Snort mailing list archives
Still trying to build this box
From: Jim Turner <JTurner () hilltopconsultants com>
Date: Tue, 12 Mar 2013 10:03:38 -0400
I have made progress since last night. Snort is now starting and not erroring on the rules. I accomplished this by uninstalling and starting all over again. Now I am just unable to log any of the data. I have attached my snort.conf. I have pasted the results of this command line: snort -A console -i1 -c c:\snort\etc\snort.conf -l c:\snort\log -K ascii I feel like I am almost there. Please assist. og Verifying Preprocessor Configurations! ICMP tracking disabled, no ICMP sessions allocated IP tracking disabled, no IP sessions allocated WARNING: flowbits key 'file.otf' is set but not ever checked. WARNING: flowbits key 'file.xspf' is set but not ever checked. WARNING: flowbits key 'file.rjs' is set but not ever checked. WARNING: flowbits key 'file.rmf' is set but not ever checked. WARNING: flowbits key 'file.elf' is set but not ever checked. WARNING: flowbits key 'smb.query_sec_desc' is set but not ever checked. WARNING: flowbits key 'file.works' is set but not ever checked. WARNING: flowbits key 'file.manifest' is set but not ever checked. WARNING: flowbits key 'file.smi' is set but not ever checked. WARNING: flowbits key 'file.avi.video' is set but not ever checked. WARNING: flowbits key 'file.class' is set but not ever checked. WARNING: flowbits key 'file.pmd' is set but not ever checked. WARNING: flowbits key 'file.xpm' is set but not ever checked. WARNING: flowbits key 'file.mny' is checked but not ever set. WARNING: flowbits key 'file.dmg' is set but not ever checked. WARNING: flowbits key 'file.psfont' is set but not ever checked. WARNING: flowbits key 'file.cgm' is set but not ever checked. WARNING: flowbits key 'file.slk' is set but not ever checked. WARNING: flowbits key 'file.avi' is set but not ever checked. WARNING: flowbits key 'file.tiff' is set but not ever checked. WARNING: flowbits key 'file.gif' is set but not ever checked. WARNING: flowbits key 'file.chm' is set but not ever checked. WARNING: flowbits key 'file.visprj' is set but not ever checked. WARNING: flowbits key 'file.ani' is set but not ever checked. WARNING: flowbits key 'file.engtesselate' is set but not ever checked. WARNING: flowbits key 'file.realmedia' is set but not ever checked. WARNING: flowbits key 'file.tiff.little' is set but not ever checked. WARNING: flowbits key 'file.tga' is set but not ever checked. WARNING: flowbits key 'file.eps' is set but not ever checked. WARNING: flowbits key 'file.smil' is set but not ever checked. WARNING: flowbits key 'file.zip' is set but not ever checked. WARNING: flowbits key 'file.realplayer' is set but not ever checked. WARNING: flowbits key 'file.realplayer.playlist' is set but not ever checked. WARNING: flowbits key 'imagesource.redefine' is set but not ever checked. WARNING: flowbits key 'file.asx' is set but not ever checked. WARNING: flowbits key 'file.dws' is set but not ever checked. WARNING: flowbits key 'file.swf' is set but not ever checked. WARNING: flowbits key 'file.silverlight' is set but not ever checked. WARNING: flowbits key 'file.xls' is set but not ever checked. WARNING: flowbits key 'file.xul' is set but not ever checked. WARNING: flowbits key 'file.mp4' is set but not ever checked. WARNING: flowbits key 'file.vap' is set but not ever checked. WARNING: flowbits key 'file.flv' is set but not ever checked. WARNING: flowbits key 'file.wmv' is set but not ever checked. WARNING: flowbits key 'file.asf' is set but not ever checked. WARNING: flowbits key 'file.rtf' is set but not ever checked. WARNING: flowbits key 'file.m4v' is set but not ever checked. WARNING: flowbits key 'file.tiff.big' is set but not ever checked. WARNING: flowbits key 'file.mswmm' is set but not ever checked. WARNING: flowbits key 'file.pls' is set but not ever checked. WARNING: flowbits key 'file.xml' is set but not ever checked. WARNING: flowbits key 'file.oless.v3' is checked but not ever set. WARNING: flowbits key 'file.visio' is set but not ever checked. WARNING: flowbits key 'server.mdaemon' is set but not ever checked. WARNING: flowbits key 'file.4xm' is set but not ever checked. WARNING: flowbits key 'file.ses' is set but not ever checked. WARNING: flowbits key 'file.jar' is set but not ever checked. WARNING: flowbits key 'file.dir' is set but not ever checked. WARNING: flowbits key 'file.png' is set but not ever checked. WARNING: flowbits key 'file.pub' is set but not ever checked. WARNING: flowbits key 'file.fpx' is set but not ever checked. WARNING: flowbits key 'file.jpeg' is set but not ever checked. WARNING: flowbits key 'file.eot' is set but not ever checked. WARNING: flowbits key 'file.lnk' is set but not ever checked. WARNING: flowbits key 'file.pac' is set but not ever checked. WARNING: flowbits key 'file.dxf' is set but not ever checked. WARNING: flowbits key 'file.quicktime' is set but not ever checked. WARNING: flowbits key 'file.tar' is set but not ever checked. WARNING: flowbits key 'file.csd' is set but not ever checked. WARNING: flowbits key 'file.wav' is set but not ever checked. WARNING: flowbits key 'file.m3u' is set but not ever checked. WARNING: flowbits key 'file.cdr' is set but not ever checked. WARNING: flowbits key 'file.pdf' is set but not ever checked. WARNING: flowbits key 'file.pct' is set but not ever checked. WARNING: flowbits key 'file.xbm' is set but not ever checked. WARNING: flowbits key 'file.universalbinary' is set but not ever checked. WARNING: flowbits key 'file.torrent' is set but not ever checked. WARNING: flowbits key 'file.mp3' is set but not ever checked. WARNING: flowbits key 'file.qcp' is set but not ever checked. WARNING: flowbits key 'file.jnlp' is set but not ever checked. WARNING: flowbits key 'file.hpj' is set but not ever checked. WARNING: flowbits key 'smb.trans2.fileinfo' is set but not ever checked. WARNING: flowbits key 'file.wmf' is set but not ever checked. WARNING: flowbits key 'file.doc' is set but not ever checked. 93 out of 1024 flowbits in use. [ Port Based Pattern Matching Memory ] +- [ Aho-Corasick Summary ] ------------------------------------- | Storage Format : Full-Q | Finite Automaton : DFA | Alphabet Size : 256 Chars | Sizeof State : Variable (1,2,4 bytes) | Instances : 48 | 1 byte states : 43 | 2 byte states : 5 | 4 byte states : 0 | Characters : 8890 | States : 6460 | Transitions : 148770 | State Density : 9.0% | Patterns : 876 | Match States : 806 | Memory (MB) : 3.19 | Patterns : 0.06 | Match Lists : 0.07 | DFA | 1 byte states : 0.20 | 2 byte states : 2.81 | 4 byte states : 0.00 +---------------------------------------------------------------- [ Number of patterns truncated to 20 bytes: 30 ] pcap DAQ configured to passive. The DAQ version does not support reload. Acquiring network traffic from "\Device\NPF_{4809A428-8B29-48E8-AE8C-844A398DF0C C}". Decoding Ethernet --== Initialization Complete ==-- ,,_ -*> Snort! <*- o" )~ Version 2.9.4.1-WIN32 GRE (Build 69) '''' By Martin Roesch & The Snort Team: http://www.snort.org/snort/snort-t eam Copyright (C) 1998-2013 Sourcefire, Inc., et al. Using PCRE version: 8.10 2010-06-25 Using ZLIB version: 1.2.3 Rules Engine: SF_SNORT_DETECTION_ENGINE Version 1.17 <Build 18> Preprocessor Object: SF_SSLPP Version 1.1 <Build 4> Preprocessor Object: SF_SSH Version 1.1 <Build 3> Preprocessor Object: SF_SMTP Version 1.1 <Build 9> Preprocessor Object: SF_SIP Version 1.1 <Build 1> Preprocessor Object: SF_SDF Version 1.1 <Build 1> Preprocessor Object: SF_REPUTATION Version 1.1 <Build 1> Preprocessor Object: SF_POP Version 1.0 <Build 1> Preprocessor Object: SF_MODBUS Version 1.1 <Build 1> Preprocessor Object: SF_IMAP Version 1.0 <Build 1> Preprocessor Object: SF_GTP Version 1.1 <Build 1> Preprocessor Object: SF_FTPTELNET Version 1.2 <Build 13> Preprocessor Object: SF_DNS Version 1.1 <Build 4> Preprocessor Object: SF_DNP3 Version 1.1 <Build 1> Preprocessor Object: SF_DCERPC2 Version 1.0 <Build 3> Commencing packet processing (pid=364) *** Caught Int-Signal =============================================================================== Run time for packet processing was 90.6000 seconds Snort processed 422 packets. Snort ran for 0 days 0 hours 1 minutes 30 seconds Pkts/min: 422 Pkts/sec: 4 =============================================================================== Packet I/O Totals: Received: 431 Analyzed: 422 ( 97.912%) Dropped: 0 ( 0.000%) Filtered: 0 ( 0.000%) Outstanding: 9 ( 2.088%) Injected: 0 =============================================================================== Breakdown by protocol (includes rebuilt packets): Eth: 422 (100.000%) VLAN: 0 ( 0.000%) IP4: 149 ( 35.308%) Frag: 0 ( 0.000%) ICMP: 8 ( 1.896%) UDP: 141 ( 33.412%) TCP: 0 ( 0.000%) IP6: 53 ( 12.559%) IP6 Ext: 53 ( 12.559%) IP6 Opts: 0 ( 0.000%) Frag6: 0 ( 0.000%) ICMP6: 0 ( 0.000%) UDP6: 53 ( 12.559%) TCP6: 0 ( 0.000%) Teredo: 0 ( 0.000%) ICMP-IP: 0 ( 0.000%) EAPOL: 0 ( 0.000%) IP4/IP4: 0 ( 0.000%) IP4/IP6: 0 ( 0.000%) IP6/IP4: 0 ( 0.000%) IP6/IP6: 0 ( 0.000%) GRE: 0 ( 0.000%) GRE Eth: 0 ( 0.000%) GRE VLAN: 0 ( 0.000%) GRE IP4: 0 ( 0.000%) GRE IP6: 0 ( 0.000%) GRE IP6 Ext: 0 ( 0.000%) GRE PPTP: 0 ( 0.000%) GRE ARP: 0 ( 0.000%) GRE IPX: 0 ( 0.000%) GRE Loop: 0 ( 0.000%) MPLS: 0 ( 0.000%) ARP: 175 ( 41.469%) IPX: 0 ( 0.000%) Eth Loop: 0 ( 0.000%) Eth Disc: 0 ( 0.000%) IP4 Disc: 0 ( 0.000%) IP6 Disc: 0 ( 0.000%) TCP Disc: 0 ( 0.000%) UDP Disc: 0 ( 0.000%) ICMP Disc: 0 ( 0.000%) All Discard: 0 ( 0.000%) Other: 45 ( 10.664%) Bad Chk Sum: 4 ( 0.948%) Bad TTL: 0 ( 0.000%) S5 G 1: 0 ( 0.000%) S5 G 2: 0 ( 0.000%) Total: 422 =============================================================================== Action Stats: Alerts: 0 ( 0.000%) Logged: 0 ( 0.000%) Passed: 0 ( 0.000%) Limits: Match: 0 Queue: 0 Log: 0 Event: 0 Alert: 0 Verdicts: Allow: 422 ( 97.912%) Block: 0 ( 0.000%) Replace: 0 ( 0.000%) Whitelist: 0 ( 0.000%) Blacklist: 0 ( 0.000%) Ignore: 0 ( 0.000%) =============================================================================== Frag3 statistics: Total Fragments: 0 Frags Reassembled: 0 Discards: 0 Memory Faults: 0 Timeouts: 0 Overlaps: 0 Anomalies: 0 Alerts: 0 Drops: 0 FragTrackers Added: 0 FragTrackers Dumped: 0 FragTrackers Auto Freed: 0 Frag Nodes Inserted: 0 Frag Nodes Deleted: 0 =============================================================================== Stream5 statistics: Total sessions: 32 TCP sessions: 0 UDP sessions: 32 ICMP sessions: 0 IP sessions: 0 TCP Prunes: 0 UDP Prunes: 0 ICMP Prunes: 0 IP Prunes: 0 TCP StreamTrackers Created: 0 TCP StreamTrackers Deleted: 0 TCP Timeouts: 0 TCP Overlaps: 0 TCP Segments Queued: 0 TCP Segments Released: 0 TCP Rebuilt Packets: 0 TCP Segments Used: 0 TCP Discards: 0 TCP Gaps: 0 UDP Sessions Created: 32 UDP Sessions Deleted: 32 UDP Timeouts: 0 UDP Discards: 0 Events: 0 Internal Events: 0 TCP Port Filter Dropped: 0 Inspected: 0 Tracked: 0 UDP Port Filter Dropped: 0 Inspected: 81 Tracked: 32 =============================================================================== =============================================================================== SMTP Preprocessor Statistics Total sessions : 0 Max concurrent sessions : 0 =============================================================================== dcerpc2 Preprocessor Statistics Total sessions: 0 =============================================================================== =============================================================================== SIP Preprocessor Statistics Total sessions: 0 =============================================================================== Reputation Preprocessor Statistics Total Memory Allocated: 0 =============================================================================== Snort exiting C:\Snort\bin>
Attachment:
snort.conf
Description: snort.conf
------------------------------------------------------------------------------ Symantec Endpoint Protection 12 positioned as A LEADER in The Forrester Wave(TM): Endpoint Security, Q1 2013 and "remains a good choice" in the endpoint security space. For insight on selecting the right partner to tackle endpoint security challenges, access the full report. http://p.sf.net/sfu/symantec-dev2dev
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Still trying to build this box Jim Turner (Mar 12)
- Re: Still trying to build this box James Lay (Mar 12)
- Re: Still trying to build this box Jim Turner (Mar 12)
- Re: Still trying to build this box waldo kitty (Mar 12)
- Re: Still trying to build this box Jim Turner (Mar 12)
- Re: Still trying to build this box waldo kitty (Mar 12)
- Re: Still trying to build this box Jim Turner (Mar 12)
- Re: Still trying to build this box Jim Turner (Mar 12)
- Re: Still trying to build this box James Lay (Mar 12)