Snort mailing list archives
preprocessor file_inspect does not capture file
From: Lương Minh Tuấn <not.soledad () gmail com>
Date: Wed, 2 Dec 2015 13:45:41 +0700
Hi everybody,
I had problem when using file_inspect to capture file send over
FTP. Please help me resolv. Here's my Snort info:
- Server OS:
$cat /etc/redhat-release
CentOS Linux release 7.1.1503 (Core)
- Snort version: 2.9.7.6, build options: --enable-file-inspect
--enable-open-appid --enable-sourcefire
- configuration file:
exactly from snortrules-snapshot-2976.tar.gz, add file_inspect
config as discuss in README.file:
include file_magic.conf
preprocessor file_inspect: signature, \
capture_queue_size 5000, \
capture_disk /home/file_capture/tmp/
Snort does not detect or process any file, here's my exit stat:
File Preprocessor Statistics
Total file type callbacks: 0
Total file signature callbacks: 0
Total files would saved to disk: 0
Total files saved to disk: 0
Total file data saved to disk: 0 bytes
Total files duplicated: 0
Total files reserving failed: 0
Total file capture min: 0
Total file capture max: 0
Total file capture memcap: 0
Total files reading failed: 0
Total file agent memcap failures: 0
Total files sent: 0
Total file data sent: 0
Total file transfer failures: 0
===============================================================================
Files processed: none
I tried to build snort v2.9.7.0, 2.9.6.2 and latest 2.9.8.0 but no
luck. Please help me!
Thanks and best regards!
--
Lương Minh Tuấn
Email: not.soledad () gmail com
Skype: minhtuan208
------------------------------------------------------------------------------
Go from Idea to Many App Stores Faster with Intel(R) XDK
Give your users amazing mobile app experiences with Intel(R) XDK.
Use one codebase in this all-in-one HTML5 development environment.
Design, debug & build mobile apps & 2D/3D high-impact games for multiple OSs.
http://pubads.g.doubleclick.net/gampad/clk?id=254741911&iu=/4140
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- preprocessor file_inspect does not capture file Lương Minh Tuấn (Dec 01)
- Re: preprocessor file_inspect does not capture file Y M (Dec 01)
- Re: preprocessor file_inspect does not capture file Lương Minh Tuấn (Dec 02)
- Re: preprocessor file_inspect does not capture file Y M (Dec 02)
- Re: preprocessor file_inspect does not capture file Lương Minh Tuấn (Dec 02)
- Re: preprocessor file_inspect does not capture file Y M (Dec 02)
- Re: preprocessor file_inspect does not capture file Lương Minh Tuấn (Dec 02)
- Re: preprocessor file_inspect does not capture file Y M (Dec 02)
- Re: preprocessor file_inspect does not capture file Lương Minh Tuấn (Dec 02)
- preprocessor file_inspect: file capture from FTP traffic differs from original Lương Minh Tuấn (Dec 10)
- Re: preprocessor file_inspect: file capture from FTP traffic differs from original Hui cao (Dec 11)
- Re: preprocessor file_inspect does not capture file Lương Minh Tuấn (Dec 02)
- Re: preprocessor file_inspect does not capture file Y M (Dec 01)