Snort mailing list archives
Problems!
From: Alberto Nicolás Gentil Otero - GenSys Telecomunicaciones <albgentil () gensys es>
Date: Tue, 02 Feb 2010 17:21:34 +0100
Hello to all! It is the first time that I write to the list. I warn that my Englishman is bad(wrong) enough, I am sorry.:) I realize a project on Snort, and have enough problems, which I do not manage to arrange. I have just now working Snort 2.8.4.1 + Postgrest + barnyard2 + oinkmaster + snortsam + Swatch. My first problem: When I update the rules with oinkmaster, it (he) me turns to activating rules, that I tape-worm deactivated before. Since I do in order that he respects them? The second problem: Snortsam blocks the alerts using cisconullroute2. It does well the things, but when I it execute sample messages of mistake of the type: Parsing config file /etc/snortsam.conf... Linking plugin 'cisconullroute2'... Checking for existing state file "/var/db/snortsam.state". Found. Reading state file. Starting to listen for Snort alerts. Error: Packet out of sequence from 127.0.0.1, trying to re-sync. Snort station 127.0.0.1 using wrong password, trying to re-sync. Blocking host **.**.**.** completely for 300 seconds (Sig_ID: 882). Blocking host **.**.**.** completely for 300 seconds (Sig_ID: 882). I dont write any password in the conf file (default settings). The third problem: since I can add " fwsam: " to all the rules? Without having to modify the rules of one in one. Is the well-read one that is using a file sid-block.map, I do not know the syntax. I have more problems great, but we can begin with these three. Thank you very much to all, and a greeting:) ------------------------------------------------------------------------------ The Planet: dedicated and managed hosting, cloud storage, colocation Stay online with enterprise data centers and the best network in the business Choose flexible plans and management services without long-term contracts Personal 24x7 support from experience hosting pros just a phone call away. http://p.sf.net/sfu/theplanet-com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Problems! Alberto Nicolás Gentil Otero - GenSys Telecomunicaciones (Feb 02)