Snort mailing list archives
Re: What to do?
From: "Ellad G. Yatsko" <eyatsko () ngs ru>
Date: Fri, 22 Nov 2013 16:41:19 +0400
I can only to say the version of my latest experiment: ~# snort --version ,,_ -*> Snort! <*- o" )~ Version 2.9.5.6 GRE (Build 208)'''' By Martin Roesch & The Snort Team: http://www.snort.org/snort/snort-team
Copyright (C) 1998-2013 Sourcefire, Inc., et al.
Using libpcap version 1.1.1
Using PCRE version: 8.12 2011-01-15
Using ZLIB version: 1.2.3.4
~#
Kind regards,
Ellad
On Nov 21, 2013, at 6:56 AM, Ellad G. Yatsko <eyatsko () ngs ru> wrote:Hello James! Thank you for reply. I forgot to mention that I compiled Snort (along with daq and libdnet) latest version from www.snort.org. But with the same effect. It was in "previous Ubuntu Server's life". Also from scratch. Recipe I've found in "assets" on snort.org. But... I wanted to ask you, do you run Snort in inline mode? :-) I begin to think that the matter is in Snort, system or IPTables configurations. That I need to set up something else, besides Snort. Kind regards, ElladOn Nov 21, 2013, at 2:27 AM, Ellad G. Yatsko <eyatsko () ngs ru> wrote:Hello! We have Ubuntu Server 12.04.1 LTS with snort 2.9.2 - both installed from scratch. Snort 2.9.2 distribution is native for this Ubuntu Release. ~# snort --daq-list Available DAQ modules: pcap(v3): readback live multi unpriv ipfw(v2): live inline multi unpriv dump(v1): readback live inline multi unpriv afpacket(v4): live inline multi unpriv ~#[redacted]Please, help... :-) Kind regards, Ellad YatskoI run the same OS, and while Ubuntu is great for keeping some things up to date, at the speed at which Snort is updated, you're only real option is to go from source. 2.9.2 is ancient...I'd install 2.9.5.5 so you can get the full ruleset. Keep in mind it's not going to be pretty as you'll most likely have to rip out the current Snort. JamesWhat does: snort ---version show you? James ------------------------------------------------------------------------------ Shape the Mobile Experience: Free Subscription Software experts and developers: Be at the forefront of tech innovation. Intel(R) Software Adrenaline delivers strategic insight and game-changing conversations that shape the rapidly evolving mobile landscape. Sign up now. http://pubads.g.doubleclick.net/gampad/clk?id=63431311&iu=/4140/ostg.clktrk _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Shape the Mobile Experience: Free Subscription Software experts and developers: Be at the forefront of tech innovation. Intel(R) Software Adrenaline delivers strategic insight and game-changing conversations that shape the rapidly evolving mobile landscape. Sign up now. http://pubads.g.doubleclick.net/gampad/clk?id=63431311&iu=/4140/ostg.clktrk
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- What to do? Ellad G. Yatsko (Nov 21)
- Re: What to do? James Lay (Nov 21)
- Re: What to do? Ellad G. Yatsko (Nov 21)
- Re: What to do? James Lay (Nov 22)
- Re: What to do? Ellad G. Yatsko (Nov 22)
- Re: What to do? Ellad G. Yatsko (Nov 21)
- Re: What to do? James Lay (Nov 21)
- Re: What to do? Ellad G. Yatsko (Nov 21)
- Re: What to do? Ellad G. Yatsko (Nov 22)
- Is it a bug? Ellad G. Yatsko (Nov 24)
- Re: Is it a bug? Russ Combs (Dec 02)
- Re: What to do? Ellad G. Yatsko (Nov 22)