Snort mailing list archives

Previous By Date Next
Previous By Thread Next

@empty rules files

From: anagha b <banagha3 () gmail com>
Date: Mon, 18 Nov 2013 12:59:29 +0530
Hi waldo ,

I read lot of blogs for this empty log file and tried different solutions
nothing is working.

Rules dir have 121 items and 15.2 mb size

List of rules in /snort/rules directory

total 15132

drwxr-xr-x 2 root root 4096 Nov 14 16:52 .

drwxr-xr-x 11 root root 4096 Oct 30 12:34 ..

-rw-r--r-- 1 root root 36103 Sep 26 20:27 app-detect.rules

-rw-r--r-- 1 root root 1061 May 7 2013 attack-responses.rules

-rw-r--r-- 1 root root 1037 May 7 2013 backdoor.rules

-rw-r--r-- 1 root root 1046 May 7 2013 bad-traffic.rules

-rw-r--r-- 1 root root 0 Oct 30 12:37 black_list.rules

-rw-r--r-- 1 root root 717567 Sep 26 20:27 blacklist.rules

-rw-r--r-- 1 root root 1043 May 7 2013 botnet-cnc.rules

-rw-r--r-- 1 root root 7045 Sep 26 20:27 browser-chrome.rules

-rw-r--r-- 1 root root 76227 Sep 26 20:27 browser-firefox.rules

-rw-r--r-- 1 root root 320270 Sep 26 20:27 browser-ie.rules

-rw-r--r-- 1 root root 11676 Sep 26 20:27 browser-other.rules

-rw-r--r-- 1 root root 1242764 Sep 26 20:27 browser-plugins.rules

-rw-r--r-- 1 root root 26204 Sep 26 20:27 browser-webkit.rules

-rw-r--r-- 1 root root 1025 May 7 2013 chat.rules

-rw-r--r-- 1 root root 8762 Sep 26 20:27 content-replace.rules

-rw-r--r-- 1 root root 1025 May 7 2013 ddos.rules

-rw-r--r-- 1 root root 6299609 Sep 26 20:27 deleted.rules

-rw-r--r-- 1 root root 1022 Jun 20 04:00 dns.rules

-rw-r--r-- 1 root root 1438 Sep 26 20:27 dos.rules

-rw-r--r-- 1 root root 1049 May 7 2013 experimental.rules

-rw-r--r-- 1 root root 288828 Sep 26 20:27 exploit-kit.rules

-rw-r--r-- 1 root root 1034 May 7 2013 exploit.rules

-rw-r--r-- 1 root root 22576 Sep 26 20:27 file-executable.rules

-rw-r--r-- 1 root root 134155 Sep 26 20:27 file-flash.rules

-rw-r--r-- 1 root root 400777 Sep 26 20:27 file-identify.rules

-rw-r--r-- 1 root root 75578 Sep 26 20:27 file-image.rules

-rw-r--r-- 1 root root 80499 Sep 26 20:27 file-java.rules

-rw-r--r-- 1 root root 125191 Sep 26 20:27 file-multimedia.rules

-rw-r--r-- 1 root root 356913 Sep 26 20:27 file-office.rules

-rw-r--r-- 1 root root 216984 Sep 26 20:27 file-other.rules

-rw-r--r-- 1 root root 157042 Sep 26 20:27 file-pdf.rules

-rw-r--r-- 1 root root 1031 May 7 2013 finger.rules

-rw-r--r-- 1 root root 1022 May 7 2013 ftp.rules

-rw-r--r-- 1 root root 1040 May 7 2013 icmp-info.rules

-rw-r--r-- 1 root root 1025 May 7 2013 icmp.rules

-rw-r--r-- 1 root root 1025 May 7 2013 imap.rules

-rw-r--r-- 1 root root 82126 Sep 26 20:27 indicator-compromise.rules

-rw-r--r-- 1 root root 48167 Sep 26 20:27 indicator-obfuscation.rules

-rw-r--r-- 1 root root 9245 Sep 26 20:27 indicator-scan.rules

-rw-r--r-- 1 root root 42647 Sep 26 20:27 indicator-shellcode.rules

-rw-r--r-- 1 root root 1025 May 7 2013 info.rules

-rw-r--r-- 1 root root 1283 Nov 14 16:52 local.rules

-rw-r--r-- 1 root root 1269 Nov 14 16:44 local.rules~

-rw-r--r-- 1 root root 274417 Sep 26 20:27 malware-backdoor.rules

-rw-r--r-- 1 root root 821907 Sep 26 20:27 malware-cnc.rules

-rw-r--r-- 1 root root 248963 Sep 26 20:27 malware-other.rules

-rw-r--r-- 1 root root 56691 Sep 26 20:27 malware-tools.rules

-rw-r--r-- 1 root root 1025 May 7 2013 misc.rules

-rw-r--r-- 1 root root 1043 May 7 2013 multimedia.rules

-rw-r--r-- 1 root root 163 Nov 14 12:43 myrules~

-rw-r--r-- 1 root root 164 Nov 14 16:34 myrules.rules

-rw-r--r-- 1 root root 163 Nov 14 16:02 myrules.rules~

-rw-r--r-- 1 root root 1028 May 7 2013 mysql.rules

-rw-r--r-- 1 root root 130162 Sep 26 20:27 netbios.rules

-rw-r--r-- 1 root root 1025 Jun 20 04:00 nntp.rules

-rw-r--r-- 1 root root 1031 May 7 2013 oracle.rules

-rw-r--r-- 1 root root 7640 Sep 26 20:27 os-linux.rules

-rw-r--r-- 1 root root 45643 Sep 26 20:27 os-mobile.rules

-rw-r--r-- 1 root root 4233 Sep 26 20:27 os-other.rules

-rw-r--r-- 1 root root 4635 Sep 26 20:27 os-solaris.rules

-rw-r--r-- 1 root root 303927 Sep 26 20:27 os-windows.rules

-rw-r--r-- 1 root root 1040 May 7 2013 other-ids.rules

-rw-r--r-- 1 root root 1022 May 7 2013 p2p.rules

-rw-r--r-- 1 root root 1052 May 7 2013 phishing-spam.rules

-rw-r--r-- 1 root root 3096 Sep 26 20:27 policy-multimedia.rules

-rw-r--r-- 1 root root 24856 Sep 26 20:27 policy-other.rules

-rw-r--r-- 1 root root 1031 May 7 2013 policy.rules

-rw-r--r-- 1 root root 25911 Sep 26 20:27 policy-social.rules

-rw-r--r-- 1 root root 63562 Sep 26 20:27 policy-spam.rules

-rw-r--r-- 1 root root 1025 Mtotal 15132

drwxr-xr-x 2 root root 4096 Nov 14 16:52 .

drwxr-xr-x 11 root root 4096 Oct 30 12:34 ..

-rw-r--r-- 1 root root 36103 Sep 26 20:27 app-detect.rules

-rw-r--r-- 1 root root 1061 May 7 2013 attack-responses.rules

-rw-r--r-- 1 root root 1037 May 7 2013 backdoor.rules

-rw-r--r-- 1 root root 1046 May 7 2013 bad-traffic.rules

-rw-r--r-- 1 root root 0 Oct 30 12:37 black_list.rules

-rw-r--r-- 1 root root 717567 Sep 26 20:27 blacklist.rules

-rw-r--r-- 1 root root 1043 May 7 2013 botnet-cnc.rules

-rw-r--r-- 1 root root 7045 Sep 26 20:27 browser-chrome.rules

-rw-r--r-- 1 root root 76227 Sep 26 20:27 browser-firefox.rules

-rw-r--r-- 1 root root 320270 Sep 26 20:27 browser-ie.rules

-rw-r--r-- 1 root root 11676 Sep 26 20:27 browser-other.rules

-rw-r--r-- 1 root root 1242764 Sep 26 20:27 browser-plugins.rules

-rw-r--r-- 1 root root 26204 Sep 26 20:27 browser-webkit.rules

-rw-r--r-- 1 root root 1025 May 7 2013 chat.rules

-rw-r--r-- 1 root root 8762 Sep 26 20:27 content-replace.rules

-rw-r--r-- 1 root root 1025 May 7 2013 ddos.rules

-rw-r--r-- 1 root root 6299609 Sep 26 20:27 deleted.rules

-rw-r--r-- 1 root root 1022 Jun 20 04:00 dns.rules

-rw-r--r-- 1 root root 1438 Sep 26 20:27 dos.rules

-rw-r--r-- 1 root root 1049 May 7 2013 experimental.rules

-rw-r--r-- 1 root root 288828 Sep 26 20:27 exploit-kit.rules

-rw-r--r-- 1 root root 1034 May 7 2013 exploit.rules

-rw-r--r-- 1 root root 22576 Sep 26 20:27 file-executable.rules

-rw-r--r-- 1 root root 134155 Sep 26 20:27 file-flash.rules

-rw-r--r-- 1 root root 400777 Sep 26 20:27 file-identify.rules

-rw-r--r-- 1 root root 75578 Sep 26 20:27 file-image.rules

-rw-r--r-- 1 root root 80499 Sep 26 20:27 file-java.rules

-rw-r--r-- 1 root root 125191 Sep 26 20:27 file-multimedia.rules

-rw-r--r-- 1 root root 356913 Sep 26 20:27 file-office.rules

-rw-r--r-- 1 root root 216984 Sep 26 20:27 file-other.rules

-rw-r--r-- 1 root root 157042 Sep 26 20:27 file-pdf.rules

-rw-r--r-- 1 root root 1031 May 7 2013 finger.rules

-rw-r--r-- 1 root root 1022 May 7 2013 ftp.rules

-rw-r--r-- 1 root root 1040 May 7 2013 icmp-info.rules

-rw-r--r-- 1 root root 1025 May 7 2013 icmp.rules

-rw-r--r-- 1 root root 1025 May 7 2013 imap.rules

-rw-r--r-- 1 root root 82126 Sep 26 20:27 indicator-compromise.rules

-rw-r--r-- 1 root root 48167 Sep 26 20:27 indicator-obfuscation.rules

-rw-r--r-- 1 root root 9245 Sep 26 20:27 indicator-scan.rules

-rw-r--r-- 1 root root 42647 Sep 26 20:27 indicator-shellcode.rules

-rw-r--r-- 1 root root 1025 May 7 2013 info.rules

-rw-r--r-- 1 root root 1283 Nov 14 16:52 local.rules

-rw-r--r-- 1 root root 1269 Nov 14 16:44 local.rules~

-rw-r--r-- 1 root root 274417 Sep 26 20:27 malware-backdoor.rules

-rw-r--r-- 1 root root 821907 Sep 26 20:27 malware-cnc.rules

-rw-r--r-- 1 root root 248963 Sep 26 20:27 malware-other.rules

-rw-r--r-- 1 root root 56691 Sep 26 20:27 malware-tools.rules

-rw-r--r-- 1 root root 1025 May 7 2013 misc.rules

-rw-r--r-- 1 root root 1043 May 7 2013 multimedia.rules

-rw-r--r-- 1 root root 163 Nov 14 12:43 myrules~

-rw-r--r-- 1 root root 164 Nov 14 16:34 myrules.rules

-rw-r--r-- 1 root root 163 Nov 14 16:02 myrules.rules~

-rw-r--r-- 1 root root 1028 May 7 2013 mysql.rules

-rw-r--r-- 1 root root 130162 Sep 26 20:27 netbios.rules

-rw-r--r-- 1 root root 1025 Jun 20 04:00 nntp.rules

-rw-r--r-- 1 root root 1031 May 7 2013 oracle.rules

-rw-r--r-- 1 root root 7640 Sep 26 20:27 os-linux.rules

-rw-r--r-- 1 root root 45643 Sep 26 20:27 os-mobile.rules

-rw-r--r-- 1 root root 4233 Sep 26 20:27 os-other.rules

-rw-r--r-- 1 root root 4635 Sep 26 20:27 os-solaris.rules

-rw-r--r-- 1 root root 303927 Sep 26 20:27 os-windows.rules

-rw-r--r-- 1 root root 1040 May 7 2013 other-ids.rules

-rw-r--r-- 1 root root 1022 May 7 2013 p2p.rules

-rw-r--r-- 1 root root 1052 May 7 2013 phishing-spam.rules

-rw-r--r-- 1 root root 3096 Sep 26 20:27 policy-multimedia.rules

-rw-r--r-- 1 root root 24856 Sep 26 20:27 policy-other.rules

-rw-r--r-- 1 root root 1031 May 7 2013 policy.rules

-rw-r--r-- 1 root root 25911 Sep 26 20:27 policy-social.rules

-rw-r--r-- 1 root root 63562 Sep 26 20:27 policy-spam.rules

-rw-r--r-- 1 root root 1025 May 7 2013 pop2.rules

-rw-r--r-- 1 root root 1025 May 7 2013 pop3.rules

-rw-r--r-- 1 root root 13947 Sep 26 20:27 protocol-dns.rules

-rw-r--r-- 1 root root 4514 Sep 26 20:27 protocol-finger.rules

-rw-r--r-- 1 root root 38511 Sep 26 20:27 protocol-ftp.rules

-rw-r--r-- 1 root root 30647 Sep 26 20:27 protocol-icmp.rules

-rw-r--r-- 1 root root 20971 Sep 26 20:27 protocol-imap.rules

-rw-r--r-- 1 root root 5617 Sep 26 20:27 protocol-nntp.rules

-rw-r--r-- 1 root root 9110 Sep 26 20:27 protocol-pop.rules

-rw-r--r-- 1 root root 95127 Sep 26 20:27 protocol-rpc.rules

-rw-r--r-- 1 root root 71992 Sep 26 20:27 protocol-scada.rules

-rw-r--r-- 1 root root 5179 Sep 26 20:27 protocol-services.rules

-rw-r--r-- 1 root root 7945 Sep 26 20:27 protocol-snmp.rules

-rw-r--r-- 1 root root 10500 Sep 26 20:27 protocol-telnet.rules

-rw-r--r-- 1 root root 7280 Sep 26 20:27 protocol-tftp.rules

-rw-r--r-- 1 root root 97972 Sep 26 20:27 protocol-voip.rules

-rw-r--r-- 1 root root 334624 Sep 26 20:27 pua-adware.rules

-rw-r--r-- 1 root root 10324 Sep 26 20:27 pua-other.rules

-rw-r--r-- 1 root root 8203 Sep 26 20:27 pua-p2p.rules

-rw-r--r-- 1 root root 91850 Sep 26 20:27 pua-toolbars.rules

-rw-r--r-- 1 root root 1022 Jun 20 04:00 rpc.rules

-rw-r--r-- 1 root root 1040 May 7 2013 rservices.rules

-rw-r--r-- 1 root root 1028 Jun 20 04:00 scada.rules

-rw-r--r-- 1 root root 1025 Jun 20 04:00 scan.rules

-rw-r--r-- 1 root root 34123 Sep 26 20:27 server-apache.rules

-rw-r--r-- 1 root root 73478 Sep 26 20:27 server-iis.rules

-rw-r--r-- 1 root root 61193 Sep 26 20:27 server-mail.rules

-rw-r--r-- 1 root root 28734 Sep 26 20:27 server-mssql.rules

-rw-r--r-- 1 root root 28112 Sep 26 20:27 server-mysql.rules

-rw-r--r-- 1 root root 235805 Sep 26 20:27 server-oracle.rules

-rw-r--r-- 1 root root 351306 Sep 26 20:27 server-other.rules

-rw-r--r-- 1 root root 14062 Sep 26 20:27 server-samba.rules

-rw-r--r-- 1 root root 582043 Sep 26 20:27 server-webapp.rules

-rw-r--r-- 1 root root 1040 May 7 2013 shellcode.rules

-rw-r--r-- 1 root root 1025 May 7 2013 smtp.rules

-rw-r--r-- 1 root root 1025 Jun 20 04:00 snmp.rules

-rw-r--r-- 1 root root 1061 May 7 2013 specific-threats.rules

-rw-r--r-- 1 root root 1046 May 7 2013 spyware-put.rules

-rw-r--r-- 1 root root 30933 Sep 26 20:27 sql.rules

-rw-r--r-- 1 root root 1031 Jun 20 04:00 telnet.rules

-rw-r--r-- 1 root root 1025 Jun 20 04:00 tftp.rules

-rw-r--r-- 1 root root 1028 May 7 2013 virus.rules

-rw-r--r-- 1 root root 1025 May 7 2013 voip.rules

-rw-r--r-- 1 root root 19574 Sep 26 20:24 VRT-License.txt

-rw-r--r-- 1 root root 1046 May 7 2013 web-activex.rules

-rw-r--r-- 1 root root 1046 May 7 2013 web-attacks.rules

-rw-r--r-- 1 root root 1034 May 7 2013 web-cgi.rules

-rw-r--r-- 1 root root 1043 May 7 2013 web-client.rules

-rw-r--r-- 1 root root 1055 May 7 2013 web-coldfusion.rules

-rw-r--r-- 1 root root 1052 May 7 2013 web-frontpage.rules

-rw-r--r-- 1 root root 1034 May 7 2013 web-iis.rules

-rw-r--r-- 1 root root 1037 May 7 2013 web-misc.rules

-rw-r--r-- 1 root root 1034 May 7 2013 web-php.rules

-rw-r--r-- 1 root root 0 Oct 30 12:37 white_list.rules

-rw-r--r-- 1 root root 1918 Sep 26 20:27 x11.rulesay 7 2013 pop2.rules

-rw-r--r-- 1 root root 1025 May 7 2013 pop3.rules

-rw-r--r-- 1 root root 13947 Sep 26 20:27 protocol-dns.rules

-rw-r--r-- 1 root root 4514 Sep 26 20:27 protocol-finger.rules

-rw-r--r-- 1 root root 38511 Sep 26 20:27 protocol-ftp.rules

-rw-r--r-- 1 root root 30647 Sep 26 20:27 protocol-icmp.rules

-rw-r--r-- 1 root root 20971 Sep 26 20:27 protocol-imap.rules

-rw-r--r-- 1 root root 5617 Sep 26 20:27 protocol-nntp.rules

-rw-r--r-- 1 root root 9110 Sep 26 20:27 protocol-pop.rules

-rw-r--r-- 1 root root 95127 Sep 26 20:27 protocol-rpc.rules

-rw-r--r-- 1 root root 71992 Sep 26 20:27 protocol-scada.rules

-rw-r--r-- 1 root root 5179 Sep 26 20:27 protocol-services.rules

-rw-r--r-- 1 root root 7945 Sep 26 20:27 protocol-snmp.rules

-rw-r--r-- 1 root root 10500 Sep 26 20:27 protocol-telnet.rules

-rw-r--r-- 1 root root 7280 Sep 26 20:27 protocol-tftp.rules

-rw-r--r-- 1 root root 97972 Sep 26 20:27 protocol-voip.rules

-rw-r--r-- 1 root root 334624 Sep 26 20:27 pua-adware.rules

-rw-r--r-- 1 root root 10324 Sep 26 20:27 pua-other.rules

-rw-r--r-- 1 root root 8203 Sep 26 20:27 pua-p2p.rules

-rw-r--r-- 1 root root 91850 Sep 26 20:27 pua-toolbars.rules

-rw-r--r-- 1 root root 1022 Jun 20 04:00 rpc.rules

-rw-r--r-- 1 root root 1040 May 7 2013 rservices.rules

-rw-r--r-- 1 root root 1028 Jun 20 04:00 scada.rules

-rw-r--r-- 1 root root 1025 Jun 20 04:00 scan.rules

-rw-r--r-- 1 root root 34123 Sep 26 20:27 server-apache.rules

-rw-r--r-- 1 root root 73478 Sep 26 20:27 server-iis.rules

-rw-r--r-- 1 root root 61193 Sep 26 20:27 server-mail.rules

-rw-r--r-- 1 root root 28734 Sep 26 20:27 server-mssql.rules

-rw-r--r-- 1 root root 28112 Sep 26 20:27 server-mysql.rules

-rw-r--r-- 1 root root 235805 Sep 26 20:27 server-oracle.rules

-rw-r--r-- 1 root root 351306 Sep 26 20:27 server-other.rules

-rw-r--r-- 1 root root 14062 Sep 26 20:27 server-samba.rules

-rw-r--r-- 1 root root 582043 Sep 26 20:27 server-webapp.rules

-rw-r--r-- 1 root root 1040 May 7 2013 shellcode.rules

-rw-r--r-- 1 root root 1025 May 7 2013 smtp.rules

-rw-r--r-- 1 root root 1025 Jun 20 04:00 snmp.rules

-rw-r--r-- 1 root root 1061 May 7 2013 specific-threats.rules

-rw-r--r-- 1 root root 1046 May 7 2013 spyware-put.rules

-rw-r--r-- 1 root root 30933 Sep 26 20:27 sql.rules

-rw-r--r-- 1 root root 1031 Jun 20 04:00 telnet.rules

-rw-r--r-- 1 root root 1025 Jun 20 04:00 tftp.rules

-rw-r--r-- 1 root root 1028 May 7 2013 virus.rules

-rw-r--r-- 1 root root 1025 May 7 2013 voip.rules

-rw-r--r-- 1 root root 19574 Sep 26 20:24 VRT-License.txt

-rw-r--r-- 1 root root 1046 May 7 2013 web-activex.rules

-rw-r--r-- 1 root root 1046 May 7 2013 web-attacks.rules

-rw-r--r-- 1 root root 1034 May 7 2013 web-cgi.rules

-rw-r--r-- 1 root root 1043 May 7 2013 web-client.rules

-rw-r--r-- 1 root root 1055 May 7 2013 web-coldfusion.rules

-rw-r--r-- 1 root root 1052 May 7 2013 web-frontpage.rules

-rw-r--r-- 1 root root 1034 May 7 2013 web-iis.rules

-rw-r--r-- 1 root root 1037 May 7 2013 web-misc.rules

-rw-r--r-- 1 root root 1034 May 7 2013 web-php.rules

-rw-r--r-- 1 root root 0 Oct 30 12:37 white_list.rules

-rw-r--r-- 1 root root 1918 Sep 26 20:27 x11.rules


Plz tell me what i am doing wrong as I am new user of snort. Once I
encountered the same problem but when I run snort for more time like 15--20
minutes then there is log present but now that is also not working.


I have tried portscan and icmp flood etc .

------------------------------------------------------------------------------
DreamFactory - Open Source REST & JSON Services for HTML5 & Native Apps
OAuth, Users, Roles, SQL, NoSQL, BLOB Storage and External API Access
Free app hosting. Or install the open source package on any LAMP server.
Sign up and see examples for AngularJS, jQuery, Sencha Touch and Native!
http://pubads.g.doubleclick.net/gampad/clk?id=63469471&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: