Snort mailing list archives
****SPAM(5.3)**** help
From: jiangzhw2008 <jiangzhw2008 () yeah net>
Date: Thu, 16 Jul 2009 09:00:33 +0800 (CST)
在2009-07-16?02:41:56,snort-users-request () lists sourceforge net?写道:
Send?Snort-users?mailing?list?submissions?to snort-users () lists sourceforge net To?subscribe?or?unsubscribe?via?the?World?Wide?Web,?visit https://lists.sourceforge.net/lists/listinfo/snort-users or,?via?email,?send?a?message?with?subject?or?body?'help'?to snort-users-request () lists sourceforge net You?can?reach?the?person?managing?the?list?at snort-users-owner () lists sourceforge net When?replying,?please?edit?your?Subject?line?so?it?is?more?specific than?"Re:?Contents?of?Snort-users?digest..." Today's?Topics: ???1.?Joel?Esler?Speaking?in?Augusta?Georgia?-?Tonight?(Mike?Guiterman) ???2.?Speaking?tonight?at?the?CSRA?Snort?Users?Group?(Joel?Esler) ???3.?Re:?Web?UI?(JJ?Cummings) ???4.?Re:?Web?UI?(Russell?Fulton) ???5.?Re:?Web?UI?(Joel?Esler) ???6.?Re:?New?netbios?rules??(craig?bowser) ---------------------------------------------------------------------- Message:?1 Date:?Tue,?14?Jul?2009?16:28:46?-0400 From:?Mike?Guiterman?<mguiterman () sourcefire com> Subject:?[Snort-users]?Joel?Esler?Speaking?in?Augusta?Georgia?- Tonight To:?Snort?Users?List?<snort-users () lists sourceforge net>, emerging-sigs () emergingthreats net Message-ID: <9ff4f37d0907141328v23c4727exa49e70fc8212ff63 () mail gmail com> Content-Type:?text/plain;?charset="iso-8859-1" Hi?all, Sorry?for?the?late?notice,?Sourcefire's?Joel?Esler?speaking?tonight?at?the CSRA?Snort?Users?group?in?Augusta,?Georgia?at?6:30pm.??If?you?are?in?the area,?and?would?like?to?attend,?the?meeting?will?be?held?in?downtown Augusta,?please?contact?Joel?Esler?@?joel.esler?[at]?sourcefire.com?for directions. Regards, Mike --------------?next?part?-------------- An?HTML?attachment?was?scrubbed... ------------------------------ Message:?2 Date:?Tue,?14?Jul?2009?16:35:56?-0400 From:?Joel?Esler?<jesler () sourcefire com> Subject:?[Snort-users]?Speaking?tonight?at?the?CSRA?Snort?Users?Group To:?Snort?Users?<snort-users () lists sourceforge net> Message-ID: <314cf0830907141335t612d134exf68ba9e300910fd7 () mail gmail com> Content-Type:?text/plain;?charset="iso-8859-1" Wanted?to?let?you?all?know,?and?sorry?that?it's?on?short?notice,?but?I?will be?speaking?tonight?at?the?CSRA?(Augusta,?Georgia?and?surrounding?area) Snort?Users?Group. The?meeting?is?being?held?in?downtown?Augusta,?Georgia,?so?if?you?are?the area?and?would?like?to?attend,?I?plan?to?start?around?6:30-6:45,?several?of us?will?probably?go?to?dinner?afterwards.??All?are?invited. If?you?are?interested?in?coming,?like?I?said,?I?know?it's?short?notice, email?me?for?directions.??(The?location?has?asked?that?their?address?isn't posted.)??Thanks! Joel?Esler SOURCEfire --------------?next?part?-------------- An?HTML?attachment?was?scrubbed... ------------------------------ Message:?3 Date:?Tue,?14?Jul?2009?14:50:00?-0600 From:?JJ?Cummings?<cummingsj () gmail com> Subject:?Re:?[Snort-users]?Web?UI To:?"Burks,?Doug"?<doug.burks () morris com> Cc:?SElgram () verifpoint com, Snort?Users?List <snort-users () lists sourceforge net> Message-ID: <1c79c7b70907141350x58e1a01fn723f8fbaa66bf49d () mail gmail com> Content-Type:?text/plain;?charset="windows-1252" There?is?also?Snorby?(google?will?help?you?there),?I?have?been?playing?with it?a?bit?lately..?it's?still?BETA?/?Brand?new.. you?can?also?always?go?the?route?of?syslog?etc... On?Tue,?Jul?14,?2009?at?1:57?PM,?Burks,?Doug?<doug.burks () morris com>?wrote:??Hi?Scott, ?ACID?should?not?be?used?anymore.??BASE?is?definitely?more?current. ?A?brand?new?web?front-end?called?Snorby?(http://www.snorby.org/)?just ?appeared.??It's?still?in?Beta?and?may?not?be?ready?for?production?use. ?If?you?don't?require?a?web?front-end,?I?would?recommend?looking?at?Sguil?( ?http://sguil.sourceforge.net/).??It?can?be?installed?very?quickly?and ?easily?using?NSMnow?(http://www.securixlive.com/nsmnow/index.php).??If ?you'd?like?to?try?Sguil?from?a?LiveCD?environment,?please?take?a?look?at?my ?Security?Onion?LiveCD?(http://securityonion.blogspot.com/). ?Thanks, ?Doug?Burks ??------------------------------ ??*From:*?Scott?Elgram?[mailto:SElgram () VerifPoint com] ?*Sent:*?Tuesday,?July?14,?2009?2:38?PM ?*To:*?'Snort?Users?List' ?*Subject:*?[Snort-users]?Web?UI ??Hello, ?????????????I?am?looking?to?setup?a?new?SNORT?IDS.??I?set?one?up?a?while ?back?with?ACID?as?my?UI,?I?liked?it?very?much?but?now?I?m?looking?to?build?a ?brand?new?one?and?it?would?seem?that?many?things?have?changed?sense?I?did ?this?last.??Most?notably,?it?looks?like?the?ACID?project?has?been?dropped. ?Is?ACID?still?a?good?web?based?UI?for?SNORT?or?is?there?a?better?one?these ?days???I?d?also?appreciate?your?opinion?on?BASE?which?looks?pretty?much?like ?ACID?but?seems?to?be?more?current. ?-Scott ?------------------------------------------------------------------------------ ?Enter?the?BlackBerry?Developer?Challenge ?This?is?your?chance?to?win?up?to?$100,000?in?prizes!?For?a?limited?time, ?vendors?submitting?new?applications?to?BlackBerry?App?World(TM)?will?have ?the?opportunity?to?enter?the?BlackBerry?Developer?Challenge.?See?full?prize ?details?at:?http://p.sf.net/sfu/Challenge ?_______________________________________________ ?Snort-users?mailing?list ?Snort-users () lists sourceforge net ?Go?to?this?URL?to?change?user?options?or?unsubscribe: ?https://lists.sourceforge.net/lists/listinfo/snort-users ?Snort-users<https://lists.sourceforge.net/lists/listinfo/snort-users%0ASnort-users>list?archive: ?http://www.geocrawler.com/redir-sf.php3?list=snort-users--------------?next?part?-------------- An?HTML?attachment?was?scrubbed... ------------------------------ Message:?4 Date:?Wed,?15?Jul?2009?14:42:13?+1200 From:?Russell?Fulton?<r.fulton () auckland ac nz> Subject:?Re:?[Snort-users]?Web?UI To:?Joel?Esler?<jesler () sourcefire com> Cc:?"SElgram () verifpoint com"?<SElgram () verifpoint com>, Snort?Users List?<snort-users () lists sourceforge net> Message-ID:?<ED79CCB0-B556-4B7F-A1F8-9E6F40580B3A () auckland ac nz> Content-Type:?text/plain;?charset=US-ASCII;?format=flowed;?delsp=yes On?15/07/2009,?at?8:01?AM,?Joel?Esler?wrote:?It's?much?better?than?ACID?ever?was. ?It's?the?biggest?web?gui?there?is?for?Snort.?With?over?20k?users.Anyone?have?a?feeling?for?how?many?events?it?will?handle?in?the?? database???Last?time?I?looked?(a?long?time?ago)?it?would?go?very?soggy?? if?I?tried?to?keep?more?than?a?weeks?worth?of?alerts?in?the?DB.???My?? current?(Placid?*)?system?works?fine?with?about?6?million?events.??But?? has?very?limited?functionality. R *?Phil?(Denault)?Loaths?ACID??:) ------------------------------ Message:?5 Date:?Wed,?15?Jul?2009?01:27:02?-0400 From:?Joel?Esler?<jesler () sourcefire com> Subject:?Re:?[Snort-users]?Web?UI To:?Russell?Fulton?<r.fulton () auckland ac nz> Cc:?"SElgram () verifpoint com"?<SElgram () verifpoint com>, Snort?Users List?<snort-users () lists sourceforge net> Message-ID:?<F210085A-80AF-4F90-9096-F33CCCF984D6 () sourcefire com> Content-Type:?text/plain; charset=us-ascii; format=flowed; delsp=yes I've?seen?systems?with?14?million?events?on?a?very?powerful?machine. -- Sent?from?my?iPhone On?Jul?14,?2009,?at?10:42?PM,?Russell?Fulton?<r.fulton () auckland ac nz>?? wrote:?On?15/07/2009,?at?8:01?AM,?Joel?Esler?wrote:?It's?much?better?than?ACID?ever?was. ?It's?the?biggest?web?gui?there?is?for?Snort.?With?over?20k?users.?Anyone?have?a?feeling?for?how?many?events?it?will?handle?in?the?? ?database???Last?time?I?looked?(a?long?time?ago)?it?would?go?very?? ?soggy?if?I?tried?to?keep?more?than?a?weeks?worth?of?alerts?in?the?? ?DB.???My?current?(Placid?*)?system?works?fine?with?about?6?million?? ?events.??But?has?very?limited?functionality. ?R ?*?Phil?(Denault)?Loaths?ACID??:)------------------------------ Message:?6 Date:?Wed,?15?Jul?2009?14:41:48?-0400 From:?craig?bowser?<reswob10 () gmail com> Subject:?Re:?[Snort-users]?New?netbios?rules? To:?Snort?<snort-users () lists sourceforge net> Message-ID: <cfec1a3a0907151141y17abe160i642cbabeb16c31d5 () mail gmail com> Content-Type:?text/plain;?charset="iso-8859-1" I?just?got?the?same?problem?as?jlay?<jlay () slave-tothe-box net>.??I've?had v2.8.4.1?running?just?fine?for?a?while,?but?today?I?updated?the?rules?(both from?Snort?and?from?Emerging?threats)?and?performed?an?'apt-get?upgrade'?and suddenly?I'm?getting?this?error.??I?don't?have?either?"preprocessor?dcerpc2" or?"?preprocessor?dcerpc_server:?default"?in?my?snort.conf?and?the?entry?for dce/rpc?is?as?follows: #?Per?Step?#2,?set?the?following?to?load?the?dcerpc?preprocessor #?dynamicpreprocessor?file?<full?path?to?libsf_dcerpc_preproc.so> #?or?use?commandline?option #?--dynamic-preprocessor-lib?<full?path?to?libsf_dcerpc_preproc.so> preprocessor?dcerpc:?\ ????autodetect?\ ????max_frag_size?3000?\ ????memcap?100000 So?it?appears?to?be?enabled. However,?I?looked?for?libsf_dcerpc_preproc.so,?but?that?file?is?not present.??Do?I?need?to?create?one???The?README.dcerpc?file?does?not?say?how to?format?such?a?file. OTOH,?did?I?screw?up?something?updating?the?rules? Thanks. Craig?Bowser On?Tue,?Jun?16,?2009?at?10:45?AM,?Griffin,?Chris?Andrew?(Chris)?< cg58 () alcatel-lucent com>?wrote:?I'm?having?the?same?problem ?+++++++++++++++++++++++++++++++++++++++++++++++++++ ?Initializing?rule?chains... ?ERROR:?Warning:?/etc/snort/rules/netbios.rules(24)?=>?Unknown?keyword?' ?dce_iface'?in?rule! ?Fatal?Error,?Quitting.. ?and?I?found?this?post: ?https://forums.snort.org/forums/snort-newbies/topics/snort-error-when-starting-snort-unknown-keyword-dce_iface ?I?can't?find?"preprocessor?dcerpc_server:?default"?in?snort.conf?to ?disable,?but?I?think?it's?because?my?snort.conf?is?old.??I'm?going?to?try ?and?upgrade?my?snort.conf?to?the?latest?version?(v2.8.4.1).??If?you?haven't ?upgraded?your?snort.conf?in?a?while?I?may?suggest?you?try?the?same. ?________________________________ ?From:?Joel?Esler?[mailto:jesler () sourcefire com] ?Sent:?Tuesday,?June?16,?2009?10:31?AM ?To:?jlay () slave-tothe-box net ?Cc:?Snort ?Subject:?Re:?[Snort-users]?New?netbios?rules? ?On?Jun?16,?2009,?at?10:17?AM,?jlay () slave-tothe-box net?wrote: ????????After?updating?this?morning?I?see: ????????Jun?16?08:12:25?10.21.10.2?snort[7899]:?FATAL?ERROR:?Warning: ????????/usr/local/etc/snort/rules/netbios.rules(24)?=>?Unknown?keyword?' ????????dce_iface'?in?rule! ????????Version?is: ????????Version?2.8.4.1?(Build?38) ????????Do?I?need?to?update?snort???Thanks. ?No,?but?you?do?need?to?enable?the?dce/rpc2?preprocesor?in?your?snort.conf ?-- ?joel?esler?|?Sourcefire?|?gtalk:?jesler () sourcefire com?|?302-223-5974 ?[m] ?------------------------------------------------------------------------------ ?Crystal?Reports?-?New?Free?Runtime?and?30?Day?Trial ?Check?out?the?new?simplified?licensing?option?that?enables?unlimited ?royalty-free?distribution?of?the?report?engine?for?externally?facing ?server?and?web?deployment. ?http://p.sf.net/sfu/businessobjects ?_______________________________________________ ?Snort-users?mailing?list ?Snort-users () lists sourceforge net ?Go?to?this?URL?to?change?user?options?or?unsubscribe: ?https://lists.sourceforge.net/lists/listinfo/snort-users ?Snort-users<https://lists.sourceforge.net/lists/listinfo/snort-users%0ASnort-users>list?archive: ?http://www.geocrawler.com/redir-sf.php3?list=snort-users--------------?next?part?-------------- An?HTML?attachment?was?scrubbed... ------------------------------ ------------------------------------------------------------------------------ Enter?the?BlackBerry?Developer?Challenge?? This?is?your?chance?to?win?up?to?$100,000?in?prizes!?For?a?limited?time,? vendors?submitting?new?applications?to?BlackBerry?App?World(TM)?will?have the?opportunity?to?enter?the?BlackBerry?Developer?Challenge.?See?full?prize?? details?at:?http://p.sf.net/sfu/Challenge ------------------------------ _______________________________________________ Snort-users?mailing?list Snort-users () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-users End?of?Snort-users?Digest,?Vol?38,?Issue?13 *******************************************
------------------------------------------------------------------------------ Enter the BlackBerry Developer Challenge This is your chance to win up to $100,000 in prizes! For a limited time, vendors submitting new applications to BlackBerry App World(TM) will have the opportunity to enter the BlackBerry Developer Challenge. See full prize details at: http://p.sf.net/sfu/Challenge
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- ****SPAM(5.3)**** help jiangzhw2008 (Jul 15)
- Re: help Joel Esler (Jul 15)