Snort mailing list archives
Re: MySQL support for Snort 2.9.4
From: Kaya Saman <kayasaman () gmail com>
Date: Wed, 12 Dec 2012 02:25:39 +0000
Well, as suggested I upgraded to Snort 2.9.4. I cleared out the old config and libraries completely then did a 'fresh' install. Now with the new version I am still at the same place I was last time. I modified the old version of Snort to include any .rule file that was in the /etc/snort/rules directory and basically it hung and wouldn't start? Same issue for 2.9.4 with clean install, I added the 2.9.3.1 .rules files into the rules/ dir then added them to snort.conf. The output now is: | gen-id=1 sig-id=2406743 type=Limit tracking=src count=1 seconds=60 | gen-id=1 sig-id=2404009 type=Limit tracking=src count=1 seconds=3600 | gen-id=1 sig-id=2406742 type=Limit tracking=src count=1 seconds=60 | gen-id=1 sig-id=2404012 type=Limit tracking=src count=1 seconds=3600 | gen-id=1 sig-id=2406745 type=Limit tracking=src count=1 seconds=60 | gen-id=1 sig-id=2404011 type=Limit tracking=src count=1 seconds=3600 | gen-id=1 sig-id=2406744 type=Limit tracking=src count=1 seconds=60 | gen-id=1 sig-id=2404014 type=Limit tracking=src count=1 seconds=3600 | gen-id=1 sig-id=2404013 type=Limit tracking=src count=1 seconds=3600 | gen-id=1 sig-id=2013385 type=Limit tracking=src count=1 seconds=360 | gen-id=1 sig-id=2000031 type=Limit tracking=dst count=1 seconds=60 | gen-id=1 sig-id=2500005 type=Limit tracking=src count=1 seconds=60 | gen-id=1 sig-id=2500004 type=Limit tracking=src count=1 seconds=60 | gen-id=1 sig-id=2500007 type=Limit tracking=src count=1 seconds=60 | gen-id=1 sig-id=2500006 type=Limit tracking=src count=1 seconds=60 | gen-id=1 sig-id=2500009 type=Limit tracking=src count=1 seconds=60 | gen-id=1 sig-id=2500008 type=Limit tracking=src count=1 seconds=60 | gen-id=1 sig-id=2500011 type=Limit tracking=src count=1 seconds=60 | gen-id=1 sig-id=2500010 type=Limit tracking=src count=1 seconds=60 +-----------------------[suppression]------------------------------------------ | none ------------------------------------------------------------------------------- Rule application order: activation->dynamic->pass->drop->sdrop->reject->alert->log Verifying Preprocessor Configurations! WARNING: 'ignore_any_rules' option for Stream5 UDP disabled because of UDP rule with flow or flowbits option. ICMP tracking disabled, no ICMP sessions allocated IP tracking disabled, no IP sessions allocated WARNING: flowbits key 'file.mppl' is set but not ever checked. WARNING: flowbits key 'ET.RBN.Malvertiser' is set but not ever checked. WARNING: flowbits key 'file.autodesk_max' is set but not ever checked. WARNING: flowbits key 'file.cy3' is set but not ever checked. WARNING: flowbits key 'file.file.tar' is set but not ever checked. WARNING: flowbits key 'file.cws' is set but not ever checked. WARNING: flowbits key 'file.amf' is set but not ever checked. WARNING: flowbits key 'file.rdp' is set but not ever checked. WARNING: flowbits key 'ET.DROPIP' is set but not ever checked. WARNING: flowbits key 'file.m4v' is set but not ever checked. WARNING: flowbits key 'ET.HTTP.at.SSL' is set but not ever checked. WARNING: flowbits key 'file.oless.v4' is set but not ever checked. WARNING: flowbits key 'file.maki' is set but not ever checked. WARNING: flowbits key 'file.ram' is set but not ever checked. WARNING: flowbits key 'ET.iTunes.vuln' is set but not ever checked. WARNING: flowbits key 'vnc.handshake.client' is set but not ever checked. WARNING: flowbits key 'file.pkp' is set but not ever checked. WARNING: flowbits key 'file.dat' is set but not ever checked. WARNING: flowbits key 'file.plf' is set but not ever checked. WARNING: flowbits key 'file.search-ms' is set but not ever checked. WARNING: flowbits key 'file.ht3' is set but not ever checked. WARNING: flowbits key 'file.3gp' is set but not ever checked. WARNING: flowbits key 'ET.BotccIP' is set but not ever checked. WARNING: flowbits key 'file.mht' is set but not ever checked. WARNING: flowbits key 'file.plp' is set but not ever checked. WARNING: flowbits key 'file.nab' is set but not ever checked. WARNING: flowbits key 'file.rpt' is set but not ever checked. WARNING: flowbits key 'file.cyb' is set but not ever checked. WARNING: flowbits key 'file.bak' is set but not ever checked. WARNING: flowbits key 'file.rmp' is set but not ever checked. WARNING: flowbits key 'ET.Evil' is set but not ever checked. WARNING: flowbits key 'file.addin' is set but not ever checked. WARNING: flowbits key 'waprox.init' is set but not ever checked. WARNING: flowbits key 'file.m4p' is set but not ever checked. WARNING: flowbits key 'file.wma' is set but not ever checked. WARNING: flowbits key 'ET.http.rtf.download' is set but not ever checked. WARNING: flowbits key 'file.application' is set but not ever checked. WARNING: flowbits key 'file.skm' is set but not ever checked. WARNING: flowbits key 'file.csv' is set but not ever checked. WARNING: flowbits key 'file.k3g' is set but not ever checked. WARNING: flowbits key 'file.aiff' is set but not ever checked. WARNING: flowbits key 'file.m4a' is set but not ever checked. WARNING: flowbits key 'file.dvr-ms' is set but not ever checked. WARNING: flowbits key 'file.wps' is set but not ever checked. WARNING: flowbits key 'recordtype' is set but not ever checked. WARNING: flowbits key 'ET.TorIP' is set but not ever checked. WARNING: flowbits key 'file.wmp_playlist' is set but not ever checked. WARNING: flowbits key 'file.cov' is set but not ever checked. WARNING: flowbits key 'ET.CompIP' is set but not ever checked. WARNING: flowbits key 'file.rp' is set but not ever checked. WARNING: flowbits key 'file.qt' is set but not ever checked. WARNING: flowbits key 'file.docx' is set but not ever checked. WARNING: flowbits key 'ET.DshieldIP' is set but not ever checked. WARNING: flowbits key 'ET.RBN' is set but not ever checked. WARNING: flowbits key 'file.rt' is set but not ever checked. WARNING: flowbits key 'file.vqf' is set but not ever checked. WARNING: flowbits key 'file.mkv' is set but not ever checked. WARNING: flowbits key 'file.mime' is set but not ever checked. WARNING: flowbits key 'file.mov' is set but not ever checked. WARNING: flowbits key 'file.winampskin' is set but not ever checked. WARNING: flowbits key 'file.3g2' is set but not ever checked. WARNING: flowbits key 'file.oless.v3' is set but not ever checked. WARNING: flowbits key 'file.dbp' is set but not ever checked. WARNING: flowbits key 'file.msproducer' is set but not ever checked. WARNING: flowbits key 'file.caff' is set but not ever checked. WARNING: flowbits key 'file.m4r' is set but not ever checked. WARNING: flowbits key 'file.rtx' is set but not ever checked. WARNING: flowbits key 'file.ogg' is set but not ever checked. WARNING: flowbits key 'file.pecompact' is set but not ever checked. WARNING: flowbits key 'file.m4b' is set but not ever checked. WARNING: flowbits key 'file.wk4' is set but not ever checked. WARNING: flowbits key 'file.job' is set but not ever checked. WARNING: flowbits key 'file.autodesk_ma' is set but not ever checked. WARNING: flowbits key 'file.daz_ds' is set but not ever checked. WARNING: flowbits key 'file.sln' is set but not ever checked. WARNING: flowbits key 'file.cur' is set but not ever checked. WARNING: flowbits key 'file.jar.agent_helper' is set but not ever checked. 520 out of 1024 flowbits in use. There is 100% cpu usage on one of the sockets but it's not progressing any further? The rules directory has these files in it: # ls /etc/snort/rules ET-emerging-activex.rules VRT-dos.rules VRT-web-frontpage.rules phishing-spam.rules ET-emerging-attack_response.rules VRT-exploit-kit.rules VRT-x11.rules policy-multimedia.rules ET-emerging-botcc.rules VRT-exploit.rules app-detect.rules policy-other.rules ET-emerging-chat.rules VRT-file-executable.rules attack-responses.rules policy-social.rules ET-emerging-ciarmy.rules VRT-file-flash.rules backdoor.rules policy-spam.rules ET-emerging-compromised.rules VRT-file-identify.rules bad-traffic.rules policy.rules ET-emerging-current_events.rules VRT-file-image.rules black_list.rules pop2.rules ET-emerging-deleted.rules VRT-file-multimedia.rules blacklist.rules pop3.rules ET-emerging-dns.rules VRT-file-office.rules botnet-cnc.rules protocol-finger.rules ET-emerging-dos.rules VRT-file-other.rules browser-chrome.rules protocol-ftp.rules ET-emerging-drop.rules VRT-file-pdf.rules browser-firefox.rules protocol-icmp.rules ET-emerging-dshield.rules VRT-indicator-compromise.rules browser-ie.rules protocol-imap.rules ET-emerging-exploit.rules VRT-indicator-obfuscation.rules browser-other.rules protocol-pop.rules ET-emerging-ftp.rules VRT-indicator-shellcode.rules browser-plugins.rules protocol-services.rules ET-emerging-games.rules VRT-malware-backdoor.rules browser-webkit.rules protocol-voip.rules ET-emerging-icmp.rules VRT-malware-cnc.rules chat.rules pua-adware.rules ET-emerging-icmp_info.rules VRT-malware-other.rules content-replace.rules pua-other.rules ET-emerging-imap.rules VRT-malware-tools.rules ddos.rules pua-p2p.rules ET-emerging-inappropriate.rules VRT-netbios.rules deleted.rules pua-toolbars.rules ET-emerging-info.rules VRT-nntp.rules dns.rules rpc.rules ET-emerging-malware.rules VRT-os-linux.rules dos.rules rservices.rules ET-emerging-misc.rules VRT-os-other.rules experimental.rules rule.set ET-emerging-mobile_malware.rules VRT-os-solaris.rules exploit-kit.rules scada.rules ET-emerging-netbios.rules VRT-os-windows.rules exploit.rules scan.rules ET-emerging-p2p.rules VRT-policy-multimedia.rules file-executable.rules server-apache.rules ET-emerging-policy.rules VRT-policy-other.rules file-flash.rules server-iis.rules ET-emerging-pop3.rules VRT-policy-social.rules file-identify.rules server-mail.rules ET-emerging-rbn-malvertisers.rules VRT-policy-spam.rules file-image.rules server-mssql.rules ET-emerging-rbn.rules VRT-preprocessor.rules file-multimedia.rules server-mysql.rules ET-emerging-rpc.rules VRT-protocol-finger.rules file-office.rules server-oracle.rules ET-emerging-scada.rules VRT-protocol-ftp.rules file-other.rules server-other.rules ET-emerging-scan.rules VRT-protocol-icmp.rules file-pdf.rules server-webapp.rules ET-emerging-shellcode.rules VRT-protocol-imap.rules finger.rules shellcode.rules ET-emerging-smtp.rules VRT-protocol-pop.rules ftp.rules smtp.rules ET-emerging-snmp.rules VRT-protocol-services.rules icmp-info.rules snmp.rules ET-emerging-sql.rules VRT-protocol-voip.rules icmp.rules snort.rules ET-emerging-telnet.rules VRT-pua-adware.rules imap.rules so_rules.rules ET-emerging-tftp.rules VRT-pua-other.rules indicator-compromise.rules specific-threats.rules ET-emerging-tor.rules VRT-pua-p2p.rules indicator-obfuscation.rules spyware-put.rules ET-emerging-trojan.rules VRT-pua-toolbars.rules indicator-shellcode.rules sql.rules ET-emerging-user_agents.rules VRT-rpc.rules info.rules telnet.rules ET-emerging-voip.rules VRT-scada.rules local.rules tftp.rules ET-emerging-web_client.rules VRT-scan.rules malware-backdoor.rules virus.rules ET-emerging-web_server.rules VRT-sensitive-data.rules malware-cnc.rules voip.rules ET-emerging-web_specific_apps.rules VRT-server-apache.rules malware-other.rules web-activex.rules ET-emerging-worm.rules VRT-server-iis.rules malware-tools.rules web-attacks.rules VRT-app-detect.rules VRT-server-mail.rules misc.rules web-cgi.rules VRT-blacklist.rules VRT-server-mssql.rules multimedia.rules web-client.rules VRT-botnet-cnc.rules VRT-server-mysql.rules mysql.rules web-coldfusion.rules VRT-browser-chrome.rules VRT-server-oracle.rules netbios.rules web-frontpage.rules VRT-browser-firefox.rules VRT-server-other.rules nntp.rules web-iis.rules VRT-browser-ie.rules VRT-server-webapp.rules oracle.rules web-misc.rules VRT-browser-other.rules VRT-snmp.rules os-linux.rules web-php.rules VRT-browser-plugins.rules VRT-specific-threats.rules os-other.rules white_list.rules VRT-browser-webkit.rules VRT-sql.rules os-solaris.rules x11.rules VRT-content-replace.rules VRT-telnet.rules os-windows.rules VRT-decoder.rules VRT-tftp.rules other-ids.rules VRT-dns.rules VRT-web-client.rules p2p.rules Even before all the extra rules were included a few tests didn't come up with any logging either so I'm still in the same place and totally lost??? Regards, Kaya ------------------------------------------------------------------------------ LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial Remotely access PCs and mobile devices and provide instant support Improve your efficiency, and focus on delivering more value-add services Discover what IT Professionals Know. Rescue delivers http://p.sf.net/sfu/logmein_12329d2d _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Re: MySQL support for Snort 2.9.4, (continued)
- Re: MySQL support for Snort 2.9.4 Joel Esler (Dec 11)
- Re: MySQL support for Snort 2.9.4 Kaya Saman (Dec 11)
- Re: MySQL support for Snort 2.9.4 Joel Esler (Dec 11)
- Re: MySQL support for Snort 2.9.4 Kaya Saman (Dec 11)
- Re: MySQL support for Snort 2.9.4 Joel Esler (Dec 11)
- Re: MySQL support for Snort 2.9.4 Kaya Saman (Dec 11)
- Re: MySQL support for Snort 2.9.4 waldo kitty (Dec 12)
- Re: MySQL support for Snort 2.9.4 Russ Combs (Dec 12)
- Re: MySQL support for Snort 2.9.4 waldo kitty (Dec 12)
- Re: MySQL support for Snort 2.9.4 Kaya Saman (Dec 12)
- Re: MySQL support for Snort 2.9.4 Kaya Saman (Dec 11)
- Re: MySQL support for Snort 2.9.4 Kaya Saman (Dec 11)
- Re: MySQL support for Snort 2.9.4 Jeremy Hoel (Dec 11)
- Re: MySQL support for Snort 2.9.4 Kaya Saman (Dec 11)
- Re: MySQL support for Snort 2.9.4 Joel Esler (Dec 11)
- Re: MySQL support for Snort 2.9.4 Jeremy Hoel (Dec 11)
- Re: MySQL support for Snort 2.9.4 Kaya Saman (Dec 11)
- Re: MySQL support for Snort 2.9.4 Jeremy Hoel (Dec 11)
- Re: MySQL support for Snort 2.9.4 Kaya Saman (Dec 11)
- Re: MySQL support for Snort 2.9.4 Jeremy Hoel (Dec 11)
- Re: MySQL support for Snort 2.9.4 waldo kitty (Dec 12)