Snort mailing list archives

Re: (no subject)

From: JJC <cummingsj () gmail com>
Date: Tue, 1 Mar 2011 07:43:05 -0700

For the first two warnings, check the snort manual.. it will tell you
what to do in your snort.conf

For the third you need to enable the rule that contains the
set,http_pub; option (of course I'll insert a shameless plug for
PulledPork here)

JJC

On Tue, Mar 1, 2011 at 2:28 AM, sasa susmanto <sasasusmanto () yahoo com> wrote:

I have try to run snort configurations using options below :
snort -i3 -s -l c:\snort\log -c c:\snort\etc\snort.conf -T

in the following screen i see information like this :
Warning: 'ignore_any_rules' option for Stream5 UDP disabled because of UDP rule
with flow or flowbits option

ICMP tracking disabled, no ICMP sessions allocated

warning: flowbits key 'http.pub' is checked but not ever set


what should i do to fix those problems

thank's



------------------------------------------------------------------------------
Free Software Download: Index, Search & Analyze Logs and other IT data in
Real-Time with Splunk. Collect, index and harness all the fast moving IT data
generated by your applications, servers and devices whether physical, virtual
or in the cloud. Deliver compliance at lower cost and gain new business
insights. http://p.sf.net/sfu/splunk-dev2dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


------------------------------------------------------------------------------
Free Software Download: Index, Search & Analyze Logs and other IT data in 
Real-Time with Splunk. Collect, index and harness all the fast moving IT data 
generated by your applications, servers and devices whether physical, virtual
or in the cloud. Deliver compliance at lower cost and gain new business 
insights. http://p.sf.net/sfu/splunk-dev2dev 
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

(no subject) sasa susmanto (Mar 01)
- Re: (no subject) Joel Esler (Mar 01)
  - Re: (no subject) Alan Ptak (Mar 02)
    - Re: (no subject) waldo kitty (Mar 02)
    - Re: (no subject) Jason Wallace (Mar 03)
    - Re: (no subject) Jefferson, Shawn (Mar 03)
    - Re: (no subject) JJC (Mar 03)
    - Re: (no subject) Jefferson, Shawn (Mar 03)
    - Re: (no subject) Dave Venman (Mar 03)
    - Re: (no subject) Joel Esler (Mar 04)
- Re: (no subject) JJC (Mar 01)
- <Possible follow-ups>
- (no subject) sasa susmanto (Mar 02)
  - Re: (no subject) Alan Ptak (Mar 02)