Snort mailing list archives
Re: Unknown POP3 Command
From: Josh Bitto <jbitto () onlineschool ca>
Date: Wed, 5 Jun 2013 10:54:58 -0700
James, This is what I have for output plugins. ################################################### # Step #6: Configure output plugins # For more information, see Snort Manual, Configuring Snort - Output Modules ################################################### # unified2 # Recommended for most installs # output unified2: filename merged.log, limit 128, nostamp, mpls_event_types, vlan_event_types They are commented out, but I would have to do some research on manually editing the conf. Since snort is integrated into pfsense configuring and editing the config file is done differently than if you had a dedicated linux box. Josh -----Original Message----- From: James Lay [mailto:jlay () slave-tothe-box net] Sent: Wednesday, June 05, 2013 10:46 AM To: snort-users () lists sourceforge net Subject: Re: [Snort-users] Unknown POP3 Command On 2013-06-05 09:28, Josh Bitto wrote:
The only problem with doing a pcap is we use pfsense (open source firewall) and it has snort built into it. There is a way to do a pcap for the offending IP's, but doing it continuously isn't going to happen. I'm already having memory issues with the amount of sensors we have and each one using high amount of memory.
Josh, What do your output plugins show in your snort.conf? James ------------------------------------------------------------------------------ How ServiceNow helps IT people transform IT departments: 1. A cloud service to automate IT design, transition and operations 2. Dashboards that offer high-level views of enterprise services 3. A single system of record for all IT processes http://p.sf.net/sfu/servicenow-d2d-j _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news! ------------------------------------------------------------------------------ How ServiceNow helps IT people transform IT departments: 1. A cloud service to automate IT design, transition and operations 2. Dashboards that offer high-level views of enterprise services 3. A single system of record for all IT processes http://p.sf.net/sfu/servicenow-d2d-j _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Unknown POP3 Command Josh Bitto (Jun 04)
- Re: Unknown POP3 Command James Lay (Jun 05)
- Re: Unknown POP3 Command Josh Bitto (Jun 05)
- Re: Unknown POP3 Command James Lay (Jun 05)
- Re: Unknown POP3 Command Josh Bitto (Jun 05)
- Re: Unknown POP3 Command James Lay (Jun 05)
- Re: Unknown POP3 Command waldo kitty (Jun 05)
- Re: Unknown POP3 Command Josh Bitto (Jun 05)
- Re: Unknown POP3 Command waldo kitty (Jun 05)
- Re: Unknown POP3 Command Josh Bitto (Jun 06)
- Re: Unknown POP3 Command beenph (Jun 06)
- Re: Unknown POP3 Command Josh Bitto (Jun 05)
- Re: Unknown POP3 Command James Lay (Jun 05)
- Re: Unknown POP3 Command Justin Knox (Jun 06)
- Re: Unknown POP3 Command waldo kitty (Jun 05)