Snort mailing list archives
RE: Snort-users digest, Vol 1 #1531 - 12 msgs
From: "Jessup, Justin" <Justin.Jessup () usdoj gov>
Date: Wed, 30 Jan 2002 17:24:26 -0500
hey to all almost forgot to mention if you are creating the databases for snort in mysql you need to do this get the tar.gz version of snort unzip and untar it cd to the snort dir then type mysql -u "your user name" -p"password" -h 192.168.0.99 snort < ./contrib/create_mysql THIS WILL EXECUTE a sql script in the tared up version of snort that will create the tables and fields in your snort database on your mysql server example mysql -u root -phappyone -h 192.168.0.99 snort < ./contrib/create_mysql any questions email me via this usenet good luck check out ACID and snortreport justin :-) -----Original Message----- From: /DDV=snort-users-request () lists sourceforge net/DDT=RFC-822/O=INETGW/P=GO V+DOJ/A=TELEMAIL/C=US/ [mailto:/DDV=snort-users-request () lists sourceforge net/DDT=RFC-822/O=INE TGW/P=GOV+DOJ/A=TELEMAIL/C=US/] Sent: Tuesday, January 29, 2002 3:59 PM To: snort-users () lists sourceforge net Subject: Snort-users digest, Vol 1 #1531 - 12 msgs Importance: Low Send Snort-users mailing list submissions to snort-users () lists sourceforge net To subscribe or unsubscribe via the World Wide Web, visit https://lists.sourceforge.net/lists/listinfo/snort-users or, via email, send a message with subject or body 'help' to snort-users-request () lists sourceforge net You can reach the person managing the list at snort-users-admin () lists sourceforge net When replying, please edit your Subject line so it is more specific than "Re: Contents of Snort-users digest..." Today's Topics: 1. RE: detection and preprocessor plugins (Steve Halligan) 2. Running Snort Daemon Problem (Bill) 3. Re: FW: ISS Alert: Remote Denial of Service Vulnera bility in Snort ID S (Chris Green) 4. Re: Help getting Snort working with mysql (Roman Danyliw) 5. =?iso-8859-1?Q?CPU_usage_grow_to_max?= (=?iso-8859-1?Q?Alessandro_Fiorenzi?=) 6. Re: Running Snort Daemon Problem (Chris Green) 7. Re: Barnyard Solaris 2.6 make issue (Roelof JT Jonkman) 8. Snort for RH 7.0 (Paulo Henrique Baptista de Oliveira) 9. Re: Help getting Snort working with mysql (Phil Wood) 10. Re: libpcap 0.7.1 (Phil Wood) 11. RE: Help getting Snort working with mysql (Patrick S. Harper) --__--__-- Message: 1 From: Steve Halligan <agent33 () geeksquad com> To: "Snort-Users (E-mail)" <snort-users () lists sourceforge net> Subject: RE: [Snort-users] detection and preprocessor plugins Date: Tue, 29 Jan 2002 09:34:28 -0600 Please allow me to answer my own question. When frag2 is determines that it has a complete packet rebuilt, it dumps the packet back into ProcessPacket(), which will give all the preprocessors (even frag2 itself actually) another shot at the new rebuilt packet. -steve
3) If one have multiple preprocessors, what determines theorder they runin? Can the defrag run first, then others, allowing themto see the packetin its defragged form?The order is determined by the way that they're loaded in the snort.conf file. The default order has spp_frag2 loaded first.So if frag2 is loaded first, will other preprocessors see a packet in its defragged state? Or is the defragged packet only available to detection plugins and the signature engine? -steve
--__--__-- Message: 2 From: "Bill" <wkuhn () adelphia net> To: <snort-users () lists sourceforge net> Date: Tue, 29 Jan 2002 11:00:34 -0800 Subject: [Snort-users] Running Snort Daemon Problem Hello, I am trying to get Snort 1.7 installed on a Linux Server... I installed the snort rpm and the tarball... I had to do that because the RPM doesn't have the ability to log to postgresql database... I try to start the snortd daemon and it gives me an error: snortd: /etc/snort/snort.conf: Permission Denied Here is the Start Section of the snortd (located in /etc/rc.d/init.d): start) echo -n "Starting snort: " daemon /usr/local/bin/snort -u snort -dev -D \ -i $INTERFACE -l /var/log/snort -u snort -g snort -c /etc/snort/snort.conf -b touch /var/lock/subsys/snort echo ;; The Snort binary is owned by root and the group is snort (was root but same error). The /etc/snort directory is owned by root and group of root, the permissions are 755 (rwxr_xr_x). The files in the /etc/snort directory are owned by root and the group is snort (this includes snort.conf) The snort.conf is in mode 640.... I checked the /var/log/snort permissions: the snort directory is snort.snort (owner.group) all files inside are snort.snort. Some things I tried were: chmoding the content of /etc/snort to 777 but I get errors of none of the commands in the snort.conf can be found.... /etc/snort/snort.conf: var: command not found [ OK ] /etc/snort/snort.conf: var: command not found /etc/snort/snort.conf: var: command not found /etc/snort/snort.conf: preprocessor: command not found /etc/snort/snort.conf: preprocessor: command not found I would try running it from a command prompt: /usr/local/bin/snort -u snort -dev -D -i eth0 -l /var/log/snort -u snort -g snort -c /etc/snort/snort.conf -b It says it started but running "ps aux / grep snort" shows nothing.... I am at a loss for this one... Any ideas???? --__--__-- Message: 3 To: snort-users () lists sourceforge net Subject: Re: [Snort-users] FW: ISS Alert: Remote Denial of Service Vulnera bility in Snort ID S From: Chris Green <cmg () uab edu> Reply-To: snort-users () lists sourceforge net Date: Tue, 29 Jan 2002 10:05:51 -0600 Andreas Hasenack <andreas () conectiva com br> writes:
But there is no 1.8.4 release in sight. So far, I think two important bugs are fixed in CVS: - that DoS one - the ICMP packet dumps having traces of snort.conf inside them There is no mention of these bugs at www.snort.org (at least at the download page and the main page), people going straight there to download the package won't be aware of this.
Brian added http://www.snort.org/downloads/snort-stable-snapshot.tar.gz and a news item on the front page today. Hopefully that will be good enough until 1.8.4 can be released. -- Chris Green <cmg () uab edu> "Yeah, but you're taking the universe out of context." --__--__-- Message: 4 Date: Tue, 29 Jan 2002 11:44:10 -0500 (EST) From: "Roman Danyliw" <roman () danyliw com> To: "Graham, Randy \(RAW\) " <RAW () y12 doe gov> CC: snort-users () lists sourceforge net Subject: Re: [Snort-users] Help getting Snort working with mysql How far did you get through the README.database instructions? The following URL from the MySQL manual should get you through the database installation process (Step 1-2). http://www.mysql.com/documentation/mysql/bychapter/manual_Installing.html What issues are you having applying the DDL script (contrib/create_mysql)? cheers, Roman On Tue, 29 Jan 2002 10:15:39 -0500, "Graham, Randy \(RAW\) " <RAW () y12 doe gov> wrote :
OK, I must be totally brain damaged, because there is absolutely no way I can figure out how to get snort working with mysql. I don't know if I'm setting up mysql wrong, or snort wrong, or what, but I can't get it working, and I'm not sure how to perform some of the steps listed in the README.database file. Would anyone be willing to help me on or off list with this? I'd be glad to just post my problems here if there is a need, but since I don't imagine this is of use to most readers of the list, I thought I'd wait and see if someone wanted to help me off list before filling up the list with personal support questions. Thanks, Randy Graham -- The Internet? Bah! Is that thing still around? -- Homer Simpson http://www.securitynewbie.com/ - for people like me _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
--__--__-- Message: 5 Date: Tue, 29 Jan 2002 18:11:38 +0100 From: "=?iso-8859-1?Q?Alessandro_Fiorenzi?=" <a.iorenzi () libero it> To: snort-users () lists sourceforge net Subject: [Snort-users] =?iso-8859-1?Q?CPU_usage_grow_to_max?= ICBIaSwgSSBoYXZlIGluc3RhbGxlZCBhIHNub3J0IHNlbnNvciBvbiBhIFBlbnRpdW0gSUlJ IDczM01IeiB0byBtb25pdG9yIDMNCkMgY2xhc3MgdHJhZmZpYywgYnV0IEkgc2VlIGV2ZXJ5 dGltZSBjcHUgdXNhZ2UgMTAwJSBpcyBpdCBwb3NzaWJsZT8gDQpPbiB0aGlzIG1hY2hpbmUg SSBoYXZlIHR3byBwcm9jZXNzb3IgYnV0IHNub3J0IHVzZSBvbmx5IG9uZSBwcm9jZXNzb3Is DQppcyB0aGVyZSBhbnkgd2F5IHRvIHVzZSB0d28gcHJvY2Vzc29yPyANCg== --__--__-- Message: 6 To: <snort-users () lists sourceforge net> Subject: Re: [Snort-users] Running Snort Daemon Problem From: Chris Green <cmg () uab edu> Reply-To: snort-users () lists sourceforge net Date: Tue, 29 Jan 2002 12:33:38 -0600 "Bill" <wkuhn () adelphia net> writes:
Hello, I am trying to get Snort 1.7 installed on a Linux Server
Ancient snort alert. Upgrade to stable CVS.
... I installed the snort rpm and the tarball... I had to do that because the RPM doesn't have the ability to log to postgresql database... I try to start the snortd daemon and it gives me an error: snortd: /etc/snort/snort.conf: Permission Denied Here is the Start Section of the snortd (located in /etc/rc.d/init.d): start) echo -n "Starting snort: " daemon /usr/local/bin/snort -u snort -dev -D \ -i $INTERFACE -l /var/log/snort -u snort -g snort -c /etc/snort/snort.conf -b touch /var/lock/subsys/snort echo ;;
That looks like the old chroot daemon script. Where is this RPM from?
The Snort binary is owned by root and the group is snort (was root but same error). The /etc/snort directory is owned by root and group of root, the permissions are 755 (rwxr_xr_x). The files in the /etc/snort directory are owned by root and the group is snort (this includes snort.conf) The snort.conf is in mode 640....
There is a missing \ at the end of your '-c' line daemon /usr/local/bin/snort -u snort -dev -D \ -i $INTERFACE -l /var/log/snort -u snort -g snort -c \ /etc/snort/snort.conf -b -v shouldn't be used in daemon mode If you're feeling brave, remove all the RPMs and bits of snort you currently have installed and try some testing RPMS of the current stable snapshot: ftp://helium.tucc.uab.edu/pub/snort-rpm (compiled on rh7.2) -- Chris Green <cmg () uab edu> "I'm beginning to think that my router may be confused." --__--__-- Message: 7 From: Roelof JT Jonkman <roel () SiliconDefense com> Subject: Re: [Snort-users] Barnyard Solaris 2.6 make issue To: Steve Rudolph <srudolph () iocenter net> Cc: snort-users () lists sourceforge net Date: Tue, 29 Jan 2002 10:44:24 -0800 Steve, Add the following to your LDFLAGS: '-lnsl' Or the quick and dirty way: gcc -g -O2 -Wall -o barnyard barnyard.o configparse.o mstring.o strlcatu.o strlcpyu.o util.o spool.o sid.o debug.o classification.o output-plugins/libop.a input-plugins/libdp.a -lsocket -lnsl Barnyard works on solaris, there are a few caveats, but it works. roel http://www.SiliconDefense.com --__--__-- Message: 8 Date: Tue, 29 Jan 2002 17:21:16 -0200 From: Paulo Henrique Baptista de Oliveira <baptista () linuxsolutions com br> To: snort-users () lists sourceforge net Organization: Linux Solutions Subject: [Snort-users] Snort for RH 7.0 Hi all, I have to install snort in a RH 7.0 system and can only find snort for RH 7.1 and 7.2 at rpmfind.net that generates a lot of dependencies. I dont use to manage RedHat (my background is Debian) so I'm asking for someone to send me a snort binary for RH 7.0. TIA, Paulo Henrique -- Paulo Henrique B de Oliveira Gerente de Operações - Linux Solutions - http://www.linuxsolutions.com.br O maior conteúdo de Linux em língua portuguesa - OLinux - http://www.olinux.com.br (21) 2526-7262 ramal 31 --__--__-- Message: 9 From: Phil Wood <cpw () lanl gov> Date: Tue, 29 Jan 2002 12:27:59 -0700 To: "Graham, Randy (RAW) " <RAW () y12 doe gov> Cc: snort-users () lists sourceforge net Subject: Re: [Snort-users] Help getting Snort working with mysql --Dxnq1zWXvFF0Q93v Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Tue, Jan 29, 2002 at 10:15:39AM -0500, Graham, Randy (RAW) wrote:
OK, I must be totally brain damaged, because there is absolutely no way I can figure out how to get snort working with mysql. I don't know if I'm setting up mysql wrong, or snort wrong, or what, but I can't get it working, and I'm not sure how to perform some of the steps listed in the README.database file. Would anyone be willing to help me on or off list with this? I'd be glad to just post my problems here if there is a need, but since I don't imagine this is of use to most readers of the list, I thought I'd wait and see if someone wanted to help me off list before filling up the list with personal support questions.
I've attached a set of utilities which I use to keep me blissfully unaware. ( not that I need a lot of help with that ;) Let me know if they help.
Thanks, Randy Graham -- The Internet? Bah! Is that thing still around? -- Homer Simpson http://www.securitynewbie.com/ - for people like me _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- Phil Wood, cpw () lanl gov --Dxnq1zWXvFF0Q93v Content-Type: application/octet-stream Content-Disposition: attachment; filename="acid_init-0.3.tar.gz" Content-Transfer-Encoding: base64 H4sIADb3VjwAA+0ca3PbuDFfw1+xZ3sqO6O3LKuxo1xlW7m4Ez8qKc1k0jSmSEhiQ5E8krLi NP3v3V0AfEg++27GcZKWO4lNgsBiF/sGQZuWY39wPCeu1Kut2qOvAvX6br3TbuPven2v0+Tf 9dae/C3hUb2z22y3O63dPWxvNHbbzUfQ/jrk5GERxWYI8MgKlrf2s53gIch5aDBz8v97fzA8 OT+75znqDZT77u4t8sdnndZes77baLfxutHc7bQfQf2e6bgR/s/lj1I3vjUNBXw7yNv/i5NX /eG9z3GX/bdbLbT/ZqdTbzfb9RbZP0Jh/w8BlXBZCSv0DxAagMsADMgvJIBu+SmcmtcAf4ZG fb/5FKYiJtWpRjPjd6JoNFoSxVNo7O03W2CFwozF78cA7c7TLIYm2CKKQ//6D6Bo1vcYRaOB PO3X/wyRE4uK5XuTaizmgYsE/W5Uu+0sqqdgjyvWZJri+dai/V2Qt/9T86OYOK643znusH8M +x2d/zU6Hcr/WpgBFvb/ELC5CVroYODNkR9ch850FsP20Q6aS72BTaEn4hje+L5NfajbaOZE EIT+NDTngJeTUAiI/Em8NENxANf+AizTg1DYDpqoM17EApwYTM+u+SHMfduZXBMebFt4tggh ngmIRTiPwJ/wzS9nr+EX4YnQdOFiMXYdC145lvAiASZOTS3RTNgwZjw04gXRMFQ0wAsfEZux 43sHIBx8HsKVCCO8h2YZkIhtMyY6Q/AD6rVDaEzvGsh2k77V3+A3ZcsGx+PpZ36ALMwQKzK1 dFwXxgIWkZgs3DKhwM7w5mT08vz1CHpnb+FNbzDonY3eHmDneObjU3ElJCoHPYiDmJGR0PTi a1wTwnDaHxy9xCG9w5NXJ6O3xMSLk9FZfziEF+cD6MFFbzA6OXr9qjeAi9eDi/NhvwowFESW IAS3rOmExYLrZqNjd9woYdxHIVrCuUJyTLBQO+4WUBmWIbpViH098W+JpgwnnlUtw16HfGkU Qe8KRx+Z83Ho2FO8PO1BvdloPS3D62GvahgXg/O/9o9G3cRtGQbnLF1VuQDfpSo96PeOT/tp qMmEjEwIg38Y0qevR4NVrw6mWaUOhqFm7F5aKHJ1c2kcnwy6W9uKzJ3K1rZ6smMYM+EG+8Zj XmVJl2Gg79mHrW2mesd4/A4qNt4ikh14D1++wPyj7YSqxXgczqEyUXe1J8bjbXJdSB5UEhw7 8AW2LY3kgDt8wg44mq8/WxpBFe+r088aueYHKRTWzId6tQ7PNV8/Riwr4I9DPv5LtbzvOe6I /3ud3ZaO/81Gg+J/s9WqF/H/IQCds/KRRfQvov93Hv1ZDvivh04Ljjimw7EM6CxU07KR5ZOY +ixJFickAqJEJgCkgYbKACDy/DCG6FcXkBpzbEYiosEwM68EeH4MrjBR9W0U7ZJQmFa8MF33 Guam4+EqeQaNvRYxjjo0bcwdph5ens9gKVwXrwzj7HzU30ftEaQ8lrAXoYgAdVGg0tg+T4Kq ZC2QdTWJ46E7QuWZXxNyZMn1CTWRqlIUUhf5uKoneGaPn6OcAsQuvDhCSWmOwDPnAlzno4AN 8vQx8r5RVZieBcuVYQEKYemHNrb+unBCti+WNhETiRDNgvQd859/LTyLRJglamVaPc27Z5E/ F/HM8abP32fnS5pRVo41S6yG1yqKcHafDULhsfz5HOWH3HiCVka4EfedB2SGqMG4Hi9xbYGU jIgOhSuu0ICAMkFUaSOT8NGSGYyYdcr2BfGPGZpLCm7issdAnGgaQHxCmzc9S2gDoFSRM0FW Kl5PxFnFXFHNx4qImuxNCf9Sopn7UcwmhWRZV+zuBj6yVcLpkTTGQ0wqPSA1JpYcz3YwzUwF cmWGjjnGadBiJ44n/VBCUoJGk1SVvKY0zzHsSZ64H7aRRiurwQVBRVjMESuqJEqElp7WwZeI wVvMx6gKSDx68gkSiNwEfoy/HHQH0rBSozLyqyMJpuVeeM6vC6VcuTFgTsgLR+ifLVHCFcxT rzC+xTAToet0bbbyG3J3Ym0tf6eZKeZLgyLPx3EgWSpgryFNXdIqDUwuBS0+G5VWg8Q0E+JR EuTtMQ5QEBwTGdes51XSNjNGWY+FZbJnIgwx6YjUSMKDq0+OYRFJoVJQ0nNZoROg4Sw8FHxE E8zMIECfyx7OdzzUIMG2qOSktSSrJIQop6nVrJ/yxKcY4qWfzIV+kxZiabofgRyTTz6AFyzr OZkzcc2+U5mr7+GwsaCYhk6HwlnquDAs+WV8SPEAp0+rM17od+SY3meskys59g4x1nXMATPk kAeKiKmEIZJ4quVKYZXz144s1TKPNYccR6Ys/Do06KhzGxGpGCa+6/pLUgt2Zkp3I+UoldLL BMOWGj1dkOxRDyKhIsUiyHtBosaZLkIOvVryNxiNZPo1a6dmnPULXVK4sGLGupEwuCFRAZyh Ayiv+CAcv2YwlBus03KQQxkF6ImRtVJUKjOiklMqQymmH6KE7lSykwR7MhhTOZEb+Vzdm72L x5xLUMJnT8zaoe2asaByRb7HZkZ8lkkXAnQvjrVwsbIgN6DFRfyT0PV60CyM403/8MNhb9hP LJZyikVc1rwl8ZidEPKjNzhWYphXiimxiH0fPbw1U76Mk28cOSfNNYHqHSUMrRzSFVLYYn38 KERA7kNlzNLdEzImGeJrzHX/RRGkRChLOuWVir6YB3JVVV2h1OM8LCeFASPgsURMSYYgNlLp uCwbq9Fnavrn1Xj6GVlONl6oy5EOWExGTs8xCoUOMnKdhoeA3LEnhbrBWiL1LGGbVifxx1nr ZIqZMuXAqIc5Ri+oPaReYxmi5uQjm2DNzBDzRYph6J4xxKBxYnCcOMgSbJdMs8SBR3wyUR/F DsksiaSOXoaxiJdC1QSkF/4iUuginHLOZRonq64/nZKvkBk3RKRdiWc2bt+7ydf/iSe+1xrz jvq/1em0k/p/t96k/f/mbqeo/x8CNn+qjR2vhqoyo1ItDcXFdkCxHfCdbwc4E3gHW5tQcWOo w/sDmoAqUt6/3jilyBAtgsCVWZfOC4T0+Gmdig68hAKiIMH9MODH5hQT2OoGPP9TkxB+Qik2 jIkjp/yJd+EbnBqszvpG1muRev7zOoqLN90tajFkeaM6GqPTi24tnge1rX8P//aqf/bLyVn/ P1tbisvKZ9jYwvbjw421KblZbibINH99Tonk08bWxZsN+KkLnzJIkJ6NSkWX/l3qwkM2c3lz vj7b5rCLGRdXzKQunr/cMbKkm/YcbQGxaTSSfGPzJsSUAMv4GmEYtyhaYwsWlaFzhcKaisiQ vFKQzs6CrMIWLl3V9S3TNYiSGdkg386o2KZph/3B3/uDAwyzBr2sefYM+ucv4Hlu6MkZ9hrB ydnoXJID2zS+TNdlvTplSd4HoqssaZTXNrbHQl5L7uT1IrD19Y6ROTyAAd1diGi7tDUrlUtE 42ucvpRMhA8uesPhm/PBcWmnXHpbWv2/c2AgD4bte5gDJmxf8ioRupfnwxF8AaoPKphrRbVy DWrT0iUvAmvDhu7GGrGRrlNWw77+ct3PsqjlQL3lFZE2E2UITngijjLNX3Lq9BsajLmlb9qE nbSXiz7TdT7fZBpST1lNpV1+4TWs4O3Z+WA0HBzVaLMFw4VKtj5kp1wl57ex9Y5OjhmZRMJp XDx2oxy6KuWyqyg3w7lcgCeUGebzv7QMvs8c467zH+12I83/mpz/0THgIv97ANjMpX+ZbZAi /yvyvx8k/8Pw1fhh0j+V//0PZn/kPiisy83RXDzkB7RFoZv3dTp4c8C1Qz9IEsYs2jRdXEFM kY6aJWLKGnKpHkc8YzV7NI77r/qjPrwYnJ+qHJTlx5ddSBMQmV3o1OEPJQ0q2n6vJ2jy8T99 Q3afc9wR/3dbe+n+T3uvzvG/Xnz/8SCg9n9k+M8c6i6ifxH9v+/ovyk+BRQMEt/b5ZeL2fbj w+7Mn6YtqgLr1mb+XNTkq1v9UBVU6pkZmNZM1Gax7VtRTUaiGr+hz6Cn0JCfQBbUXSxBq3Kn vmr583K89DO3SW9dyXZdZyIqTlRpVqIZkfRjJja42FuNNK85PuTExtCvtrqXthPyiy9du14a dNG9TN6IpQ+MYBHNbKCMiAJoJZzI4xF0ZKJi7wfyLMq+6fne9dxfRH/BB1Xq4ZrjqqQAtXgq quit9mv4MPT9uKY60PsSx5O4PrfuAZ/lS+oCP7ANQx7ZrWD+ollX3KT3Ur4/Q0X8mtu4ZBHY ch3k+V/FPLdgB3UcWN1ZdnoZYD9eL6ZK/nhnVj6/fwJV+ZwjPb81DWYrd1Uf/Ty9WKPtomc3 PMMEKj9cHpjmnaXNf/5jy3Rpa8cekxjfweP3T7rVJ5v5ZsynNko6iy1tHGyWbkZCu0hrKHgn L0GgtqluQUL2tYaEjS5BcoG+4DYUlAOuoVCJoUJB9n8rFSqrXqdEn7OSqLQjuBnX8aHrjHFI PGMM6a0a3Ts+Pz78cNEbvbx5/NHMDONXWRS5Fk3Dy4tX56Nb0Bwf0ltbRQK/wE3WQbpfOcyg Y1mJ11iKMah0Xyt/WR62ooKFzx/9tO5J2I5m3UuSOqnOpRGJGKuWS7mhO7uUuT9lFnyOybRt 9nCZzVYKOFpEf9lqUmBONed7zcW/BeTz//XjIPcxx137f41OJ/P9P33/3cYRRf7/EIAZWeas UnIGqEj/i/T/O0//5UmyJR17S0/DTuQpcIP1KT0nFwl3govKp3DkGVckJ+KjwjdWEsEUK4nH j9VLqU19WPuj5y/BmcjjTUtGjmH8o3FzJZIZr88VCW9K50kpe8cBvG/FRYiuQZJQ3q1RbK7F fs20fXvMSDwhbHkCOJeL6cGZCJ6Oxud0lPnOwUls7JIh0HujKgVbqldwsNwVS0M96X248Dw6 mZsioIyq22rV9x6vcM4dMqPRXmM6tep7RST+1rDy/i9/TPKe5rgr/jdbjTT+tzAXaOy2ir// 8DBAL/3GXPEXwb8I/j9Q8M+e0o0CYTkTnDmKF5OJPi0dZTIEfoDDkv2p9Jw6vWAar+QRhpHb RNSfTgEYa1uJOtLKN1P5iC+/MJMT2kiRFfvhtbG64ZhEepylghVzJTCnQodO17T00XN6DlFo keKp74OEbaxvPdJ+I6zAJuhiOpLKqTXTtOhbK341NzZWtjZTtldw6Zdt9JmQbznp6egUR7K5 mex1rODIfG0mkzZNB789HBeZwcNAPv6rM/b3PMedf/+prr//3mur77/3ivM/DwObyR+02Ew/ objpQxr9WQUbq/6sgRyKDfQ9g7FpoPeE48Oz3mkftOdQbVQZAFUG6p68y1ofchjHiVNQrXyM ca0k4YfD/tkQw51p4tQYNuk1R3q6gPdZy/JzszLIHejulqKOHBTdMFnkx+iGaUrPQSQESU4/ SARqTqKDuhB1d3xfUUABBRRQQAEFFFBAAQUUUEABBRRQQAEFFFBAAQUUUEABBRRQQAEFFFBA AQUU8LXgv1WJS2UAeAAA --Dxnq1zWXvFF0Q93v-- --__--__-- Message: 10 From: Phil Wood <cpw () lanl gov> Date: Tue, 29 Jan 2002 13:44:22 -0700 To: "Crow, Owen" <Owen_Crow () bmc com> Cc: snort-users () lists sourceforge net Subject: [Snort-users] Re: libpcap 0.7.1 Looks correct. My netscape, shift key, reload just didn't hack it today. Cleared my cache and things started to work again. One caveat, the current snort.c incorrectly adds ps_drop to ps_recv to create a total packets received by the filter. This is actually MY fault, and I have notified Marty. It's actually worse than that. In particular, here is the skinny on how libpcap manages the "pcap_stat" structure: filter OS applied ps_recv ps_drop linux before all packets that passed packets that passed the filter the filter including but dropped due to lack of buffer those that were dropped. space. bsd after ALL packets that hit (Same as linux) the network interface before being filtered including packets that passed the filter and packets that were dropped. The above synopsis is based on my read of the two files pcap-linux.c and pcap-bpf.c. I would very much like to change the way pcap_stats works, but the old hands are tied due to the "api". -- Phil Wood, cpw () lanl gov --__--__-- Message: 11 From: "Patrick S. Harper" <lists () internetsecurityguru com> To: "'Graham, Randy \(RAW\) '" <RAW () y12 doe gov>, <snort-users () lists sourceforge net> Subject: RE: [Snort-users] Help getting Snort working with mysql Date: Tue, 29 Jan 2002 14:57:50 -0600 What platform are you on? Are you using RPM's or source? I have had better luck using source on Linux. The first link is a pretty good tutorial. I got all these from google when I first did this. Good luck. http://www.sfhn.net/whites/snortacid.html http://www.andrew.cmu.edu/~rdanyliw/snort/acid_config.html http://www.incident.org/snortdb/ http://www.sfhn.net/whites/snortacid.html http://rr.sans.org/intrusion/snortsnarf.php http://rr.sans.org/intrusion/ACID.php Patrick S. Harper | MCSE ISS mailto:patrick () internetsecurityguru com http://www.internetsecurityguru.com How do I set a laser printer to stun? -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of Graham, Randy (RAW) Sent: Tuesday, January 29, 2002 9:16 AM To: snort-users () lists sourceforge net Subject: [Snort-users] Help getting Snort working with mysql OK, I must be totally brain damaged, because there is absolutely no way I can figure out how to get snort working with mysql. I don't know if I'm setting up mysql wrong, or snort wrong, or what, but I can't get it working, and I'm not sure how to perform some of the steps listed in the README.database file. Would anyone be willing to help me on or off list with this? I'd be glad to just post my problems here if there is a need, but since I don't imagine this is of use to most readers of the list, I thought I'd wait and see if someone wanted to help me off list before filling up the list with personal support questions. Thanks, Randy Graham -- The Internet? Bah! Is that thing still around? -- Homer Simpson http://www.securitynewbie.com/ - for people like me _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users --__--__-- _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-users End of Snort-users Digest _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- RE: Snort-users digest, Vol 1 #1531 - 12 msgs Jessup, Justin (Jan 30)