Snort mailing list archives
Re: installation problem
From: "Michael Steele" <michaels () winsnort com>
Date: Thu, 21 Jun 2012 10:53:47 -0400
I've never seen this particular error in Windows. Are you trying to use the Shared Object Rules? You will need to disable this feature in the snort.conf. Have you tested the snort.conf? snort -c c:\snort\etc\snort.conf -l c:\snort\log -i2 -T Don't worry about the warnings, however that looks like a LOT more warning messages then I've ever seen at startup. Kindest regards, Michael... WINSNORT.com Management Team Member -- ****************** Established ~ 2001 ******************* * Visit Us @ <http://www.winsnort.com> http://www.winsnort.com * * ~~ FREE WinIDS Snort installation guides ~~ * * ~~ FREE support forums ~~ * * Snort: Open Source Network IDS - <http://www.snort.org> http://www.snort.org * ********************************************************* From: Deepika p [mailto:dgpks1 () gmail com] Sent: Thursday, June 21, 2012 9:39 AM To: snort-users () lists sourceforge net Subject: [Snort-users] installation problem Sir, We have chosen a project on snort .but installation itself became big problem and we have chosen windows operating system and when we run following command in command prompt \> snort -A console -i2 -c c:\snort\etc\snort.conf -l c:\snort\log -K ascii We got following lines at the end Encoded Rule Plugin SID: 16662, GID: 3 not registered properly. Disabling this rule. Encoded Rule Plugin SID: 13511, GID: 3 not registered properly. Disabling this rule. Encoded Rule Plugin SID: 18663, GID: 3 not registered properly. Disabling this rule. Encoded Rule Plugin SID: 13969, GID: 3 not registered properly. Disabling this rule. Encoded Rule Plugin SID: 20135, GID: 3 not registered properly. Disabling this rule. Encoded Rule Plugin SID: 16577, GID: 3 not registered properly. Disabling this rule. Encoded Rule Plugin SID: 16375, GID: 3 not registered properly. Disabling this rule. Encoded Rule Plugin SID: 13475, GID: 3 not registered properly. Disabling this rule. Encoded Rule Plugin SID: 15470, GID: 3 not registered properly. Disabling this rule. Encoded Rule Plugin SID: 15125, GID: 3 not registered properly. Disabling this rule. Encoded Rule Plugin SID: 15503, GID: 3 not registered properly. Disabling this rule. Encoded Rule Plugin SID: 13954, GID: 3 not registered properly. Disabling this rule. Encoded Rule Plugin SID: 16237, GID: 3 not registered properly. Disabling this rule. Encoded Rule Plugin SID: 16182, GID: 3 not registered properly. Disabling this rule. Encoded Rule Plugin SID: 16534, GID: 3 not registered properly. Disabling this rule. Encoded Rule Plugin SID: 13287, GID: 3 not registered properly. Disabling this rule. Verifying Preprocessor Configurations! ICMP tracking disabled, no ICMP sessions allocated IP tracking disabled, no IP sessions allocated WARNING: flowbits key 'file.cdr' is checked but not ever set. WARNING: flowbits key 'file.chm' is set but not ever checked. WARNING: flowbits key 'file.xul' is set but not ever checked. WARNING: flowbits key 'file.smil' is set but not ever checked. WARNING: flowbits key 'file.emf' is set but not ever checked. WARNING: flowbits key 'file.jarpack' is set but not ever checked. WARNING: flowbits key 'file.universalbinary' is set but not ever checked. WARNING: flowbits key 'file.gif' is set but not ever checked. WARNING: flowbits key 'file.pdf' is set but not ever checked. WARNING: flowbits key 'file.png' is set but not ever checked. WARNING: flowbits key 'file.doc' is set but not ever checked. WARNING: flowbits key 'file.zip' is set but not ever checked. WARNING: flowbits key 'file.rtf' is set but not ever checked. WARNING: flowbits key 'file.xbm' is set but not ever checked. WARNING: flowbits key 'file.sln' is set but not ever checked. WARNING: flowbits key 'file.xm' is set but not ever checked. WARNING: flowbits key 'file.caff' is set but not ever checked. WARNING: flowbits key 'file.wmv' is set but not ever checked. WARNING: flowbits key 'file.swf' is set but not ever checked. WARNING: flowbits key 'tlsv1.server_hello.request' is checked but not ever set. WARNING: flowbits key 'file.addin' is set but not ever checked. WARNING: flowbits key 'file.wps' is set but not ever checked. WARNING: flowbits key 'file.pub' is set but not ever checked. WARNING: flowbits key 'file.pct' is set but not ever checked. WARNING: flowbits key 'file.tiff.little' is set but not ever checked. WARNING: flowbits key 'tlsv1.client_hello.request' is checked but not ever set. WARNING: flowbits key 'file.pls' is set but not ever checked. WARNING: flowbits key 'trojan.nervos' is set but not ever checked. WARNING: flowbits key 'file.lnk' is set but not ever checked. WARNING: flowbits key 'backdoor.fearless.runtime' is checked but not ever set. WARNING: flowbits key 'file.smi' is set but not ever checked. WARNING: flowbits key 'file.slk' is set but not ever checked. WARNING: flowbits key 'file.xspf' is set but not ever checked. WARNING: flowbits key 'file.quicktime.mp4' is set but not ever checked. WARNING: flowbits key 'file.dbp' is set but not ever checked. WARNING: flowbits key 'backdoor.asylum.connect' is checked but not ever set. WARNING: flowbits key 'file.otf' is set but not ever checked. WARNING: flowbits key 'file.qcp' is set but not ever checked. WARNING: flowbits key 'ABSystemSpy_Inforetrieve1' is set but not ever checked. WARNING: flowbits key 'file.ttf' is set but not ever checked. WARNING: flowbits key 'file.tiff' is set but not ever checked. WARNING: flowbits key 'file.visprj' is set but not ever checked. WARNING: flowbits key 'file.aiff' is set but not ever checked. WARNING: flowbits key 'AOLAdmin1.1.connection' is checked but not ever set. WARNING: flowbits key 'file.wav' is set but not ever checked. WARNING: flowbits key 'file.torrent' is set but not ever checked. WARNING: flowbits key 'oracle.connect' is checked but not ever set. WARNING: flowbits key 'file.asx' is set but not ever checked. WARNING: flowbits key 'file.fpx' is set but not ever checked. WARNING: flowbits key 'file.realplayer.playlist' is set but not ever checked. WARNING: flowbits key 'file.mp3' is set but not ever checked. WARNING: flowbits key 'file.ole' is set but not ever checked. WARNING: flowbits key 'dorkbot.ircinit' is set but not ever checked. WARNING: flowbits key 'file.mswmm' is set but not ever checked. WARNING: flowbits key 'file.dxf' is set but not ever checked. WARNING: flowbits key 'file.ogg' is set but not ever checked. WARNING: flowbits key 'file.xls' is set but not ever checked. WARNING: flowbits key 'file.engtesselate' is set but not ever checked. WARNING: flowbits key 'file.pkp' is set but not ever checked. WARNING: flowbits key 'file.avi.video' is set but not ever checked. WARNING: flowbits key 'file.pmd' is set but not ever checked. WARNING: flowbits key 'file.class' is set but not ever checked. WARNING: flowbits key 'file.visio' is set but not ever checked. WARNING: flowbits key 'backdoor.y3krat_15.client.response' is checked but not ev er set. WARNING: flowbits key 'file.4xm' is set but not ever checked. WARNING: flowbits key 'backdoor.donalddick.1.5.b.3.conn' is checked but not ever set. WARNING: flowbits key 'file.m3u' is set but not ever checked. WARNING: flowbits key 'file.bmp' is set but not ever checked. WARNING: flowbits key 'sslv2.server_hello.request' is checked but not ever set. WARNING: flowbits key 'file.xlw' is set but not ever checked. WARNING: flowbits key 'file.psfont' is set but not ever checked. WARNING: flowbits key 'file.ani' is set but not ever checked. WARNING: flowbits key 'file.realmedia' is set but not ever checked. WARNING: flowbits key 'file.quicktime' is set but not ever checked. WARNING: flowbits key 'file.wmf' is set but not ever checked. WARNING: flowbits key 'file.jpeg' is set but not ever checked. WARNING: flowbits key 'file.vap' is set but not ever checked. WARNING: flowbits key 'file.hpj' is set but not ever checked. WARNING: flowbits key 'file.eot' is set but not ever checked. WARNING: flowbits key 'file.works' is set but not ever checked. WARNING: flowbits key 'file.cue' is set but not ever checked. WARNING: flowbits key 'file.avi' is set but not ever checked. WARNING: flowbits key 'kit.blackhole' is set but not ever checked. WARNING: flowbits key 'file.flv' is set but not ever checked. WARNING: flowbits key 'file.dmg' is set but not ever checked. WARNING: flowbits key 'file.tiff.big' is set but not ever checked. WARNING: flowbits key 'file.eps' is set but not ever checked. WARNING: flowbits key 'file.xml' is set but not ever checked. WARNING: flowbits key 'file.asf' is set but not ever checked. WARNING: flowbits key 'file.dir' is set but not ever checked. WARNING: flowbits key 'file.xpm' is set but not ever checked. WARNING: flowbits key 'file.pptx' is set but not ever checked. 98 out of 1024 flowbits in use. [ Port Based Pattern Matching Memory ] +- [ Aho-Corasick Summary ] ------------------------------------- | Storage Format : Full-Q | Finite Automaton : DFA | Alphabet Size : 256 Chars | Sizeof State : Variable (1,2,4 bytes) | Instances : 75 | 1 byte states : 66 | 2 byte states : 9 | 4 byte states : 0 | Characters : 11282 | States : 8191 | Transitions : 176281 | State Density : 8.4% | Patterns : 963 | Match States : 930 | Memory (MB) : 3.98 | Patterns : 0.07 | Match Lists : 0.09 | DFA | 1 byte states : 0.34 | 2 byte states : 3.39 | 4 byte states : 0.00 +---------------------------------------------------------------- [ Number of patterns truncated to 20 bytes: 124 ] pcap DAQ configured to passive. The DAQ version does not support reload. Acquiring network traffic from "\Device\NPF_{3B066531-94C4-4299-B2D6-3F3A0E2E98B 1}". Decoding Ethernet --== Initialization Complete ==-- ,,_ -*> Snort! <*- o" )~ Version 2.9.2.3-ODBC-MySQL-WIN32 GRE (Build 205) '''' By Martin Roesch & The Snort Team: <http://www.snort.org/snort/snort-t> http://www.snort.org/snort/snort-t eam Copyright (C) 1998-2012 Sourcefire, Inc., et al. Using PCRE version: 8.10 2010-06-25 Using ZLIB version: 1.2.3 Rules Engine: SF_SNORT_DETECTION_ENGINE Version 1.15 <Build 18> Preprocessor Object: SF_SSLPP Version 1.1 <Build 4> Preprocessor Object: SF_SSH Version 1.1 <Build 3> Preprocessor Object: SF_SMTP Version 1.1 <Build 9> Preprocessor Object: SF_SIP Version 1.1 <Build 1> Preprocessor Object: SF_SDF Version 1.1 <Build 1> Preprocessor Object: SF_REPUTATION Version 1.1 <Build 1> Preprocessor Object: SF_POP Version 1.0 <Build 1> Preprocessor Object: SF_MODBUS Version 1.1 <Build 1> Preprocessor Object: SF_IMAP Version 1.0 <Build 1> Preprocessor Object: SF_GTP Version 1.1 <Build 1> Preprocessor Object: SF_FTPTELNET Version 1.2 <Build 13> Preprocessor Object: SF_DNS Version 1.1 <Build 4> Preprocessor Object: SF_DNP3 Version 1.1 <Build 1> Preprocessor Object: SF_DCERPC2 Version 1.0 <Build 3> Commencing packet processing (pid=2128) and after this pressing Ctrl+C getting following output even though we have run it for 30 minutes and opened so many web sites of http and ftp *** Caught Int-Signal ============================================================================ === Run time for packet processing was 356.27000 seconds Snort processed 0 packets. Snort ran for 0 days 0 hours 5 minutes 56 seconds Pkts/min: 0 Pkts/sec: 0 ============================================================================ === Packet I/O Totals: Received: 0 Analyzed: 0 ( 0.000%) Dropped: 0 ( 0.000%) Filtered: 0 ( 0.000%) Outstanding: 0 ( 0.000%) Injected: 0 ============================================================================ === Breakdown by protocol (includes rebuilt packets): Eth: 0 ( 0.000%) VLAN: 0 ( 0.000%) IP4: 0 ( 0.000%) Frag: 0 ( 0.000%) ICMP: 0 ( 0.000%) UDP: 0 ( 0.000%) TCP: 0 ( 0.000%) IP6: 0 ( 0.000%) IP6 Ext: 0 ( 0.000%) IP6 Opts: 0 ( 0.000%) Frag6: 0 ( 0.000%) ICMP6: 0 ( 0.000%) UDP6: 0 ( 0.000%) TCP6: 0 ( 0.000%) Teredo: 0 ( 0.000%) ICMP-IP: 0 ( 0.000%) EAPOL: 0 ( 0.000%) IP4/IP4: 0 ( 0.000%) IP4/IP6: 0 ( 0.000%) IP6/IP4: 0 ( 0.000%) IP6/IP6: 0 ( 0.000%) GRE: 0 ( 0.000%) GRE Eth: 0 ( 0.000%) GRE VLAN: 0 ( 0.000%) GRE IP4: 0 ( 0.000%) GRE IP6: 0 ( 0.000%) GRE IP6 Ext: 0 ( 0.000%) GRE PPTP: 0 ( 0.000%) GRE ARP: 0 ( 0.000%) GRE IPX: 0 ( 0.000%) GRE Loop: 0 ( 0.000%) MPLS: 0 ( 0.000%) ARP: 0 ( 0.000%) IPX: 0 ( 0.000%) Eth Loop: 0 ( 0.000%) Eth Disc: 0 ( 0.000%) IP4 Disc: 0 ( 0.000%) IP6 Disc: 0 ( 0.000%) TCP Disc: 0 ( 0.000%) UDP Disc: 0 ( 0.000%) ICMP Disc: 0 ( 0.000%) All Discard: 0 ( 0.000%) Other: 0 ( 0.000%) Bad Chk Sum: 0 ( 0.000%) Bad TTL: 0 ( 0.000%) S5 G 1: 0 ( 0.000%) S5 G 2: 0 ( 0.000%) Total: 0 ============================================================================ === Action Stats: Alerts: 0 ( 0.000%) Logged: 0 ( 0.000%) Passed: 0 ( 0.000%) Limits: Match: 0 Queue: 0 Log: 0 Event: 0 Alert: 0 Verdicts: Allow: 0 ( 0.000%) Block: 0 ( 0.000%) Replace: 0 ( 0.000%) Whitelist: 0 ( 0.000%) Blacklist: 0 ( 0.000%) Ignore: 0 ( 0.000%) ============================================================================ === Frag3 statistics: Total Fragments: 0 Frags Reassembled: 0 Discards: 0 Memory Faults: 0 Timeouts: 0 Overlaps: 0 Anomalies: 0 Alerts: 0 Drops: 0 FragTrackers Added: 0 FragTrackers Dumped: 0 FragTrackers Auto Freed: 0 Frag Nodes Inserted: 0 Frag Nodes Deleted: 0 ============================================================================ === Stream5 statistics: Total sessions: 0 TCP sessions: 0 UDP sessions: 0 ICMP sessions: 0 IP sessions: 0 TCP Prunes: 0 UDP Prunes: 0 ICMP Prunes: 0 IP Prunes: 0 TCP StreamTrackers Created: 0 TCP StreamTrackers Deleted: 0 TCP Timeouts: 0 TCP Overlaps: 0 TCP Segments Queued: 0 TCP Segments Released: 0 TCP Rebuilt Packets: 0 TCP Segments Used: 0 TCP Discards: 0 TCP Gaps: 0 UDP Sessions Created: 0 UDP Sessions Deleted: 0 UDP Timeouts: 0 UDP Discards: 0 Events: 0 Internal Events: 0 TCP Port Filter Dropped: 0 Inspected: 0 Tracked: 0 UDP Port Filter Dropped: 0 Inspected: 0 Tracked: 0 ============================================================================ === ============================================================================ === SMTP Preprocessor Statistics Total sessions : 0 Max concurrent sessions : 0 ============================================================================ === dcerpc2 Preprocessor Statistics Total sessions: 0 ============================================================================ === ============================================================================ === SIP Preprocessor Statistics Total sessions: 0 ============================================================================ === Snort exiting Please let me know how to set this for output , modifications to be made in snort.conf file and actual output to come and I'll be glad if you 7 tell the rules to be added for alerting and blocking for windows 7 .and version of snort is 2.9.2.3
------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- installation problem Deepika p (Jun 21)
- Re: installation problem praveen_recker . (Jun 21)
- Re: installation problem Michael Steele (Jun 21)
- Re: installation problem praveen_recker . (Jun 21)
- Message not available
- Re: installation problem Michael Steele (Jun 21)