Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Upgrade from 2.5.8.1 to 2.8.6 and no alerts!

From: "Chambers, Richard A. (LARC-B703)[RAYTHEON TECHNICAL SERVICES COMPANY]" <richard.a.chambers () nasa gov>
Date: Tue, 27 Apr 2010 12:43:57 -0500
Thanks!  That's got it!!!!

-----Original Message-----
From: Joel Esler [mailto:jesler () sourcefire com] 
Sent: Tuesday, April 27, 2010 1:41 PM
To: Chambers, Richard A. (LARC-B703)[RAYTHEON TECHNICAL SERVICES COMPANY]
Cc: snort-users () lists sourceforge net
Subject: Re: [Snort-users] Upgrade from 2.5.8.1 to 2.8.6 and no alerts!

Apr 27 13:14:18 feign snort[14491]: InvChkSum: 5715187    (98.104%)

Try -k none

J

On Tuesday, April 27, 2010, Chambers, Richard A. (LARC-B703)[RAYTHEON
TECHNICAL SERVICES COMPANY] <richard.a.chambers () nasa gov> wrote:

Guys,
   Currently running version 2.8.5.1 with no issues.  Got the source code today for 2.8.6 - configed/compiled as 
before but seem to be having issues.  It launches with no errors but doesn't generate any alerts:

Apr 27 13:14:18 feign snort[14491]: Packet Wire Totals:
Apr 27 13:14:18 feign snort[14491]:    Received:      5887624
Apr 27 13:14:18 feign snort[14491]:    Analyzed:      5825494 (98.945%)
Apr 27 13:14:18 feign snort[14491]:     Dropped:        62115 (1.055%)
Apr 27 13:14:18 feign snort[14491]: Outstanding:           15 (0.000%)
Apr 27 13:14:18 feign snort[14491]: ===============================================================================
Apr 27 13:14:18 feign snort[14491]: Breakdown by protocol (includes rebuilt packets):
Apr 27 13:14:18 feign snort[14491]:       ETH: 5825642    (100.000%)
Apr 27 13:14:18 feign snort[14491]:   ETHdisc: 0          (0.000%)
Apr 27 13:14:18 feign snort[14491]:      VLAN: 0          (0.000%)
Apr 27 13:14:18 feign snort[14491]:      IPV6: 0          (0.000%)
Apr 27 13:14:18 feign snort[14491]:   IP6 EXT: 0          (0.000%)
Apr 27 13:14:18 feign snort[14491]:   IP6opts: 0          (0.000%)
Apr 27 13:14:18 feign snort[14491]:   IP6disc: 0          (0.000%)
Apr 27 13:14:18 feign snort[14491]:       IP4: 5825642    (100.000%)
Apr 27 13:14:18 feign snort[14491]:   IP4disc: 0          (0.000%)
Apr 27 13:14:18 feign snort[14491]:     TCP 6: 0          (0.000%)
Apr 27 13:14:18 feign snort[14491]:     UDP 6: 0          (0.000%)
Apr 27 13:14:18 feign snort[14491]:     ICMP6: 0          (0.000%)
Apr 27 13:14:18 feign snort[14491]:   ICMP-IP: 0          (0.000%)
Apr 27 13:14:18 feign snort[14491]:       TCP: 5715187    (98.104%)
Apr 27 13:14:18 feign snort[14491]:       UDP: 97763      (1.678%)
Apr 27 13:14:18 feign snort[14491]:      ICMP: 3409       (0.059%)
Apr 27 13:14:18 feign snort[14491]:   TCPdisc: 0          (0.000%)
Apr 27 13:14:18 feign snort[14491]:   UDPdisc: 0          (0.000%)
Apr 27 13:14:18 feign snort[14491]:   ICMPdis: 0          (0.000%)
Apr 27 13:14:18 feign snort[14491]:      FRAG: 296        (0.005%)
Apr 27 13:14:18 feign snort[14491]:    FRAG 6: 0          (0.000%)
Apr 27 13:14:18 feign snort[14491]:       ARP: 0          (0.000%)
Apr 27 13:14:18 feign snort[14491]:     EAPOL: 0          (0.000%)
Apr 27 13:14:18 feign snort[14491]:   ETHLOOP: 0          (0.000%)
Apr 27 13:14:18 feign snort[14491]:       IPX: 0          (0.000%)
Apr 27 13:14:18 feign snort[14491]:     OTHER: 8999       (0.154%)
Apr 27 13:14:18 feign snort[14491]:   DISCARD: 0          (0.000%)
Apr 27 13:14:18 feign snort[14491]: InvChkSum: 5715187    (98.104%)
Apr 27 13:14:18 feign snort[14491]:    S5 G 1: 0          (0.000%)
Apr 27 13:14:18 feign snort[14491]:    S5 G 2: 0          (0.000%)
Apr 27 13:14:18 feign snort[14491]:     Total: 5825642
Apr 27 13:14:18 feign snort[14491]: ===============================================================================
Apr 27 13:14:18 feign snort[14491]: Action Stats:
Apr 27 13:14:18 feign snort[14491]: ALERTS: 0
Apr 27 13:14:18 feign snort[14491]: LOGGED: 0
Apr 27 13:14:18 feign snort[14491]: PASSED: 5262
Apr 27 13:14:18 feign snort[14491]: ===============================================================================
Apr 27 13:14:18 feign snort[14491]: Frag3 statistics:
Apr 27 13:14:18 feign snort[14491]:         Total Fragments: 296
Apr 27 13:14:18 feign snort[14491]:       Frags Reassembled: 148
Apr 27 13:14:18 feign snort[14491]:                Discards: 0
Apr 27 13:14:18 feign snort[14491]:           Memory Faults: 0
Apr 27 13:14:18 feign snort[14491]:                Timeouts: 0
Apr 27 13:14:18 feign snort[14491]:                Overlaps: 0
Apr 27 13:14:18 feign snort[14491]:               Anomalies: 0
Apr 27 13:14:18 feign snort[14491]:                  Alerts: 0
Apr 27 13:14:18 feign snort[14491]:                   Drops: 0
Apr 27 13:14:18 feign snort[14491]:      FragTrackers Added: 148
Apr 27 13:14:18 feign snort[14491]:     FragTrackers Dumped: 148
Apr 27 13:14:18 feign snort[14491]: FragTrackers Auto Freed: 0

Any thoughts?

Thanks

Richard A. Chambers
IT Security
Raytheon, ConITS
Richard.A.Chambers () nasa gov
757-864-5080
----
IT Security
itsecurity () larc nasa gov
757-864-4200



------------------------------------------------------------------------------
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users



-- 
Joel Esler

------------------------------------------------------------------------------
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: