Snort mailing list archives
Re: snort error config option "detection" ...
From: Adam Szabo <adamx001 () gmail com>
Date: Sun, 25 Oct 2009 20:57:56 +0100
Here is the output i see after starting Snort: *4544 Snort rules read 4544 detection rules 0 decoder rules 0 preprocessor rules 4544 Option Chains linked into 542 Chain Headers 0 Dynamic rules +++++++++++++++++++++++++++++++++++++++++++++++++++ +-------------------[Rule Port Counts]--------------------------------------- | tcp udp icmp ip | src 470 33 0 0 | dst 3082 210 0 0 | any 683 67 16 7 | nc 11 4 3 4 | s+d 13 11 0 0 +---------------------------------------------------------------------------- +-----------------------[detection-filter-config]------------------------------ | memory-cap : 1048576 bytes +-----------------------[detection-filter-rules]------------------------------- | none ------------------------------------------------------------------------------- +-----------------------[rate-filter-config]----------------------------------- | memory-cap : 1048576 bytes +-----------------------[rate-filter-rules]------------------------------------ | none ------------------------------------------------------------------------------- +-----------------------[event-filter-config]---------------------------------- | memory-cap : 1048576 bytes +-----------------------[event-filter-global]---------------------------------- | none +-----------------------[event-filter-local]----------------------------------- | gen-id=1 sig-id=13855 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=5846 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=7567 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=10166 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=5891 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=7571 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=13856 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=6203 type=Limit tracking=src count=1 seconds=1200 | gen-id=1 sig-id=6207 type=Limit tracking=src count=1 seconds=1200 | gen-id=1 sig-id=6270 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=5925 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=6361 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=12121 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=5926 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=5829 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=6358 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=5922 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=12700 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=5830 type=Limit tracking=src count=1 seconds=600 | gen-id=1 sig-id=7563 type=Limit tracking=src count=1 seconds=600 | gen-id=1 sig-id=7551 type=Limit tracking=src count=1 seconds=600 | gen-id=1 sig-id=13652 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=5881 type=Limit tracking=src count=1 seconds=60 | gen-id=1 sig-id=6384 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=13653 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=7552 type=Limit tracking=src count=1 seconds=600 | gen-id=1 sig-id=6191 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=12371 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=7597 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=13282 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=6254 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=7589 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=12368 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=6251 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=5910 type=Limit tracking=dst count=1 seconds=300 | gen-id=1 sig-id=10181 type=Limit tracking=src count=1 seconds=600 | gen-id=1 sig-id=6342 type=Limit tracking=src count=1 seconds=60 | gen-id=1 sig-id=6233 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=9652 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=7594 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=6225 type=Limit tracking=src count=1 seconds=600 | gen-id=1 sig-id=6222 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=12721 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=7547 type=Limit tracking=src count=1 seconds=600 | gen-id=1 sig-id=5865 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=7539 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=12367 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=7581 type=Limit tracking=src count=1 seconds=600 | gen-id=1 sig-id=6487 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=7573 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=5988 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=7515 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=7848 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=12679 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=7570 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=5801 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=5890 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=6209 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=9648 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=6363 type=Limit tracking=src count=1 seconds=600 | gen-id=1 sig-id=6484 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=11307 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=7050 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=12151 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=2924 type=Threshold tracking=dst count=10 seconds=60 | gen-id=1 sig-id=6206 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=8468 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=7531 type=Limit tracking=src count=1 seconds=6000 | gen-id=1 sig-id=13242 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=12481 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=5835 type=Limit tracking=src count=1 seconds=600 | gen-id=1 sig-id=7523 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=6360 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=6364 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=11312 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=5765 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=13936 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=10089 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=7835 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=12793 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=5832 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=5889 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=7557 type=Limit tracking=src count=1 seconds=600 | gen-id=1 sig-id=5980 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=7832 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=13507 type=Limit tracking=src count=1 seconds=200 | gen-id=1 sig-id=10094 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=13499 type=Limit tracking=src count=1 seconds=100 | gen-id=1 sig-id=7055 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=5977 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=7562 type=Limit tracking=src count=1 seconds=600 | gen-id=1 sig-id=7154 type=Limit tracking=src count=1 seconds=1200 | gen-id=1 sig-id=12052 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=5951 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=5764 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=6198 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=12727 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=6281 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=8359 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=11948 type=Limit tracking=src count=1 seconds=30 | gen-id=1 sig-id=5940 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=12697 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=12132 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=7516 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=7827 type=Limit tracking=src count=1 seconds=600 | gen-id=1 sig-id=12698 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=4984 type=Threshold tracking=src count=5 seconds=2 | gen-id=1 sig-id=14086 type=Limit tracking=src count=1 seconds=100 | gen-id=1 sig-id=5824 type=Limit tracking=src count=1 seconds=60 | gen-id=1 sig-id=7549 type=Limit tracking=src count=1 seconds=600 | gen-id=1 sig-id=7141 type=Limit tracking=src count=1 seconds=600 | gen-id=1 sig-id=14087 type=Limit tracking=src count=1 seconds=150 | gen-id=1 sig-id=7828 type=Limit tracking=src count=1 seconds=600 | gen-id=1 sig-id=7550 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=12369 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=14057 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=12127 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=5990 type=Limit tracking=src count=1 seconds=600 | gen-id=1 sig-id=5774 type=Limit tracking=src count=1 seconds=1800 | gen-id=1 sig-id=5932 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=12366 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=13849 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=5803 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=5995 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=5987 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=12678 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=7533 type=Limit tracking=src count=1 seconds=600 | gen-id=1 sig-id=7192 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=13568 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=7534 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=13651 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=6252 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=7504 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=5927 type=Limit tracking=src count=1 seconds=1200 | gen-id=1 sig-id=5974 type=Limit tracking=src count=1 seconds=900 | gen-id=1 sig-id=10441 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=5982 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=12295 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=6481 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=13509 type=Limit tracking=src count=1 seconds=400 | gen-id=1 sig-id=10096 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=13285 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=5916 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=5979 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=5961 type=Limit tracking=src count=1 seconds=1800 | gen-id=1 sig-id=7138 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=6377 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=5983 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=5971 type=Limit tracking=src count=1 seconds=900 | gen-id=1 sig-id=6482 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=12228 type=Limit tracking=src count=1 seconds=30 | gen-id=1 sig-id=6228 type=Limit tracking=src count=1 seconds=600 | gen-id=1 sig-id=6232 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=12137 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=5796 type=Limit tracking=src count=1 seconds=600 | gen-id=1 sig-id=3542 type=Threshold tracking=src count=5 seconds=2 | gen-id=1 sig-id=8545 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=11950 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=6374 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=6386 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=5950 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=12794 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=13867 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=12134 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=7185 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=7518 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=8358 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=12791 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=10095 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=5903 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=7143 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=5966 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=12661 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=9830 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=7576 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=7144 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=6282 type=Limit tracking=src count=1 seconds=600 | gen-id=1 sig-id=7140 type=Limit tracking=src count=1 seconds=600 | gen-id=1 sig-id=5945 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=6373 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=12224 type=Limit tracking=src count=1 seconds=600 | gen-id=1 sig-id=6212 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=5750 type=Limit tracking=src count=1 seconds=1800 | gen-id=1 sig-id=5776 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=5871 type=Limit tracking=src count=1 seconds=600 | gen-id=1 sig-id=12126 type=Limit tracking=src count=1 seconds=600 | gen-id=1 sig-id=5841 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=12720 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=13942 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=7169 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=5842 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=5838 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=9829 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=7575 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=13852 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=6199 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=7572 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=2275 type=Threshold tracking=dst count=5 seconds=60 | gen-id=1 sig-id=5929 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=5858 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=5921 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=6200 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=6208 type=Limit tracking=src count=1 seconds=1200 | gen-id=1 sig-id=6196 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=2923 type=Threshold tracking=dst count=10 seconds=60 | gen-id=1 sig-id=5930 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=5918 type=Limit tracking=src count=1 seconds=1200 | gen-id=1 sig-id=5742 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=5825 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=12759 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=7559 type=Limit tracking=src count=1 seconds=600 | gen-id=1 sig-id=13648 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=14085 type=Limit tracking=src count=1 seconds=600 | gen-id=1 sig-id=7548 type=Limit tracking=src count=1 seconds=600 | gen-id=1 sig-id=14055 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=3152 type=Threshold tracking=src count=5 seconds=2 | gen-id=1 sig-id=6250 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=7593 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=6341 type=Limit tracking=src count=1 seconds=60 | gen-id=1 sig-id=5917 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=5996 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=10180 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=6192 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=5914 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=7582 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=5993 type=Limit tracking=src count=1 seconds=600 | gen-id=1 sig-id=8071 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=6496 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=12159 type=Limit tracking=src count=1 seconds=120 | gen-id=1 sig-id=12002 type=Both tracking=src count=100 seconds=25 | gen-id=1 sig-id=8072 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=6372 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=7532 type=Limit tracking=src count=1 seconds=600 | gen-id=1 sig-id=13948 type=Threshold tracking=src count=200 seconds=30 | gen-id=1 sig-id=7195 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=7514 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=5897 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=7603 type=Limit tracking=src count=1 seconds=600 | gen-id=1 sig-id=5992 type=Limit tracking=src count=1 seconds=600 | gen-id=1 sig-id=10164 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=7856 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=6483 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=7511 type=Limit tracking=src count=1 seconds=600 | gen-id=1 sig-id=5989 type=Limit tracking=src count=1 seconds=600 | gen-id=1 sig-id=8467 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=6239 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=6213 type=Limit tracking=src count=1 seconds=1800 | gen-id=1 sig-id=6488 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=3543 type=Threshold tracking=src count=5 seconds=2 | gen-id=1 sig-id=9644 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=5805 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=5981 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=6480 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=6359 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=3273 type=Threshold tracking=src count=5 seconds=2 | gen-id=1 sig-id=11311 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=7535 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=8464 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=5794 type=Limit tracking=src count=1 seconds=600 | gen-id=1 sig-id=7527 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=12485 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=7194 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=7839 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=10438 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=5773 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=7524 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=13940 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=7191 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=8360 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=5828 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=5836 type=Limit tracking=src count=1 seconds=600 | gen-id=1 sig-id=12365 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=7569 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=5976 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=13941 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=13503 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=7142 type=Limit tracking=src count=1 seconds=600 | gen-id=1 sig-id=13558 type=Limit tracking=src count=1 seconds=50 | gen-id=1 sig-id=7558 type=Limit tracking=src count=1 seconds=600 | gen-id=1 sig-id=5973 type=Limit tracking=src count=1 seconds=900 | gen-id=1 sig-id=6197 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=14065 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=5943 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=8542 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=6343 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=12693 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=5944 type=Limit tracking=src count=1 seconds=900 | gen-id=1 sig-id=14066 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=11952 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=5760 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=12378 type=Limit tracking=src count=1 seconds=600 | gen-id=1 sig-id=13812 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=12003 type=Both tracking=src count=10 seconds=5 | gen-id=1 sig-id=8073 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=12702 type=Limit tracking=src count=1 seconds=500 | gen-id=1 sig-id=12004 type=Both tracking=src count=25 seconds=10 | gen-id=1 sig-id=13341 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=12162 type=Limit tracking=src count=1 seconds=120 | gen-id=1 sig-id=6189 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=5939 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=5994 type=Limit tracking=src count=1 seconds=600 | gen-id=1 sig-id=5928 type=Limit tracking=src count=1 seconds=1200 | gen-id=1 sig-id=5744 type=Limit tracking=src count=1 seconds=1800 | gen-id=1 sig-id=5807 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=6494 type=Limit tracking=src count=1 seconds=1200 | gen-id=1 sig-id=6490 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=12674 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=5749 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=7537 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=7529 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=2523 type=Both tracking=dst count=10 seconds=10 | gen-id=1 sig-id=12487 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=13655 type=Limit tracking=src count=1 seconds=200 | gen-id=1 sig-id=10440 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=12294 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=7193 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=7526 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=5915 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=13876 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=12291 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=5978 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=6489 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=6477 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=5986 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=10092 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=7505 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=10183 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=5975 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=12482 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=6478 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=8544 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=5949 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=6385 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=12486 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=12149 type=Limit tracking=src count=1 seconds=600 | gen-id=1 sig-id=12761 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=5946 type=Limit tracking=src count=1 seconds=600 | gen-id=1 sig-id=11954 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=11306 type=Limit tracking=src count=1 seconds=600 | gen-id=1 sig-id=7180 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=7525 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=5954 type=Limit tracking=src count=1 seconds=600 | gen-id=1 sig-id=12138 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=7837 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=7522 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=5767 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=10091 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=7177 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=11951 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=12795 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=5899 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=10182 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=7587 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=13343 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=7139 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=5970 type=Limit tracking=src count=1 seconds=900 | gen-id=1 sig-id=10088 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=6237 type=Limit tracking=src count=1 seconds=1200 | gen-id=1 sig-id=5896 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=6241 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=13497 type=Limit tracking=src count=1 seconds=100 | gen-id=1 sig-id=6219 type=Both tracking=src count=1 seconds=1800 | gen-id=1 sig-id=10179 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=9650 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=6223 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=13489 type=Limit tracking=src count=1 seconds=200 | gen-id=1 sig-id=7118 type=Limit tracking=src count=1 seconds=600 | gen-id=1 sig-id=5866 type=Limit tracking=src count=1 seconds=900 | gen-id=1 sig-id=6365 type=Limit tracking=src count=1 seconds=600 | gen-id=1 sig-id=5775 type=Limit tracking=src count=1 seconds=1800 | gen-id=1 sig-id=6220 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=13813 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=5942 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=5867 type=Limit tracking=src count=1 seconds=900 | gen-id=1 sig-id=6275 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=5837 type=Limit tracking=src count=1 seconds=300 | gen-id=1 sig-id=12122 type=Limit tracking=src count=1 seconds=18000 | gen-id=1 sig-id=13810 type=Limit tracking=src count=1 seconds=3500 +-----------------------[suppression]------------------------------------------ | none ------------------------------------------------------------------------------- Rule application order: activation->dynamic->pass->drop->alert->log Verifying Preprocessor Configurations! Warning: 'ignore_any_rules' option for Stream5 UDP disabled because of UDP rule with flow or flowbits option Warning: flowbits key 'Backdoor.Bersek.Remoteshell' is set but not ever checked. Warning: flowbits key 'excel.download' is set but not ever checked. Warning: flowbits key 'PtakkS_Keepalive' is set but not ever checked. Warning: flowbits key 'ppt.download' is set but not ever checked. Warning: flowbits key 'ScreenControl_capture2213' is set but not ever checked. Warning: flowbits key 'xls.download' is set but not ever checked. Warning: flowbits key 'aiff_file.request' is set but not ever checked. Warning: flowbits key 'Evade_File_Manager1' is set but not ever checked. Warning: flowbits key 'emf.request' is set but not ever checked. Warning: flowbits key 'CookieMonster_FileExplorer' is set but not ever checked. Warning: flowbits key 'smb.tree.create.sql.query' is set but not ever checked. Warning: flowbits key 'bit.3xBackdoorconnection' is set but not ever checked. Warning: flowbits key 'ReVerSaBle_ExecuteCommand' is set but not ever checked. Warning: flowbits key 'eot.download' is set but not ever checked. Warning: flowbits key 'snipernet' is set but not ever checked. Warning: flowbits key 'MinicomLite' is set but not ever checked. Warning: flowbits key 'asp.upload' is set but not ever checked. Warning: flowbits key 'Backdoor.Apofis.Remotecontrol' is set but not ever checked. Warning: flowbits key 'outbreak_ring_stc' is set but not ever checked. Warning: flowbits key 'AM_Remote_Client' is set but not ever checked. Warning: flowbits key 'http.bmp' is checked but not ever set. Warning: flowbits key 'exe.download' is set but not ever checked. Warning: flowbits key 'Mantis_Notify2' is set but not ever checked. Warning: flowbits key 'Only1RAT_Control' is set but not ever checked. Warning: flowbits key 'buttman.1' is set but not ever checked. Warning: flowbits key 'http.dxf' is set but not ever checked. Warning: flowbits key 'Omniquad_IRC_InitConnection' is set but not ever checked. Warning: flowbits key 'trojan.delf.post' is set but not ever checked. Warning: flowbits key 'access.download' is set but not ever checked. Warning: flowbits key 'avi.download' is set but not ever checked. Warning: flowbits key 'smalluploader_remotesh' is set but not ever checked. Warning: flowbits key 'caff_request' is set but not ever checked. Warning: flowbits key 'mssearch_file.request' is set but not ever checked. Warning: flowbits key 'backup_file.request' is set but not ever checked. Warning: flowbits key 'http.mp3' is set but not ever checked. Warning: flowbits key 'email.pdf' is checked but not ever set. Warning: flowbits key 'http.rtf' is set but not ever checked. Warning: flowbits key 'http.ppt' is set but not ever checked. Warning: flowbits key 'works.download' is set but not ever checked. Warning: flowbits key 'realplayer.playlist' is checked but not ever set. Warning: flowbits key 'Backdoor.Bersek.Init' is set but not ever checked. Warning: flowbits key 'http.wma' is set but not ever checked. Warning: flowbits key 'wmf.download' is set but not ever checked. Warning: flowbits key 'wav_file.request' is set but not ever checked. Warning: flowbits key 'maki_file.request' is set but not ever checked. Warning: flowbits key 'realmedia_file.request' is set but not ever checked. Warning: flowbits key 'http.doc' is set but not ever checked. Warning: flowbits key 'Netspy_Command_Pattern' is set but not ever checked. 365 out of 512 flowbits in use. Initializing Network Interface eth0 Decoding Ethernet on interface eth0 database: compiled support for (mysql) database: configured to use mysql database: schema version = 107 database: host = localhost database: user = snort database: database name = snort database: sensor name = 192.168.1.109 database: sensor id = 1 database: data encoding = hex database: detail level = full database: ignore_bpf = no database: using the "log" facility [ Port Based Pattern Matching Memory ] +-[AC-BNFA Search Info Summary]------------------------------ | Instances : 804 | Patterns : 265514 | Pattern Chars : 5146733 | Num States : 2630779 | Num Match States : 266520 | Memory : 57.63Mbytes | Patterns : 10.98M | Match Lists : 15.69M | Transitions : 30.76M +------------------------------------------------- --== Initialization Complete ==-- ,,_ -*> Snort! <*- o" )~ Version 2.8.5.1 (Build 114) '''' By Martin Roesch & The Snort Team: http://www.snort.org/snort/snort-team Copyright (C) 1998-2009 Sourcefire, Inc., et al. Using PCRE version: 7.8 2008-09-05 Rules Engine: SF_SNORT_DETECTION_ENGINE Version 1.11 <Build 17> Preprocessor Object: SF_SSLPP Version 1.1 <Build 3> Preprocessor Object: SF_SSH Version 1.1 <Build 2> Preprocessor Object: SF_SMTP Version 1.1 <Build 8> Preprocessor Object: SF_FTPTELNET Version 1.2 <Build 12> Preprocessor Object: SF_DNS Version 1.1 <Build 3> Preprocessor Object: SF_DCERPC2 Version 1.0 <Build 2> Not Using PCAP_FRAMES* After stopping Snort: *^C*** Caught Int-Signal Snort exiting Run time prior to being shutdown was 1112.570312 seconds database: Closing connection to database "snort" =============================================================================== Packet Wire Totals: Received: 3791 Analyzed: 3791 (100.000%) Dropped: 0 (0.000%) Outstanding: 0 (0.000%) =============================================================================== Breakdown by protocol (includes rebuilt packets): ETH: 3793 (100.000%) ETHdisc: 0 (0.000%) VLAN: 0 (0.000%) IPV6: 1040 (27.419%) IP6 EXT: 0 (0.000%) IP6opts: 0 (0.000%) IP6disc: 0 (0.000%) IP4: 2729 (71.948%) IP4disc: 23 (0.606%) TCP 6: 0 (0.000%) UDP 6: 0 (0.000%) ICMP6: 0 (0.000%) ICMP-IP: 0 (0.000%) TCP: 222 (5.853%) UDP: 2207 (58.186%) ICMP: 0 (0.000%) TCPdisc: 0 (0.000%) UDPdisc: 0 (0.000%) ICMPdis: 0 (0.000%) FRAG: 0 (0.000%) FRAG 6: 0 (0.000%) ARP: 24 (0.633%) EAPOL: 0 (0.000%) ETHLOOP: 0 (0.000%) IPX: 0 (0.000%) OTHER: 277 (7.303%) DISCARD: 23 (0.606%) InvChkSum: 37 (0.975%) S5 G 1: 0 (0.000%) S5 G 2: 2 (0.053%) Total: 3793 =============================================================================== Action Stats: ALERTS: 0 LOGGED: 0 PASSED: 0 lowmem: queue size = 9, max = 32 lowmem: queue flushes = 0 lowmem: queue inserts = 5566 lowmem: queue uinserts = 3497 ac-bnfa: queue size = 9, max = 32 ac-bnfa: queue flushes = 0 ac-bnfa: queue inserts = 5566 ac-bnfa: queue uinserts = 3497 mpse: queue size = 9, max possible = 32 mpse: queue flushes = 0 mpse: queue inserts = 5566 mpse: queue uinserts = 3497 =============================================================================== Frag3 statistics: Total Fragments: 0 Frags Reassembled: 0 Discards: 0 Memory Faults: 0 Timeouts: 0 Overlaps: 0 Anomalies: 0 Alerts: 0 Drops: 0 FragTrackers Added: 0 FragTrackers Dumped: 0 FragTrackers Auto Freed: 0 Frag Nodes Inserted: 0 Frag Nodes Deleted: 0 =============================================================================== Stream5 statistics: Total sessions: 232 TCP sessions: 11 UDP sessions: 221 ICMP sessions: 0 TCP Prunes: 0 UDP Prunes: 0 ICMP Prunes: 0 TCP StreamTrackers Created: 11 TCP StreamTrackers Deleted: 11 TCP Timeouts: 0 TCP Overlaps: 0 TCP Segments Queued: 36 TCP Segments Released: 36 TCP Rebuilt Packets: 19 TCP Segments Used: 36 TCP Discards: 0 UDP Sessions Created: 292 UDP Sessions Deleted: 292 UDP Timeouts: 71 UDP Discards: 0 Events: 0 Internal Events: 0 TCP Port Filter Dropped: 0 Inspected: 0 Tracked: 183 UDP Port Filter Dropped: 0 Inspected: 0 Tracked: 2207 =============================================================================== HTTP Inspect - encodings (Note: stream-reassembled packets included): POST methods: 5 GET methods: 65 Headers extracted: 70 Header Cookies extracted: 68 Post parameters extracted: 5 Unicode: 0 Double unicode: 0 Non-ASCII representable: 0 Base 36: 0 Directory traversals: 0 Extra slashes ("//"): 0 Self-referencing paths ("./"): 0 Total packets processed: 55 =============================================================================== =============================================================================== dcerpc2 Preprocessor Statistics Total sessions: 0 =============================================================================== * So it seems like it captures the packets but the tables are empty in the mysql database. The rules are in the right directory, i checked it, and i have the output database configured in the snort.conf. Any ideas? The HOME_NET variable is set to 192.168.1.0/24, the EXTERNAL_NET is !$HOME_NET. Also, what are these lots of IPv6 traffics? Thanks a lot again, Adam Szabo On Sun, Oct 25, 2009 at 2:08 PM, Adam Szabo <adamx001 () gmail com> wrote:
Thank you all. My ubuntu was all messed up so i reinstalled the whole system and it works now. I successfully installed BASE and i see the web surface but there are 0 alerts. I'm behind a router, but there should be alerts on my local network also, am i right? Snort is running since half an hour. Adam Szabo On Sat, Oct 24, 2009 at 6:35 PM, Nigel Houghton <nhoughton () sourcefire com>wrote:On Sat, Oct 24, 2009 at 1:15 PM, Adam Szabo <adamx001 () gmail com> wrote:Detection: Search-Method = AC-BNFA-Q ERROR: /etc/snort/snort.conf(273) Config option "detection" can only be configured once. Adam Szabo On Sat, Oct 24, 2009 at 6:23 PM, Nigel Houghton <nhoughton () sourcefire com>wrote:On Sat, Oct 24, 2009 at 3:47 AM, Adam Szabo <adamx001 () gmail com>wrote:Still not working. The configuration is the default i downloaded from snort.com. I only changed the HOME_NET and EXTERNAL_NET variablesandthe rules path. Adam Szabo On Thu, Oct 22, 2009 at 10:43 PM, Russ Combs <rcombs () sourcefire com> wrote:You've got a typo on every line! (see below) With those fixes I can run either lines 1 and 3 or lines 2 and 3 through snort -T. If that doesn't fix it, send your conf. Russ On Thu, Oct 22, 2009 at 2:15 PM, Adam Szabo <adamx001 () gmail com>wrote:I have these: config detection: search-method lowmenlowmen -> lowmemconfig detection: search method ac-bnfa max_queue_events 5search method -> search-methodconfig event_queue: max_queue 8 log 3 order_events content_lenghtcontent_lenght -> content-lengthAdam Szabo On Thu, Oct 22, 2009 at 8:09 PM, Matt Olney <molney () sourcefire comwrote:Is it possible that you have multiple detection statements? grep detection snort.conf On Thu, Oct 22, 2009 at 1:58 PM, Adam Szabo <adamx001 () gmail com> wrote:Hi, I'm running Snort 2.8.5 on Ubuntu linux and i'm getting thiserrorwhen i start Snort (snort -c /etc/snort/snort.conf): "Detection: Search-Method = AC-BNFA-Q ERROR: /etc/snort/snort.conf(273) Config option "detection" can only be configured once." I did not change anything near line 273, so i don't know why is this happening. Can you help me? Thank you, Adam Szabo------------------------------------------------------------------------------Come build with us! The BlackBerry(R) Developer Conference inSF,CA is the only developer event you need to attend this year.Jumpstartyour developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9 - 12, 2009. Register now! http://p.sf.net/sfu/devconference _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users------------------------------------------------------------------------------Come build with us! The BlackBerry(R) Developer Conference in SF,CAis the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to marketandstay ahead of the curve. Join us from November 9 - 12, 2009. Registernow!http://p.sf.net/sfu/devconference _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users------------------------------------------------------------------------------Come build with us! The BlackBerry(R) Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstartyourdeveloping skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9 - 12, 2009. Register now! http://p.sf.net/sfu/devconference _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-usersWhat exactly is the error you are getting now? -- Nigel Houghton Head Mentalist SF VRT http://vrt-sourcefire.blogspot.com && http://www.snort.org/vrt/------------------------------------------------------------------------------Come build with us! The BlackBerry(R) Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market andstayahead of the curve. Join us from November 9 - 12, 2009. Register now! http://p.sf.net/sfu/devconference _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-usersThen you aren't using the snort.conf from the tarball with only the edits you say you made. I get no such error with the standard snort.conf. I suggest you go back to step 1, copy the snort.conf to /etc/snort/snort.conf and try running snort with the -T option and probably with the -c option to make sure you are getting the right snort.conf. (you probably want to edit first to make sure your rule path is correct) -- Nigel Houghton Head Mentalist SF VRT http://vrt-sourcefire.blogspot.com && http://www.snort.org/vrt/
------------------------------------------------------------------------------ Come build with us! The BlackBerry(R) Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9 - 12, 2009. Register now! http://p.sf.net/sfu/devconference
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: snort error config option "detection" ..., (continued)
- Re: snort error config option "detection" ... Matt Olney (Oct 22)
- Re: snort error config option "detection" ... Adam Szabo (Oct 22)
- Re: snort error config option "detection" ... Russ Combs (Oct 22)
- Re: snort error config option "detection" ... Adam Szabo (Oct 24)
- Re: snort error config option "detection" ... Nigel Houghton (Oct 24)
- Re: snort error config option "detection" ... Adam Szabo (Oct 24)
- Re: snort error config option "detection" ... Nigel Houghton (Oct 24)
- Re: snort error config option "detection" ... Adam Szabo (Oct 25)
- Re: snort error config option "detection" ... Gregory.Brunn (Oct 25)
- Re: snort error config option "detection" ... Adam Szabo (Oct 25)
- Re: snort error config option "detection" ... Adam Szabo (Oct 25)
- Re: snort error config option "detection" ... Adam Szabo (Oct 22)
- Re: snort error config option "detection" ... Matt Olney (Oct 22)
- Re: snort error config option "detection" ... Adam Szabo (Oct 22)