Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Problems!

From: Alberto Nicolás Gentil Otero - GenSys Telecomunicaciones <albgentil () gensys es>
Date: Tue, 02 Feb 2010 17:21:34 +0100
 Hello to all!

It is the first time that I write to the list.
I warn that my Englishman is bad(wrong) enough, I am sorry.:)
I realize a project on Snort, and have enough problems, which I do not 
manage to arrange.

I have just now working Snort 2.8.4.1 + Postgrest + barnyard2 + 
oinkmaster + snortsam + Swatch. My first problem:

When I update the rules with oinkmaster, it (he) me turns to activating 
rules, that I tape-worm deactivated before. Since I do in order that he 
respects them?

The second problem:

Snortsam blocks the alerts using cisconullroute2. It does well the 
things, but when I it execute sample messages of mistake of the type:

Parsing config file /etc/snortsam.conf...
Linking plugin 'cisconullroute2'...
Checking for existing state file "/var/db/snortsam.state".
Found. Reading state file.
Starting to listen for Snort alerts.
Error: Packet out of sequence from 127.0.0.1, trying to re-sync.
Snort station 127.0.0.1 using wrong password, trying to re-sync.
Blocking host **.**.**.** completely for 300 seconds (Sig_ID: 882).
Blocking host **.**.**.** completely for 300 seconds (Sig_ID: 882).

I dont write any password in the conf file (default settings).

The third problem: since I can add " fwsam: " to all the rules? Without 
having to modify the rules of one in one. Is the well-read one that is 
using a file sid-block.map, I do not know the syntax.

I have more problems great, but we can begin with these three.

Thank you very much to all, and a greeting:)



------------------------------------------------------------------------------
The Planet: dedicated and managed hosting, cloud storage, colocation
Stay online with enterprise data centers and the best network in the business
Choose flexible plans and management services without long-term contracts
Personal 24x7 support from experience hosting pros just a phone call away.
http://p.sf.net/sfu/theplanet-com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: