Re: [Snort-sigs] typical errors when trying pulledpork

[Eric G <eric () nixwizard net>]

On Sep 8, 2012 8:26 PM, "waldo kitty" <wkitty42 () windstream net> wrote:
> On 9/7/2012 22:25, Joel Esler wrote:
> > I don't see any errors. Looks like pulledpork worked correctly.
>
> no errors?
>
> > On Sep 7, 2012, at 9:29 PM, PR<oly562 () gmail com>  wrote:
> [chomp]
> > > Reading rules...
> > > Generating Stub Rules....
> > >     An error occurred: !! WARNING: The database output plugins are
> > > considered deprecated as
> > >
> > >     An error occurred: WARNING: ip4 normalizations disabled because not
> > > inline.

That first error is letting you know that you shouldn't be logging directly
to a database with snort... going forward, you should be using barnyard2 to
log to a db

The other "errors" really look like informational warnings... snort's
letting you know that it's not configured as an inline sensor, so it
doesn't need to do all that normalization work that it would normally do.

They're essentially benign errors, as long as you're just trying to do IDS
and you're not trying to do inline IPS...

--
Eric

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!