Snort mailing list archives
Re: Snort works fine with community rules. After importing the complete set using oinkmaster, it fails to generate alerts
From: Shirkdog <shirkdog () gmail com>
Date: Mon, 29 Aug 2016 16:46:26 -0400
There is an enhancement request for this support in pulledpork. On Aug 29, 2016 4:40 PM, "Y M" <snort () outlook com> wrote:
Does Oinkmaster handle rules policy? Obviously I am not familiar with Oinkmaster but it seems that there are no rules policies (security, balanced, connectivity) applied and rules are not being enabled. YM Sent from Mobile On Mon, Aug 29, 2016 at 11:04 PM +0300, "Roy Turner" <royturner () uymail comwrote:Basically I configured my Snort and it works fine with the community-rules. Alerts arrive perfectly when doing a NMAP scan and other tests. The problem is that after installing the registered version of the rules using oinkmaster, I do not receive any alert. I did add the rules with their path in the snort.conf file. Status appears to be fine: ● snort.service - LSB: snort Loaded: loaded (/etc/init.d/snort) Active: active (running) since Mon 2016-08-29 15:34:37 EDT; 2min 41s ago Process: 6846 ExecStop=/etc/init.d/snort stop (code=exited, status=0/SUCCESS) Process: 6893 ExecStart=/etc/init.d/snort start (code=exited, status=0/SUCCESS) CGroup: /system.slice/snort.service └─6913 snort -i eth1 -c /etc/snort/snort.conf -s -D Aug 29 15:34:37 IDS snort[6913]: Preprocessor Object: SF_SDF Version 1.1 <Build 1> Aug 29 15:34:37 IDS snort[6913]: Preprocessor Object: SF_DNP3 Version 1.1 <Build 1> Aug 29 15:34:37 IDS snort[6913]: Preprocessor Object: SF_SIP Version 1.1 <Build 1> Aug 29 15:34:37 IDS snort[6913]: Preprocessor Object: SF_POP Version 1.0 <Build 1> Aug 29 15:34:37 IDS snort[6913]: Preprocessor Object: SF_SSLPP Version 1.1 <Build 4> Aug 29 15:34:37 IDS snort[6913]: Preprocessor Object: SF_REPUTATION Version 1.1 <Build 1> Aug 29 15:34:37 IDS snort[6913]: Preprocessor Object: SF_SMTP Version 1.1 <Build 9> Aug 29 15:34:37 IDS snort[6913]: Preprocessor Object: SF_GTP Version 1.1 <Build 1> Aug 29 15:34:37 IDS snort[6913]: Preprocessor Object: SF_IMAP Version 1.0 <Build 1> Aug 29 15:34:37 IDS snort[6913]: Commencing packet processing (pid=6913) I haven't modified anything, except adding the rules using oinkmaster. If I rollback, it works fine with community-rules. Anyone has any ideas? Sorry for being so unspecific, but I'm a bit lost here. ------------------------------------------------------------ ------------------ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Snort works fine with community rules. After importing the complete set using oinkmaster, it fails to generate alerts Roy Turner (Aug 29)
- Re: Snort works fine with community rules. After importing the complete set using oinkmaster, it fails to generate alerts Joel Esler (jesler) (Aug 29)
- Re: Snort works fine with community rules. After importing the complete set using oinkmaster, it fails to generate alerts Y M (Aug 29)
- Re: Snort works fine with community rules. After importing the complete set using oinkmaster, it fails to generate alerts Shirkdog (Aug 29)
- Re: Snort works fine with community rules. After importing the complete set using oinkmaster, it fails to generate alerts Joel Esler (jesler) (Aug 29)