Snort mailing list archives
Re: snortsam patch for snort 2.9.2.2
From: Luis Daniel Lucio Quiroz <luis.daniel.lucio () gmail com>
Date: Tue, 10 Apr 2012 14:00:09 -0400
I did same. It seems to work pretty cool just changing function name. Le 9 avril 2012 15:07, Michael Scheidell <michael.scheidell () secnap com> a écrit :
On 4/9/12 12:51 PM, Robert Z wrote: Hi all, This is a snortsam patch for snort 2.9.2.2 that I did this morning. This was tested on a Ubuntu machine, no build issues. Michael if this works out for you, ask Frank to upload this file to snortsam.net. make -DWITH_SNORTSAM works with a patch to FreeBSD port (ie: patch applies cleanly) running in a tinderbox right now. seems to work: I will open a pr for it and ask Frank to host it. 2012/04/09, 15:03:44, 127.0.0.1, 2, snortsam, Blocking host 222.186.12.162 completely for 86400 seconds (Sig_ID: 2010935). pfw table 3 list | grep 222.186.12.162 222.186.12.162/32 0 Thanks Robert. ps, anyone with FreeBSD anxious to test it, update your ports tree, and then apply this patch to ../security/snort: http://people.freebsd.org/~scheidell/snort.patch (I would do this: mostly makes sense if you are running the older one with snortsam output in snort.conf: cd /usr/ports/security/snort curl http://people.freebsd.org/~scheidell/snort.patch | patch -EuIN && rm *.orig make config && make deinstall reinstall service snort restart ymmv. -- Michael Scheidell, CTO o: 561-999-5000 d: 561-948-2259| SECNAP Network Security CorporationBest Mobile Solutions Product of 2011 Best Intrusion Prevention Product Hot Company Finalist 2011 Best Email Security Product Certified SNORT Integrator ________________________________ This email has been scanned and certified safe by SpammerTrap®. For Information please see http://www.spammertrap.com/ ________________________________
------------------------------------------------------------------------------ Better than sec? Nothing is better than sec when it comes to monitoring Big Data applications. Try Boundary one-second resolution app monitoring today. Free. http://p.sf.net/sfu/Boundary-dev2dev _______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- snortsam patch for snort 2.9.2.2 Robert Z (Apr 09)
- Re: snortsam patch for snort 2.9.2.2 Michael Scheidell (Apr 09)
- Re: snortsam patch for snort 2.9.2.2 Luis Daniel Lucio Quiroz (Apr 10)
- Re: snortsam patch for snort 2.9.2.2 Michael Scheidell (Apr 09)