Snort mailing list archives
Re: Unable to create stub so rules files
From: "C. L. Martinez" <carlopmart () gmail com>
Date: Tue, 27 Nov 2012 16:04:43 +0000
On Tue, Nov 27, 2012 at 3:49 PM, Peter Bates <peter.bates () ucl ac uk> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello all On 27/11/2012 15:43, C. L. Martinez wrote:On Tue, Nov 27, 2012 at 3:29 PM, Peter Bates <peter.bates () ucl ac uk> wrote: var CONF_PATH /data/config/etc/idpsnort01 dynamicdetection directory $CONF_PATH/dynamicrulesCan you try and set the absolute path and not use the variable? i.e. dynamicdetection directory /data/config/etc/idpsnort01/dynamicrules Just to see if the -T reads the directory or not?
/usr/local/bin/snort -c /data/config/etc/idpsnort01/snort.conf -i em5 -l /nsm/sensor_data/idpsnort01 -T Running in Test mode --== Initializing Snort ==-- Initializing Output Plugins! Initializing Preprocessors! Initializing Plug-ins! Parsing Rules file "/data/config/etc/idpsnort01/snort.conf" PortVar 'HTTP_PORTS' defined : [ 80:81 311 383 591 593 901 1220 1414 1741 1830 2301 2381 2809 3128 3702 4343 4848 5250 7001 7145 7510 7777 7779 8000 8008 8014 8028 8080 8088 8090 8118 8123 8180:8181 8243 8280 8300 8800 8888 8899 9000 9060 9080 9090:9091 9443 9999 11371 50002 55555 ] PortVar 'SHELLCODE_PORTS' defined : [ 0:79 81:65535 ] PortVar 'ORACLE_PORTS' defined : [ 1024:65535 ] PortVar 'SSH_PORTS' defined : [ 22 ] PortVar 'FTP_PORTS' defined : [ 21 2100 3535 ] PortVar 'SIP_PORTS' defined : [ 5060:5061 5600 ] PortVar 'FILE_DATA_PORTS' defined : [ 80:81 110 143 311 383 591 593 901 1220 1414 1741 1830 2301 2381 2809 3128 3702 4343 4848 5250 7001 7145 7510 7777 7779 8000 8008 8014 8028 8080 8088 8090 8118 8123 8180:8181 8243 8280 8300 8800 8888 8899 9000 9060 9080 9090:9091 9443 9999 11371 50002 55555 ] PortVar 'GTP_PORTS' defined : [ 2123 2152 3386 ] Detection: Search-Method = AC-Full-Q Split Any/Any group = enabled Search-Method-Optimizations = enabled Maximum pattern length = 20 ........................ Loading dynamic preprocessor library /opt/snort/lib/snort_dynamicpreprocessor//libsf_dns_preproc.so... done Loading dynamic preprocessor library /opt/snort/lib/snort_dynamicpreprocessor//libsf_ssl_preproc.so... done Loading dynamic preprocessor library /opt/snort/lib/snort_dynamicpreprocessor//libsf_dce2_preproc.so... done Loading dynamic preprocessor library /opt/snort/lib/snort_dynamicpreprocessor//libsf_sdf_preproc.so... done Loading dynamic preprocessor library /opt/snort/lib/snort_dynamicpreprocessor//libsf_sip_preproc.so... done Loading dynamic preprocessor library /opt/snort/lib/snort_dynamicpreprocessor//libsf_reputation_preproc.so... done Loading dynamic preprocessor library /opt/snort/lib/snort_dynamicpreprocessor//libsf_gtp_preproc.so... done Loading dynamic preprocessor library /opt/snort/lib/snort_dynamicpreprocessor//libsf_modbus_preproc.so... done Loading dynamic preprocessor library /opt/snort/lib/snort_dynamicpreprocessor//libsf_dnp3_preproc.so... done Finished Loading all dynamic preprocessor libs from /opt/snort/lib/snort_dynamicpreprocessor/ Log directory = /nsm/sensor_data/idpsnort01 .................................. packet action : fastpath-expensive-packets packet logging : log debug-pkts : disabled pcap DAQ configured to passive. Acquiring network traffic from "em5". --== Initialization Complete ==-- ,,_ -*> Snort! <*- o" )~ Version 2.9.3.1 IPv6 GRE (Build 40) FreeBSD '''' By Martin Roesch & The Snort Team: http://www.snort.org/snort/snort-team Copyright (C) 1998-2012 Sourcefire, Inc., et al. Using libpcap version 1.3.0 Using PCRE version: 8.31 2012-07-06 Using ZLIB version: 1.2.7 Rules Engine: SF_SNORT_DETECTION_ENGINE Version 1.16 <Build 18> Rules Object: nntp Version 1.0 <Build 1> Rules Object: imap Version 1.0 <Build 1> Rules Object: p2p Version 1.0 <Build 1> Rules Object: snmp Version 1.0 <Build 1> Rules Object: netbios Version 1.0 <Build 1> Rules Object: web-misc Version 1.0 <Build 1> Rules Object: misc Version 1.0 <Build 1> Rules Object: exploit Version 1.0 <Build 1> Rules Object: bad-traffic Version 1.0 <Build 1> Rules Object: smtp Version 1.0 <Build 1> Rules Object: multimedia Version 1.0 <Build 1> Rules Object: specific-threats Version 1.0 <Build 1> Rules Object: chat Version 1.0 <Build 1> Rules Object: icmp Version 1.0 <Build 1> Rules Object: web-client Version 1.0 <Build 1> Rules Object: web-activex Version 1.0 <Build 1> Rules Object: web-iis Version 1.0 <Build 1> Rules Object: dos Version 1.0 <Build 1> Preprocessor Object: SF_DNP3 (IPV6) Version 1.1 <Build 1> Preprocessor Object: SF_MODBUS (IPV6) Version 1.1 <Build 1> Preprocessor Object: SF_GTP (IPV6) Version 1.1 <Build 1> Preprocessor Object: SF_REPUTATION (IPV6) Version 1.1 <Build 1> Preprocessor Object: SF_SIP (IPV6) Version 1.1 <Build 1> Preprocessor Object: SF_SDF (IPV6) Version 1.1 <Build 1> Preprocessor Object: SF_DCERPC2 (IPV6) Version 1.0 <Build 3> Preprocessor Object: SF_SSLPP (IPV6) Version 1.1 <Build 4> Preprocessor Object: SF_DNS (IPV6) Version 1.1 <Build 4> Preprocessor Object: SF_SSH (IPV6) Version 1.1 <Build 3> Preprocessor Object: SF_SMTP (IPV6) Version 1.1 <Build 9> Preprocessor Object: SF_IMAP (IPV6) Version 1.0 <Build 1> Preprocessor Object: SF_POP (IPV6) Version 1.0 <Build 1> Preprocessor Object: SF_FTPTELNET (IPV6) Version 1.2 <Build 13> Snort successfully validated the configuration! Snort exiting According to this, shared objects are loaded ... ------------------------------------------------------------------------------ Monitor your physical, virtual and cloud infrastructure from a single web console. Get in-depth insight into apps, servers, databases, vmware, SAP, cloud infrastructure, etc. Download 30-day Free Trial. Pricing starts from $795 for 25 servers or applications! http://p.sf.net/sfu/zoho_dev2dev_nov _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Re: Unable to create stub so rules files, (continued)
- Re: Unable to create stub so rules files Peter Bates (Nov 27)
- Message not available
- Re: Unable to create stub so rules files C. L. Martinez (Nov 27)
- Re: Unable to create stub so rules files Peter Bates (Nov 27)
- Re: Unable to create stub so rules files Peter Bates (Nov 27)
- Re: Unable to create stub so rules files C. L. Martinez (Nov 27)
- Re: Unable to create stub so rules files Peter Bates (Nov 27)
- Re: Unable to create stub so rules files C. L. Martinez (Nov 27)
- Re: Unable to create stub so rules files Peter Bates (Nov 27)
- Re: Unable to create stub so rules files C. L. Martinez (Nov 27)
- Re: Unable to create stub so rules files Peter Bates (Nov 27)
- Re: Unable to create stub so rules files C. L. Martinez (Nov 27)
- Re: Unable to create stub so rules files Peter Bates (Nov 27)
- Re: Unable to create stub so rules files C. L. Martinez (Nov 27)
- Re: Unable to create stub so rules files Peter Bates (Nov 28)
- Re: Unable to create stub so rules files C. L. Martinez (Nov 28)
- Message not available
- Re: Unable to create stub so rules files Peter Bates (Nov 27)