Re: Couple of questions.

[Jeremy Hoel <jthoel () gmail com>]

You need to post to the snort lists please, not directly to me as there are
others that might help you and faster.

This could be an issue with snort version vs rule version downloaded?  I've
never seen that error.  It would probably also help to have more of the
error from the logs.


On Mon, Jun 9, 2014 at 7:18 PM, Allan <yummycheese () cogeco ca> wrote:

>  Actually...
>
> I just updated snort via pulledpork and got this error.
>
> FATAL ERROR: Failed to load /usr/local/lib/snort_dynamicrules/misc.so:
> /usr/local/lib/snort_dynamicrules/misc.so: unsupported file layout
>
> A quick search of google doesn't show me anything with a file layout error.
>
> ----- Original Message -----
> *From:* Jeremy Hoel <jthoel () gmail com>
> *To:* Allan <yummycheese () cogeco ca>
> *Sent:* Monday, June 09, 2014 7:08 PM
> *Subject:* Re: [Snort-users] Couple of questions.
>
> No problem.. if you have any other questions.. just ask the list. And
> enjoy all the new visibility.
>
>
> On Mon, Jun 9, 2014 at 7:01 PM, Allan <yummycheese () cogeco ca> wrote:
>
> >  Hi Jeremy,
> >
> > Yea I kind of figured that. I just wasn't 100% sure.
> >
> > I have added a bunch of rules to my threshold file and will continue to
> > do so till the alerts aren't so crazy.
> >
> > Thank you.
> >
> > ----- Original Message -----
> > *From:* Jeremy Hoel <jthoel () gmail com>
> > *To:* Allan <yummycheese () cogeco ca>
> > *Cc:* snort-users () lists sourceforge net
> > *Sent:* Monday, June 09, 2014 6:26 PM
> > *Subject:* Re: [Snort-users] Couple of questions.
> >
> > A nessus scan may or may not trigger alerts depending on the plugins you
> > used to scan, the services you have listening and any firewalls or iptables
> > rules that might be in place.  Which interface you have snort listening on
> > is a matter of preference and what you are hoping to see/alert on.  If it's
> > your gateway doing NAT and you monitor the wan interface, you won't get the
> > client IP's that might be sending out bad things, or the client ip's that
> > bad things talk too.  If you watch just the inside and it's secure then it
> > might be boring.
> >
> > In either case, you will have to do rule filtering, adjusting and white
> > listing/thresholds of things you don't want to see, alerts you don't care
> > about or machines that are false positives.  Snort is not just a turn it on
> > and go thing.  The fact that you see alerts means it's working, now it's up
> > to you to figure out what type of alerts you want to see and from where.
------------------------------------------------------------------------------
HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions
Find What Matters Most in Your Big Data with HPCC Systems
Open Source. Fast. Scalable. Simple. Ideal for Dirty Data.
Leverages Graph Analysis for Fast Processing & Easy Data Exploration
http://p.sf.net/sfu/hpccsystems

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!