Snort mailing list archives
Re: Barnyard2 configure/compile problems and startup error: "Snort not compiled to use mysql" message followup - 1st time barnyard user
From: waldo kitty <wkitty42 () windstream net>
Date: Tue, 07 May 2013 12:49:07 -0400
On 5/7/2013 09:34, Lars wrote:
While it appears we have snort doing unified logging now as long as we use the –k in the snort startup command I am not sure what the reason is for that or if we may still have something wrong in one of these files we could do better with?
from the (2.9.4) manual (pdf) [quote] _1.5_Packet_Acquisition_ Snort 2.9 introduces the DAQ, or Data Acquisition library, for packet I/O. The DAQ replaces direct calls to PCAP functions with an abstraction layer that facilitates operation on a variety of hardware and software interfaces without requiring changes to Snort. It is possible to select the DAQ type and mode when invoking Snort to perform PCAP readback or inline operation, etc. *! NOTE* Some network cards have features named ”Large Receive Offload” (lro) and ”Generic Receieve Offload” (gro). With these features enabled, the network card performs packet reassembly before they’re processed by the kernel. By default, Snort will truncate packets larger than the default snaplen of 1518 bytes. In addition, LRO and GRO may cause issues with Stream5 target-based reassembly. We recommend that you turn off LRO and GRO. On linux systems, you can run: $ ethtool -K eth1 gro off $ ethtool -K eth1 lro off [/quote] i found the above by searching the manual for '-k' (without the single quote marks) and these two instances are the only ones that turned up... granted, this is for an older version of snort (2.9.4.0) but their use is still the same... searching for 'offload' also results in the same being found... we generally see '-k' mentioned when snort is not outputting anything and there is traffic known to be flowing... telling snort to compensate for the offload then enables it to perform its tasks... -- NOTE: No off-list assistance is given without prior approval. Please keep mailing list traffic on the list unless private contact is specifically requested and granted. ------------------------------------------------------------------------------ Learn Graph Databases - Download FREE O'Reilly Book "Graph Databases" is the definitive new guide to graph databases and their applications. This 200-page book is written by three acclaimed leaders in the field. The early access version is available now. Download your free book today! http://p.sf.net/sfu/neotech_d2d_may _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Barnyard2 configure/compile problems and startup error: "Snort not compiled to use mysql" message followup - 1st time barnyard user Lars (Apr 29)
- Re: Barnyard2 configure/compile problems and startup error: "Snort not compiled to use mysql" message followup - 1st time barnyard user Y M (Apr 29)
- Re: Barnyard2 configure/compile problems and startup error: "Snort not compiled to use mysql" message followup - 1st time barnyard user Y M (Apr 29)
- Re: Barnyard2 configure/compile problems and startup error: "Snort not compiled to use mysql" message followup - 1st time barnyard user Lars (May 07)
- Re: Barnyard2 configure/compile problems and startup error: "Snort not compiled to use mysql" message followup - 1st time barnyard user waldo kitty (May 07)
- Re: Barnyard2 configure/compile problems and startup error: "Snort not compiled to use mysql" message followup - 1st time barnyard user Y M (Apr 29)
- Re: Barnyard2 configure/compile problems and startup error: "Snort not compiled to use mysql" message followup - 1st time barnyard user Y M (Apr 29)
- <Possible follow-ups>
- Re: Barnyard2 configure/compile problems and startup error: "Snort not compiled to use mysql" message followup - 1st time barnyard user Kurt Jensen (Apr 30)
- Re: Barnyard2 configure/compile problems and startup error: "Snort not compiled to use mysql" message followup - 1st time barnyard user Lars (May 02)
- Re: Barnyard2 configure/compile problems and startup error: "Snort not compiled to use mysql" message followup - 1st time barnyard user beenph (May 02)
- Re: Barnyard2 configure/compile problems and startup error: "Snort not compiled to use mysql" message followup - 1st time barnyard user Lars (May 02)
- Re: Barnyard2 configure/compile problems and startup error: "Snort not compiled to use mysql" message followup - 1st time barnyard user Lars (May 02)
- Re: Barnyard2 configure/compile problems and startup error: "Snort not compiled to use mysql" message followup - 1st time barnyard user beenph (May 02)
- Re: Barnyard2 configure/compile problems and startup error: "Snort not compiled to use mysql" message followup - 1st time barnyard user Lars (May 02)
- Re: Barnyard2 configure/compile problems and startup error: "Snort not compiled to use mysql" message followup - 1st time barnyard user Kurt J (May 02)
- Re: Barnyard2 configure/compile problems and startup error: "Snort not compiled to use mysql" message followup - 1st time barnyard user Kurt J (May 02)
- Re: Barnyard2 configure/compile problems and startup error: "Snort not compiled to use mysql" message followup - 1st time barnyard user Lars (May 03)
- Re: Barnyard2 configure/compile problems and startup error: "Snort not compiled to use mysql" message followup - 1st time barnyard user beenph (May 02)