Snort mailing list archives
Re: MySQL support for Snort 2.9.4
From: Joel Esler <jesler () sourcefire com>
Date: Tue, 11 Dec 2012 16:54:30 -0500
On Dec 11, 2012, at 4:47 PM, Kaya Saman <kayasaman () gmail com> wrote:
It would help if you'd post the errors you received.Sorry about that! Unknown MSG (105:1) Unknown MSG (105:2) Unknown MSG (105:3) Unknown MSG (105:4) Unknown MSG (106:1) Unknown MSG (106:2) Unknown MSG (106:3) Unknown MSG (106:4) Unknown MSG (106:5) Unknown MSG (112:1) Unknown MSG (112:2) Unknown MSG (112:3) Unknown MSG (112:4) Unknown MSG (119:1) Unknown MSG (119:10) Unknown MSG (119:11) Unknown MSG (119:12) Unknown MSG (119:13) Unknown MSG (119:14) Unknown MSG (119:15) Unknown MSG (119:16) Unknown MSG (119:17) Unknown MSG (119:18) Unknown MSG (119:19) Unknown MSG (119:2) Unknown MSG (119:20) Unknown MSG (119:21) Unknown MSG (119:22) Unknown MSG (119:23) Unknown MSG (119:24) Unknown MSG (119:25) Unknown MSG (119:26) Unknown MSG (119:27) Unknown MSG (119:28) Unknown MSG (119:29) Unknown MSG (119:3) Unknown MSG (119:30) Unknown MSG (119:31) Unknown MSG (119:32) Unknown MSG (119:4) Unknown MSG (119:6) Unknown MSG (119:7) Unknown MSG (119:8) Unknown MSG (119:9) Unknown MSG (120:1) Unknown MSG (120:10) Unknown MSG (120:11) Unknown MSG (120:2) Unknown MSG (120:3) Unknown MSG (120:4) Unknown MSG (120:5) Unknown MSG (120:6) Unknown MSG (120:7) Unknown MSG (120:8) Unknown MSG (120:9) Unknown MSG (122:1) Unknown MSG (122:10) Unknown MSG (122:11) Unknown MSG (122:12) Unknown MSG (122:13) Unknown MSG (122:14) Unknown MSG (122:15) Unknown MSG (122:16) Unknown MSG (122:17) Unknown MSG (122:18) Unknown MSG (122:19) Unknown MSG (122:2) Unknown MSG (122:20) Unknown MSG (122:21) Unknown MSG (122:22) Unknown MSG (122:23) Unknown MSG (122:24) Unknown MSG (122:25) Unknown MSG (122:26) Unknown MSG (122:27) Unknown MSG (122:3) Unknown MSG (122:4) Unknown MSG (122:5) Unknown MSG (122:6) Unknown MSG (122:7) Unknown MSG (122:8) Unknown MSG (122:9) Unknown MSG (123:1) Unknown MSG (123:10) Unknown MSG (123:11) Unknown MSG (123:12) Unknown MSG (123:13) Unknown MSG (123:2) Unknown MSG (123:3) Unknown MSG (123:4) Unknown MSG (123:5) Unknown MSG (123:6) Unknown MSG (123:7) Unknown MSG (123:8) Unknown MSG (123:9) Unknown MSG (124:1) Unknown MSG (124:10) Unknown MSG (124:11) Unknown MSG (124:12) Unknown MSG (124:13) Unknown MSG (124:2) Unknown MSG (124:3) Unknown MSG (124:4) Unknown MSG (124:5) Unknown MSG (124:6) Unknown MSG (124:7) Unknown MSG (124:8) Unknown MSG (125:1) Unknown MSG (125:2) Unknown MSG (125:3) Unknown MSG (125:4) Unknown MSG (125:5) Unknown MSG (125:6) Unknown MSG (125:7) Unknown MSG (125:8) Unknown MSG (125:9) Unknown MSG (126:1) Unknown MSG (126:2) Unknown MSG (126:3) Unknown MSG (128:1) Unknown MSG (128:2) Unknown MSG (128:3) Unknown MSG (128:4) Unknown MSG (128:5) Unknown MSG (128:6) Unknown MSG (128:7) Unknown MSG (129:1) Unknown MSG (129:10) Unknown MSG (129:11) Unknown MSG (129:12) Unknown MSG (129:13) Unknown MSG (129:14) Unknown MSG (129:15) Unknown MSG (129:16) Unknown MSG (129:17) Unknown MSG (129:18) Unknown MSG (129:19) Unknown MSG (129:2) Unknown MSG (129:3) Unknown MSG (129:4) Unknown MSG (129:5) Unknown MSG (129:6) Unknown MSG (129:7) Unknown MSG (129:8) Unknown MSG (129:9) Unknown MSG (131:1) Unknown MSG (131:2) Unknown MSG (131:3) Unknown MSG (133:1) Unknown MSG (133:10) Unknown MSG (133:11) Unknown MSG (133:12) Unknown MSG (133:13) Unknown MSG (133:14) Unknown MSG (133:15) Unknown MSG (133:16) Unknown MSG (133:17) Unknown MSG (133:18) Unknown MSG (133:19) Unknown MSG (133:2) Unknown MSG (133:20) Unknown MSG (133:21) Unknown MSG (133:22) Unknown MSG (133:23) Unknown MSG (133:24) Unknown MSG (133:25) Unknown MSG (133:26) Unknown MSG (133:27) Unknown MSG (133:28) Unknown MSG (133:29) Unknown MSG (133:3) Unknown MSG (133:30) Unknown MSG (133:31) Unknown MSG (133:32) Unknown MSG (133:33) Unknown MSG (133:34) Unknown MSG (133:35) Unknown MSG (133:36) Unknown MSG (133:37) Unknown MSG (133:38) Unknown MSG (133:39) Unknown MSG (133:4) Unknown MSG (133:40) Unknown MSG (133:41) Unknown MSG (133:42) Unknown MSG (133:43) Unknown MSG (133:48) Unknown MSG (133:49) Unknown MSG (133:5) Unknown MSG (133:50) Unknown MSG (133:51) Unknown MSG (133:52) Unknown MSG (133:53) Unknown MSG (133:54) Unknown MSG (133:55) Unknown MSG (133:56) Unknown MSG (133:6) Unknown MSG (133:7) Unknown MSG (133:8) Unknown MSG (133:9) Unknown MSG (134:1) Unknown MSG (134:2) Unknown MSG (135:1) Unknown MSG (135:2) Unknown MSG (135:3) Unknown MSG (136:1) Unknown MSG (136:2) Unknown MSG (137:1) Unknown MSG (137:2) Unknown MSG (139:1) Unknown MSG (140:1) Unknown MSG (140:10) Unknown MSG (140:11) Unknown MSG (140:12) Unknown MSG (140:13) Unknown MSG (140:14) Unknown MSG (140:15) Unknown MSG (140:16) Unknown MSG (140:17) Unknown MSG (140:18) Unknown MSG (140:19) Unknown MSG (140:2) Unknown MSG (140:20) Unknown MSG (140:21) Unknown MSG (140:22) Unknown MSG (140:23) Unknown MSG (140:24) Unknown MSG (140:25) Unknown MSG (140:26) Unknown MSG (140:27) Unknown MSG (140:3) Unknown MSG (140:4) Unknown MSG (140:5) Unknown MSG (140:6) Unknown MSG (140:7) Unknown MSG (140:8) Unknown MSG (140:9) Unknown MSG (141:1) Unknown MSG (141:2) Unknown MSG (141:3) Unknown MSG (141:4) Unknown MSG (141:5) Unknown MSG (141:6) Unknown MSG (141:7) Unknown MSG (142:1) Unknown MSG (142:2) Unknown MSG (142:3) Unknown MSG (142:4) Unknown MSG (142:5) Unknown MSG (142:6) Unknown MSG (142:7) Unknown MSG (143:1) Unknown MSG (143:2) Unknown MSG (143:3) Unknown MSG (144:1) Unknown MSG (144:2) Unknown MSG (144:3) Unknown MSG (145:1) Unknown MSG (145:2) Unknown MSG (145:3) Unknown MSG (145:4) Unknown MSG (145:5) Unknown MSG (145:6) Unknown MSG (2:1)
That looks like your sig-msg.map is incorrect or something. Not sure where you are getting that output from.
Using the -k none option as suggested previously I don't get any more 'Bad chck sum' errors but I still don't get anything logged either?Well if you are evaluating all the traffic, then you might not have anything for Snort to trigger off of. But let's keep checking to be sure.Basically Snort should just listen to all traffic and report for anything hinky - running in IDS mode. I'm wondering if I should pull the Emerging Threats rules in again and use those as they worked before?
Doesn't sound like that was the problem. Looks like you have a larger problem. Traffic not being received or analyzed correctly. You said that all you were getting was icmp alerts, and that doesn't sound right (unless that's all you have) -- Joel Esler Senior Research Engineer, VRT OpenSource Community Manager Sourcefire
------------------------------------------------------------------------------ LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial Remotely access PCs and mobile devices and provide instant support Improve your efficiency, and focus on delivering more value-add services Discover what IT Professionals Know. Rescue delivers http://p.sf.net/sfu/logmein_12329d2d
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Re: MySQL support for Snort 2.9.4, (continued)
- Re: MySQL support for Snort 2.9.4 Jeremy Hoel (Dec 11)
- Re: MySQL support for Snort 2.9.4 Kaya Saman (Dec 11)
- Re: MySQL support for Snort 2.9.4 Kaya Saman (Dec 11)
- Re: MySQL support for Snort 2.9.4 Joel Esler (Dec 11)
- Re: MySQL support for Snort 2.9.4 JJC (Dec 11)
- Re: MySQL support for Snort 2.9.4 Kaya Saman (Dec 11)
- Re: MySQL support for Snort 2.9.4 Joel Esler (Dec 11)
- Re: MySQL support for Snort 2.9.4 Kaya Saman (Dec 11)
- Re: MySQL support for Snort 2.9.4 Joel Esler (Dec 11)
- Re: MySQL support for Snort 2.9.4 Kaya Saman (Dec 11)
- Re: MySQL support for Snort 2.9.4 Joel Esler (Dec 11)
- Re: MySQL support for Snort 2.9.4 Kaya Saman (Dec 11)
- Re: MySQL support for Snort 2.9.4 waldo kitty (Dec 12)
- Re: MySQL support for Snort 2.9.4 Russ Combs (Dec 12)
- Re: MySQL support for Snort 2.9.4 waldo kitty (Dec 12)
- Re: MySQL support for Snort 2.9.4 Kaya Saman (Dec 12)
- Re: MySQL support for Snort 2.9.4 Kaya Saman (Dec 11)
- Re: MySQL support for Snort 2.9.4 Kaya Saman (Dec 11)
- Re: MySQL support for Snort 2.9.4 Jeremy Hoel (Dec 11)
- Re: MySQL support for Snort 2.9.4 Kaya Saman (Dec 11)
- Re: MySQL support for Snort 2.9.4 Joel Esler (Dec 11)