Snort mailing list archives
Re: Snort-users Digest, Vol 19, Issue 6
From: Divyanshu Banerjee via Snort-users <snort-users () lists snort org>
Date: Wed, 12 Dec 2018 14:48:40 +0530
i am installing snort 3 in laptop in ubuntu but some of the packages and files are giving error any other documents supporting snort 3 in laptop specification of laptop 8 Gb ram, core i3 On Tue, Dec 11, 2018 at 10:33 PM <snort-users-request () lists snort org> wrote:
Send Snort-users mailing list submissions to snort-users () lists snort org To subscribe or unsubscribe via the World Wide Web, visit https://lists.snort.org/mailman/listinfo/snort-users or, via email, send a message with subject or body 'help' to snort-users-request () lists snort org You can reach the person managing the list at snort-users-owner () lists snort org When replying, please edit your Subject line so it is more specific than "Re: Contents of Snort-users digest..." When responding, please don't respond with the entire Digest. Please trim your response. Today's Topics: 1. Re: Using snort statistics to measure False Positives (Joel Esler (jesler)) 2. Re: can't run snort via systemd (Ryan Bohn) 3. Remove me from this list (Nathan LaForce) 4. Remove me from this list (Sistemas) 5. Re: Remove me from this list (Michael Brown) 6. Re: can't run snort via systemd (Ryan Bohn) 7. Re: can't run snort via systemd (John Byrne) 8. Re: can't run snort via systemd (Ryan Bohn) ---------- Forwarded message ---------- From: "Joel Esler (jesler)" <jesler () cisco com> To: Tasneem Singh <tasneemsingh95 () gmail com> Cc: "snort-users () lists snort org" <snort-users () lists snort org> Bcc: Date: Mon, 10 Dec 2018 17:35:18 +0000 Subject: Re: [Snort-users] Using snort statistics to measure False Positives No. Only an analyst looking at packets can determine false positive.On Dec 9, 2018, at 3:26 PM, Tasneem Singh via Snort-users <snort-users () lists snort org> wrote:Hi, I was wondering if we can use the snort statistics to measure the falsepositive rate? What I mean is, can we use the parameters allow, block, no. of events, total packets etc. to calculate FPs? Would that be a correct representation of the actual number?I am working on a project that aims at generating rules automatically insnort to reduce FPs.Thank You. Best, Tasneem _______________________________________________ Snort-users mailing list Snort-users () lists snort org Go to this URL to change user options or unsubscribe: https://lists.snort.org/mailman/listinfo/snort-users To unsubscribe, send an email to: snort-users-leave () lists snort org Please visit http://blog.snort.org to stay current on all the latestSnort news!Please follow these rules:https://snort.org/faq/what-is-the-mailing-list-etiquette ---------- Forwarded message ---------- From: Ryan Bohn <ryan.bohn () cord bc ca> To: "snort-users () lists snort org" <snort-users () lists snort org> Cc: Bcc: Date: Mon, 10 Dec 2018 17:51:23 +0000 Subject: Re: [Snort-users] can't run snort via systemd Am I the only one? Any one else ever get the “FATAL ERROR: Can't start DAQ (-1) - can't mmap rx ring: Permission denied!” error or similar? *From:* Snort-users <snort-users-bounces () lists snort org> *On Behalf Of *Ryan Bohn via Snort-users *Sent:* December 7, 2018 3:25 PM *To:* snort-users () lists snort org *Subject:* [Snort-users] can't run snort via systemd Hey all, Been running snort 2.9.12 with daq 2.0.6 for months with no issues on Centos 7.5. It has been using the default snortd bash script under /etc/init.d, which systemd was legacy redirecting to start it via its method. Upgraded to Centos 7.6 and now it won’t start at all under systemd. Other then upgrading the OS, I haven’t changed anything. Dec 7 15:15:46 klo-sensor snort[17635]: Running in IDS mode Dec 7 15:15:46 klo-sensor snort[17635]: ode Dec 7 15:15:46 klo-sensor snort[17635]: --== Initializing Snort ==-- Dec 7 15:15:46 klo-sensor snort[17635]: Initializing Output Plugins! Dec 7 15:15:46 klo-sensor snort[17635]: Initializing Preprocessors! Dec 7 15:15:46 klo-sensor snort[17635]: Initializing Plug-ins! Dec 7 15:15:46 klo-sensor snort[17635]: Parsing Rules file "/etc/snort/snort.conf" Dec 7 15:15:47 klo-sensor snort[17635]: Tagged Packet Limit: 256 Dec 7 15:15:47 klo-sensor snort[17635]: Log directory = /var/log/snort/ens161 <SNIP> Dec 7 15:15:47 klo-sensor snort[17635]: Rule application order: pass->drop->sdrop->reject->alert->log Dec 7 15:15:47 klo-sensor snort[17635]: Verifying Preprocessor Configurations! Dec 7 15:15:47 klo-sensor snort[17635]: tions! Dec 7 15:15:47 klo-sensor snort[17635]: [ Port Based Pattern Matching Memory ] Dec 7 15:15:47 klo-sensor snort[17635]: pcap DAQ configured to passive. Dec 7 15:15:47 klo-sensor snort[17635]: Acquiring network traffic from "ens161". Dec 7 15:15:47 klo-sensor snort[17635]: Initializing daemon mode Dec 7 15:15:47 klo-sensor snort[17635]: Daemon initialized, signaled parent pid: 1 Dec 7 15:15:47 klo-sensor snort[17635]: Reload thread starting... Dec 7 15:15:47 klo-sensor snort[17635]: Reload thread started, thread 0x7f8927358700 (17641) Dec 7 15:15:47 klo-sensor snort[17635]: FATAL ERROR: Can't start DAQ (-1) - can't mmap rx ring: Permission denied! When I run the snort binary directly with all the options, or move the snortd bash script out of /etc/init.d, it works, but if snort is started by systemd in anyway (legacy redirect on init.d or even if I write my own snort.service unit file for systemd) it always fails with that error. Obviously, in some way systemd is doing something different and it doesn’t have the permission to access the daq/pcap stuff. Anyone seen this? Thanks, Ryan. ---------- Forwarded message ---------- From: Nathan LaForce <laforce127 () gmail com> To: Snort-users () lists snort org Cc: Bcc: Date: Mon, 10 Dec 2018 14:47:28 -0800 Subject: [Snort-users] Remove me from this list ---------- Forwarded message ---------- From: Sistemas <sistemas () compunettulum com> To: <snort-users-leave () lists snort org>, <Snort-users () lists snort org> Cc: Bcc: Date: Mon, 10 Dec 2018 17:56:40 -0500 Subject: [Snort-users] Remove me from this list ---------- Forwarded message ---------- From: Michael Brown <mike.a.brown09 () gmail com> To: laforce127 () gmail com Cc: Snort-users () lists snort org Bcc: Date: Mon, 10 Dec 2018 18:04:32 -0500 Subject: Re: [Snort-users] Remove me from this list YOu can remoe yourself form the unsubscribe button at the bottom. *Michael A. Brown* mikeabrown.tanyard () gmail com | M.S. Forensic Studies: Computer Forensics | B.S. Information Technology: Network Specialist "The only thing necessary for the triumph of evil is for good men to do nothing" -Edmund Burke *Confidentiality Notice : *This electronic message is solely for the intended recipient, and may not be viewed by any other person. Access by anyone else is unauthorized and may be unlawful, except with the express consent of either the sender or the intended recipient. If you are not the intended recipient, you are hereby notified that you may not read this E-Mail or any attachment, and any disclosure, copying distributing, using, printing or taking any action in reliance on the contents of this E-Mail is strictly prohibited. The contents of this E-Mail and/or its attachments may be legally confidential and/or privileged; no unintended disclosure is intended to waive any right of privilege or confidentiality, all of which rights are reserved to the fullest extent possible. On Mon, Dec 10, 2018 at 6:02 PM Nathan LaForce via Snort-users < snort-users () lists snort org> wrote:_______________________________________________ Snort-users mailing list Snort-users () lists snort org Go to this URL to change user options or unsubscribe: https://lists.snort.org/mailman/listinfo/snort-users To unsubscribe, send an email to: snort-users-leave () lists snort org Please visit http://blog.snort.org to stay current on all the latest Snort news! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette---------- Forwarded message ---------- From: Ryan Bohn <ryan.bohn () cord bc ca> To: "snort-users () lists snort org" <snort-users () lists snort org> Cc: Bcc: Date: Mon, 10 Dec 2018 23:27:29 +0000 Subject: Re: [Snort-users] can't run snort via systemd I’ve tracked it down to this: When I set selinux to permissive, all works as it should. It seems RHEL 7.6 made a change to selinux and mmap calls, as noted in this 7.6 release note. selinux-policy now checks file permissions when mmap() is used This release introduces a new permission check on the mmap() system call. The purpose of a separate map permission check on mmap() is to permit policy to prohibit memory mapping of specific files for which you need to ensure that every access is revalidated. This is useful for scenarios where you expect the files to be relabeled at run-time to reflect state changes, for example, in a cross-domain solution or an assured pipeline without data copying. This functionality is enabled by default. Also, a new SELinux boolean, domain_can_mmap_files, has been added. If domain_can_mmap_files is enabled, every domain can use mmap() in every file, a character device or a block device. If domain_can_mmap_files is disabled, the list of domains that can use mmap() is limited. (BZ#1460322) It seems anyone who runs snort on RHEL 7.6/CentOS 7.6 will run into this issue. Now to write a rule/whatever for selinux to allow snort while in enforcing mode… never had to do this before… *From:* Snort-users <snort-users-bounces () lists snort org> *On Behalf Of *Ryan Bohn via Snort-users *Sent:* December 10, 2018 9:51 AM *To:* snort-users () lists snort org *Subject:* Re: [Snort-users] can't run snort via systemd Am I the only one? Any one else ever get the “FATAL ERROR: Can't start DAQ (-1) - can't mmap rx ring: Permission denied!” error or similar? *From:* Snort-users <snort-users-bounces () lists snort org> *On Behalf Of *Ryan Bohn via Snort-users *Sent:* December 7, 2018 3:25 PM *To:* snort-users () lists snort org *Subject:* [Snort-users] can't run snort via systemd Hey all, Been running snort 2.9.12 with daq 2.0.6 for months with no issues on Centos 7.5. It has been using the default snortd bash script under /etc/init.d, which systemd was legacy redirecting to start it via its method. Upgraded to Centos 7.6 and now it won’t start at all under systemd. Other then upgrading the OS, I haven’t changed anything. Dec 7 15:15:46 klo-sensor snort[17635]: Running in IDS mode Dec 7 15:15:46 klo-sensor snort[17635]: ode Dec 7 15:15:46 klo-sensor snort[17635]: --== Initializing Snort ==-- Dec 7 15:15:46 klo-sensor snort[17635]: Initializing Output Plugins! Dec 7 15:15:46 klo-sensor snort[17635]: Initializing Preprocessors! Dec 7 15:15:46 klo-sensor snort[17635]: Initializing Plug-ins! Dec 7 15:15:46 klo-sensor snort[17635]: Parsing Rules file "/etc/snort/snort.conf" Dec 7 15:15:47 klo-sensor snort[17635]: Tagged Packet Limit: 256 Dec 7 15:15:47 klo-sensor snort[17635]: Log directory = /var/log/snort/ens161 <SNIP> Dec 7 15:15:47 klo-sensor snort[17635]: Rule application order: pass->drop->sdrop->reject->alert->log Dec 7 15:15:47 klo-sensor snort[17635]: Verifying Preprocessor Configurations! Dec 7 15:15:47 klo-sensor snort[17635]: tions! Dec 7 15:15:47 klo-sensor snort[17635]: [ Port Based Pattern Matching Memory ] Dec 7 15:15:47 klo-sensor snort[17635]: pcap DAQ configured to passive. Dec 7 15:15:47 klo-sensor snort[17635]: Acquiring network traffic from "ens161". Dec 7 15:15:47 klo-sensor snort[17635]: Initializing daemon mode Dec 7 15:15:47 klo-sensor snort[17635]: Daemon initialized, signaled parent pid: 1 Dec 7 15:15:47 klo-sensor snort[17635]: Reload thread starting... Dec 7 15:15:47 klo-sensor snort[17635]: Reload thread started, thread 0x7f8927358700 (17641) Dec 7 15:15:47 klo-sensor snort[17635]: FATAL ERROR: Can't start DAQ (-1) - can't mmap rx ring: Permission denied! When I run the snort binary directly with all the options, or move the snortd bash script out of /etc/init.d, it works, but if snort is started by systemd in anyway (legacy redirect on init.d or even if I write my own snort.service unit file for systemd) it always fails with that error. Obviously, in some way systemd is doing something different and it doesn’t have the permission to access the daq/pcap stuff. Anyone seen this? Thanks, Ryan. ---------- Forwarded message ---------- From: John Byrne <jbyrnescu () gmail com> To: Ryan Bohn <ryan.bohn () cord bc ca> Cc: "snort-users () lists snort org" <snort-users () lists snort org> Bcc: Date: Mon, 10 Dec 2018 16:22:11 -0800 Subject: Re: [Snort-users] can't run snort via systemd What did you do to figure that one out? An strace or something? (You don’t have to give away all of your admin secrets… but I am curious so I have to ask) Curiously, John Byrne On Dec 10, 2018, at 3:27 PM, Ryan Bohn via Snort-users < snort-users () lists snort org> wrote: I’ve tracked it down to this: When I set selinux to permissive, all works as it should. It seems RHEL 7.6 made a change to selinux and mmap calls, as noted in this 7.6 release note. selinux-policy now checks file permissions when mmap() is used This release introduces a new permission check on the mmap() system call. The purpose of a separate map permission check on mmap() is to permit policy to prohibit memory mapping of specific files for which you need to ensure that every access is revalidated. This is useful for scenarios where you expect the files to be relabeled at run-time to reflect state changes, for example, in a cross-domain solution or an assured pipeline without data copying. This functionality is enabled by default. Also, a new SELinux boolean, domain_can_mmap_files, has been added. If domain_can_mmap_files is enabled, every domain can use mmap() in every file, a character device or a block device. If domain_can_mmap_files is disabled, the list of domains that can use mmap() is limited. (BZ#1460322) It seems anyone who runs snort on RHEL 7.6/CentOS 7.6 will run into this issue. Now to write a rule/whatever for selinux to allow snort while in enforcing mode… never had to do this before… *From:* Snort-users <snort-users-bounces () lists snort org> *On Behalf Of *Ryan Bohn via Snort-users *Sent:* December 10, 2018 9:51 AM *To:* snort-users () lists snort org *Subject:* Re: [Snort-users] can't run snort via systemd Am I the only one? Any one else ever get the “FATAL ERROR: Can't start DAQ (-1) - can't mmap rx ring: Permission denied!” error or similar? *From:* Snort-users <snort-users-bounces () lists snort org> *On Behalf Of *Ryan Bohn via Snort-users *Sent:* December 7, 2018 3:25 PM *To:* snort-users () lists snort org *Subject:* [Snort-users] can't run snort via systemd Hey all, Been running snort 2.9.12 with daq 2.0.6 for months with no issues on Centos 7.5. It has been using the default snortd bash script under /etc/init.d, which systemd was legacy redirecting to start it via its method. Upgraded to Centos 7.6 and now it won’t start at all under systemd. Other then upgrading the OS, I haven’t changed anything. Dec 7 15:15:46 klo-sensor snort[17635]: Running in IDS mode Dec 7 15:15:46 klo-sensor snort[17635]: ode Dec 7 15:15:46 klo-sensor snort[17635]: --== Initializing Snort ==-- Dec 7 15:15:46 klo-sensor snort[17635]: Initializing Output Plugins! Dec 7 15:15:46 klo-sensor snort[17635]: Initializing Preprocessors! Dec 7 15:15:46 klo-sensor snort[17635]: Initializing Plug-ins! Dec 7 15:15:46 klo-sensor snort[17635]: Parsing Rules file "/etc/snort/snort.conf" Dec 7 15:15:47 klo-sensor snort[17635]: Tagged Packet Limit: 256 Dec 7 15:15:47 klo-sensor snort[17635]: Log directory = /var/log/snort/ens161 <SNIP> Dec 7 15:15:47 klo-sensor snort[17635]: Rule application order: pass->drop->sdrop->reject->alert->log Dec 7 15:15:47 klo-sensor snort[17635]: Verifying Preprocessor Configurations! Dec 7 15:15:47 klo-sensor snort[17635]: tions! Dec 7 15:15:47 klo-sensor snort[17635]: [ Port Based Pattern Matching Memory ] Dec 7 15:15:47 klo-sensor snort[17635]: pcap DAQ configured to passive. Dec 7 15:15:47 klo-sensor snort[17635]: Acquiring network traffic from "ens161". Dec 7 15:15:47 klo-sensor snort[17635]: Initializing daemon mode Dec 7 15:15:47 klo-sensor snort[17635]: Daemon initialized, signaled parent pid: 1 Dec 7 15:15:47 klo-sensor snort[17635]: Reload thread starting... Dec 7 15:15:47 klo-sensor snort[17635]: Reload thread started, thread 0x7f8927358700 (17641) Dec 7 15:15:47 klo-sensor snort[17635]: FATAL ERROR: Can't start DAQ (-1) - can't mmap rx ring: Permission denied! When I run the snort binary directly with all the options, or move the snortd bash script out of /etc/init.d, it works, but if snort is started by systemd in anyway (legacy redirect on init.d or even if I write my own snort.service unit file for systemd) it always fails with that error. Obviously, in some way systemd is doing something different and it doesn’t have the permission to access the daq/pcap stuff. Anyone seen this? Thanks, Ryan. _______________________________________________ Snort-users mailing list Snort-users () lists snort org Go to this URL to change user options or unsubscribe: https://lists.snort.org/mailman/listinfo/snort-users To unsubscribe, send an email to: snort-users-leave () lists snort org Please visit http://blog.snort.org to stay current on all the latest Snort news! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette ---------- Forwarded message ---------- From: Ryan Bohn <ryan.bohn () cord bc ca> To: John Byrne <jbyrnescu () gmail com> Cc: "snort-users () lists snort org" <snort-users () lists snort org> Bcc: Date: Tue, 11 Dec 2018 04:02:21 +0000 Subject: Re: [Snort-users] can't run snort via systemd I figured it out by seeing the /var/log/audit/audit.log fill up with deny messages from selinux when snort started under systemd or sysvinit. This is for RHEL 7.6 / CentOS 7.6. Then I did the following to fix: 1. yum install setroubleshoot setools (need these installed to run below commands) 2. sealert -a /var/log/audit/audit.log (analyzes the audit log and reports on what tried to do what, why it failed, and suggests how to fix, which gave me the two following commands in whole) 3. ausearch -c 'snort' --raw | audit2allow -M my-snort (create an selinux allow policy file based on the audit failures) 4. semodule -i my-snort.pp (install the selinux policy for snort) Started my snort systemd services after this without any issue. This is what the sealert command comes back with, showing the snort was denied map access on the packet_socket. found 1 alerts in /var/log/audit/audit.log -------------------------------------------------------------------------------- SELinux is preventing /usr/sbin/snort-plain from map access on the packet_socket packet_socket. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that snort-plain should be allowed map access on the packet_socket packet_socket by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'snort' --raw | audit2allow -M my-snort # semodule -i my-snort.pp [image: ryanbohn-portrait] *Ryan Bohn* Network & Systems Administrator t: 250-469-6273 | f: 250-763-0606 | www.regionaldistrict.com [image: facebook-small] <http://www.facebook.com/regionaldistrict> [image: Instagram-small] <http://www.instagram.com/rdco.cord/> [image: youtube-small] <http://www.youtube.com/user/regionaldistrict> *From:* John Byrne <jbyrnescu () gmail com> *Sent:* December 10, 2018 4:22 PM *To:* Ryan Bohn <ryan.bohn () cord bc ca> *Cc:* snort-users () lists snort org *Subject:* Re: [Snort-users] can't run snort via systemd What did you do to figure that one out? An strace or something? (You don’t have to give away all of your admin secrets… but I am curious so I have to ask) Curiously, John Byrne On Dec 10, 2018, at 3:27 PM, Ryan Bohn via Snort-users < snort-users () lists snort org> wrote: I’ve tracked it down to this: When I set selinux to permissive, all works as it should. It seems RHEL 7.6 made a change to selinux and mmap calls, as noted in this 7.6 release note. selinux-policy now checks file permissions when mmap() is used This release introduces a new permission check on the mmap() system call. The purpose of a separate map permission check on mmap() is to permit policy to prohibit memory mapping of specific files for which you need to ensure that every access is revalidated. This is useful for scenarios where you expect the files to be relabeled at run-time to reflect state changes, for example, in a cross-domain solution or an assured pipeline without data copying. This functionality is enabled by default. Also, a new SELinux boolean, domain_can_mmap_files, has been added. If domain_can_mmap_files is enabled, every domain can use mmap() in every file, a character device or a block device. If domain_can_mmap_files is disabled, the list of domains that can use mmap() is limited. (BZ#1460322) It seems anyone who runs snort on RHEL 7.6/CentOS 7.6 will run into this issue. Now to write a rule/whatever for selinux to allow snort while in enforcing mode… never had to do this before… *From:* Snort-users <snort-users-bounces () lists snort org> *On Behalf Of *Ryan Bohn via Snort-users *Sent:* December 10, 2018 9:51 AM *To:* snort-users () lists snort org *Subject:* Re: [Snort-users] can't run snort via systemd Am I the only one? Any one else ever get the “FATAL ERROR: Can't start DAQ (-1) - can't mmap rx ring: Permission denied!” error or similar? *From:* Snort-users <snort-users-bounces () lists snort org> *On Behalf Of *Ryan Bohn via Snort-users *Sent:* December 7, 2018 3:25 PM *To:* snort-users () lists snort org *Subject:* [Snort-users] can't run snort via systemd Hey all, Been running snort 2.9.12 with daq 2.0.6 for months with no issues on Centos 7.5. It has been using the default snortd bash script under /etc/init.d, which systemd was legacy redirecting to start it via its method. Upgraded to Centos 7.6 and now it won’t start at all under systemd. Other then upgrading the OS, I haven’t changed anything. Dec 7 15:15:46 klo-sensor snort[17635]: Running in IDS mode Dec 7 15:15:46 klo-sensor snort[17635]: ode Dec 7 15:15:46 klo-sensor snort[17635]: --== Initializing Snort ==-- Dec 7 15:15:46 klo-sensor snort[17635]: Initializing Output Plugins! Dec 7 15:15:46 klo-sensor snort[17635]: Initializing Preprocessors! Dec 7 15:15:46 klo-sensor snort[17635]: Initializing Plug-ins! Dec 7 15:15:46 klo-sensor snort[17635]: Parsing Rules file "/etc/snort/snort.conf" Dec 7 15:15:47 klo-sensor snort[17635]: Tagged Packet Limit: 256 Dec 7 15:15:47 klo-sensor snort[17635]: Log directory = /var/log/snort/ens161 <SNIP> Dec 7 15:15:47 klo-sensor snort[17635]: Rule application order: pass->drop->sdrop->reject->alert->log Dec 7 15:15:47 klo-sensor snort[17635]: Verifying Preprocessor Configurations! Dec 7 15:15:47 klo-sensor snort[17635]: tions! Dec 7 15:15:47 klo-sensor snort[17635]: [ Port Based Pattern Matching Memory ] Dec 7 15:15:47 klo-sensor snort[17635]: pcap DAQ configured to passive. Dec 7 15:15:47 klo-sensor snort[17635]: Acquiring network traffic from "ens161". Dec 7 15:15:47 klo-sensor snort[17635]: Initializing daemon mode Dec 7 15:15:47 klo-sensor snort[17635]: Daemon initialized, signaled parent pid: 1 Dec 7 15:15:47 klo-sensor snort[17635]: Reload thread starting... Dec 7 15:15:47 klo-sensor snort[17635]: Reload thread started, thread 0x7f8927358700 (17641) Dec 7 15:15:47 klo-sensor snort[17635]: FATAL ERROR: Can't start DAQ (-1) - can't mmap rx ring: Permission denied! When I run the snort binary directly with all the options, or move the snortd bash script out of /etc/init.d, it works, but if snort is started by systemd in anyway (legacy redirect on init.d or even if I write my own snort.service unit file for systemd) it always fails with that error. Obviously, in some way systemd is doing something different and it doesn’t have the permission to access the daq/pcap stuff. Anyone seen this? Thanks, Ryan. _______________________________________________ Snort-users mailing list Snort-users () lists snort org Go to this URL to change user options or unsubscribe: https://lists.snort.org/mailman/listinfo/snort-users To unsubscribe, send an email to: snort-users-leave () lists snort org Please visit http://blog.snort.org to stay current on all the latest Snort news! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette _______________________________________________ Snort-users mailing list Snort-users () lists snort org https://lists.snort.org/mailman/listinfo/snort-users To unsubscribe, send an email to: snort-users-leave () lists snort org Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette
_______________________________________________ Snort-users mailing list Snort-users () lists snort org Go to this URL to change user options or unsubscribe: https://lists.snort.org/mailman/listinfo/snort-users To unsubscribe, send an email to: snort-users-leave () lists snort org Please visit http://blog.snort.org to stay current on all the latest Snort news! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette
Current thread:
- Re: Snort-users Digest, Vol 19, Issue 6 Divyanshu Banerjee via Snort-users (Dec 12)
- Re: Snort-users Digest, Vol 19, Issue 6 Tom Peters (thopeter) via Snort-users (Dec 12)