -0500
Hi Shlomi, If you want to enable/log events, you need to enable the reputation preprocessor alerts. The following line might help you: alert ( msg: "REPUTATION_EVENT_BLACKLIST"; sid: 1; gid: 136; rev: 1; ) alert ( msg: "REPUTATION_EVENT_WHITELIST"; sid: 2; gid: 136; rev: 1; ) See README.reputation for how to use reputation preprocessor. Best, Hui. On Wed, Dec 7, 2011 at 6:29 PM, Joel Esler <jesler () sourcefire com> wrote:
In its present release (updates will be coming!) it's most used for inline mode. Blacklist blocks ips, whitelist doesn't inspect the traffic at all and allows it to pass. -- Joel Esler On Dec 7, 2011, at 5:56 PM, Shlomi Musseri <musseri10 () gmail com> wrote:Hi Guys, We work with snort in port mirroring mode. We have a lot of packet drop because we using a lot of IP blacklist rules. In the new version of snort 2.9.2.1 we try to use the Reputation Preprocessor that will help us to runs IP Reputation before other preprocessors. The preprocessor doesn't write any logs. Why we don't see any output from the Reputation Preprocessor?? Can it run port mirroring mode ?? Thanks, Shlomi ------------------------------------------------------------------------------ Cloud Services Checklist: Pricing and Packaging Optimization This white paper is intended to serve as a reference, checklist and point of discussion for anyone considering optimizing the pricing and packaging model of a cloud services business. Read Now! http://www.accelacomm.com/jaw/sfnl/114/51491232/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!------------------------------------------------------------------------------ Cloud Services Checklist: Pricing and Packaging Optimization This white paper is intended to serve as a reference, checklist and point of discussion for anyone considering optimizing the pricing and packaging model of a cloud services business. Read Now! http://www.accelacomm.com/jaw/sfnl/114/51491232/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Learn Windows Azure Live! Tuesday, Dec 13, 2011 Microsoft is holding a special Learn Windows Azure training event for developers. It will provide a great way to learn Windows Azure and what it provides. You can attend the event by watching it streamed LIVE online. Learn more at http://p.sf.net/sfu/ms-windowsazure _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Reputation Preprocessor Shlomi Musseri (Dec 05)
- Reputation Preprocessor Shlomi Musseri (Dec 07)
- Re: Reputation Preprocessor Joel Esler (Dec 07)
- Re: Reputation Preprocessor Hui Cao (Dec 12)
- Re: Reputation Preprocessor Joel Esler (Dec 07)
- Reputation Preprocessor Shlomi Musseri (Dec 07)