Snort mailing list archives
Re: Snort-users Digest, Vol 87, Issue 67
From: anagha b <banagha3 () gmail com>
Date: Sat, 24 Aug 2013 13:14:27 +0530
I tried to make uninstall of snort using root and performed rm -rf on snort and snort-2.9.5 directory. Using synaptic package manager removed all snort packages . plz help On Sat, Aug 24, 2013 at 12:32 PM, <snort-users-request () lists sourceforge net
wrote:
Send Snort-users mailing list submissions to snort-users () lists sourceforge net To subscribe or unsubscribe via the World Wide Web, visit https://lists.sourceforge.net/lists/listinfo/snort-users or, via email, send a message with subject or body 'help' to snort-users-request () lists sourceforge net You can reach the person managing the list at snort-users-owner () lists sourceforge net When replying, please edit your Subject line so it is more specific than "Re: Contents of Snort-users digest..." When responding, please don't respond with the entire Digest. Please trim your response. Today's Topics: 1. Re: Snort-users Digest, Vol 87, Issue 65 (anagha b) ---------------------------------------------------------------------- Message: 1 Date: Sat, 24 Aug 2013 12:31:52 +0530 From: anagha b <banagha3 () gmail com> Subject: Re: [Snort-users] Snort-users Digest, Vol 87, Issue 65 To: snort-users () lists sourceforge net Message-ID: <CACCbNds= SoKTguy51Y7fhLWe6ZCWXxAWcTM8ytOR-AROL3ofHw () mail gmail com> Content-Type: text/plain; charset="iso-8859-1" I tried to uninstall snort using oneadmin@a:~/snort-2.9.5$ make uninstall and checked snort version oneadmin@a:~/snort-2.9.5$ snort -V -*> Snort! <*- o" )~ Version 2.9.4.6 GRE (Build 73) how to remove this snort2.9.4.6 ? On Sat, Aug 24, 2013 at 10:40 AM, anagha b <banagha3 () gmail com> wrote:@dynamic preprocessor error here is the information you asked 1] I removed all the files from snort_dynamicpreprocessor dir 2] In snort.conf I set them to snort_dynamicpreprocessor dir as per the installation guide. 3] o/p of snort -v If i goto snort dir i get following error snort -v Running in packet dump mode --== Initializing Snort ==-- Initializing Output Plugins! ERROR: Failed to lookup interface: no suitable device found. Please specify one with -i switch Fatal Error, Quitting.. If i goto snort-2.9.5 dir then i get follwing o/p oneadmin@a:~/snort-2.9.5$ snort -V ,,_ -*> Snort! <*- o" )~ Version 2.9.4.6 GRE (Build 73) '''' By Martin Roesch & The Snort Team: http://www.snort.org/snort/snort-team Copyright (C) 1998-2013 Sourcefire, Inc., et al. Using libpcap version 1.1.1 Using PCRE version: 8.12 2011-01-15 Using ZLIB version: 1.2.3.4 I think i am using 2.9.5 rules with 2.9.4.6 snort but I used 2.9.5.tar.gzfor installation . On Fri, Aug 23, 2013 at 7:22 PM, < snort-users-request () lists sourceforge net> wrote:Send Snort-users mailing list submissions to snort-users () lists sourceforge net To subscribe or unsubscribe via the World Wide Web, visit https://lists.sourceforge.net/lists/listinfo/snort-users or, via email, send a message with subject or body 'help' to snort-users-request () lists sourceforge net You can reach the person managing the list at snort-users-owner () lists sourceforge net When replying, please edit your Subject line so it is more specific than "Re: Contents of Snort-users digest..." When responding, please don't respond with the entire Digest. Please trim your response. Today's Topics: 1. community-rules.tar.gz.md5 empty? (Jeremy Hoel) 2. Re: community-rules.tar.gz.md5 empty? (Joel Esler) 3. Last (short) chance to submit papers for PacSec in TokyoNov13-14. Deadline FRIDAY. (Dragos Ruiu) 4. Query for fast_pattern override (Arvind Kumar) 5. @dynamic preprocessor error (anagha b) 6. Re: @dynamic preprocessor error (waldo kitty) ---------------------------------------------------------------------- Message: 1 Date: Thu, 22 Aug 2013 23:42:23 +0000 From: Jeremy Hoel <jthoel () gmail com> Subject: [Snort-users] community-rules.tar.gz.md5 empty? To: "snort-users () lists sourceforge net" <snort-users () lists sourceforge net> Message-ID: < CAH_p-VPD88XeU9gmpU73jeJ-3Y4-b+itog7w9Zm+ppEb_KSkhQ () mail gmail com> Content-Type: text/plain; charset="iso-8859-1" I was testing the svn of Pulledpork and noticed that it was looping on community rules and the md5sum check.. Checking latest MD5 for snortrules-snapshot-2950.tar.gz.... They Match Done! Checking latest MD5 for community-rules.tar.gz.... Rules tarball download of community-rules.tar.gz.... No Match Done Rules tarball download of community-rules.tar.gz.... No Match Done Rules tarball download of community-rules.tar.gz.... No Match Done checking the community-rules.tar.gz.md5 shows that it's an empty file.Itried downloading it myself in another directory and it's also empty. Is this a recent problem or a known issue? -------------- next part -------------- An HTML attachment was scrubbed... ------------------------------ Message: 2 Date: Thu, 22 Aug 2013 19:48:07 -0400 From: Joel Esler <jesler () sourcefire com> Subject: Re: [Snort-users] community-rules.tar.gz.md5 empty? To: Jeremy Hoel <jthoel () gmail com> Cc: "snort-users () lists sourceforge net" <snort-users () lists sourceforge net> Message-ID: <A1F35D53-E447-4CE5-B5B4-5A7C8A941D48 () sourcefire com> Content-Type: text/plain; charset=us-ascii Let me check into this. -- Joel EslerOn Aug 22, 2013, at 7:42 PM, Jeremy Hoel <jthoel () gmail com> wrote: I was testing the svn of Pulledpork and noticed that it was looping oncommunity rules and the md5sum check..Checking latest MD5 for snortrules-snapshot-2950.tar.gz.... They Match Done! Checking latest MD5 for community-rules.tar.gz.... Rules tarball download of community-rules.tar.gz.... No Match Done Rules tarball download of community-rules.tar.gz.... No Match Done Rules tarball download of community-rules.tar.gz.... No Match Done checking the community-rules.tar.gz.md5 shows that it's an empty file.I tried downloading it myself in another directory and it's also empty.Is this a recent problem or a known issue?------------------------------------------------------------------------------Introducing Performance Central, a new site from SourceForge and AppDynamics. Performance Central is your source for news, insights, analysis and resources for efficient Application PerformanceManagement.Visit us today!http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latestSnort news! ------------------------------ Message: 3 Date: Thu, 22 Aug 2013 18:42:45 -0700 From: Dragos Ruiu <dr () kyx net> Subject: [Snort-users] Last (short) chance to submit papers for PacSec in Tokyo Nov 13-14. Deadline FRIDAY. To: snort-users () lists sourceforge net Message-ID: <2C1076F2-6EEC-40E9-9AA5-DF5AF1AC67B7 () kyx net> Content-Type: text/plain; charset="us-ascii" Since we didn't mail out to the traditional mailing lists for for PacSec this year, this note is being sent out, and we are allowing submissions to secwest13 () pacsec jp up until thisFriday,August 23. After more than ten years, you know the drill, and if you don't CFP details are on the website. thanks, --dr -- Dragos Ruiu (dr () kyx net) PacSec - Technology Enhancement - 2013 Tokyo November 13-14 - https://pacsec.jp PGP: https://cansecwest.com/kyxpgp2013-2.asc - E471 9B0E E774 EB21 18C8 8C95 37D1 C250 5D2B 20D0 -------------- next part -------------- An HTML attachment was scrubbed... -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 841 bytes Desc: Message signed with OpenPGP using GPGMail ------------------------------ Message: 4 Date: Fri, 23 Aug 2013 14:10:16 +0530 From: Arvind Kumar <arvind.kumar12 () gmail com> Subject: [Snort-users] Query for fast_pattern override To: snort-users () lists sourceforge net Message-ID: < CANOpJwVaTXY+Nivdy+6HVJm-wRN2uYLp9455HGWNUSCMVwaEeQ () mail gmail com> Content-Type: text/plain; charset="iso-8859-1" Hello Guys, I have following query on fast_pattern; our snort.conf file has *max-pattern-len 20 *for fast_pattern , I have only used* fast_pattern* keyword(here ihavenot used fast_pattern:only; *or* * ** fast_pattern:x,y;*) in the rule for the content which is more then 20 bytes to change the default snort behavior of longest content as fast_pattern candidate . My question : will "*fast_pattern* " keyword with a content size greater then 20 bytes will override the snort's default longest content as fast_pattern candidate and it will also override the max-pattern-len 20orshould i use fast_pattern:only; to override the max-pattern-len andsnortdefault longest content as fast_pattern ? Warm Regards Arvind Kumar -------------- next part -------------- An HTML attachment was scrubbed... ------------------------------ Message: 5 Date: Fri, 23 Aug 2013 18:56:43 +0530 From: anagha b <banagha3 () gmail com> Subject: [Snort-users] @dynamic preprocessor error To: snort-users () lists sourceforge net Message-ID: < CACCbNdsvsB4+H15iYE+98LZ5QdEcmFp27wPWt4_o8oyztxoYsQ () mail gmail com> Content-Type: text/plain; charset="iso-8859-1" Hi all Using snort-2.9.5 and configured it with --enable sourcefire when tried to run snort got following error ERROR size 448 != 456 ERROR: Failed to initialize dynamic preprocessor: SF_IMAP version 1.0.1 (-2) Fatal Error, Quitting.. Tried solutions 1]removed dynamic preprocessor and done make install again 2] tried to run snort with -T snort -c /snort.conf -T instead of snort -c /snort.conf -i eth0 still same error persists I am using daq-2.0.0 and libdne-1.12. plz help . -------------- next part -------------- An HTML attachment was scrubbed... ------------------------------ Message: 6 Date: Fri, 23 Aug 2013 09:52:43 -0400 From: waldo kitty <wkitty42 () windstream net> Subject: Re: [Snort-users] @dynamic preprocessor error To: snort-users () lists sourceforge net Message-ID: <5217692B.9080804 () windstream net> Content-Type: text/plain; charset=UTF-8; format=flowed On 8/23/2013 09:26, anagha b wrote:ERROR size 448 != 456 ERROR: Failed to initialize dynamic preprocessor: SF_IMAP version1.0.1(-2)Fatal Error, Quitting.. Tried solutions 1]removed dynamic preprocessor and done make install again1. where did you remove the preprocessors from? 2. where is the snort.conf pointing to for them? 3. what does "snort -V" return? -- NOTE: No off-list assistance is given without prior approval. Please keep mailing list traffic on the list unless private contact is specifically requested and granted. ------------------------------------------------------------------------------------------------------------Introducing Performance Central, a new site from SourceForge and AppDynamics. Performance Central is your source for news, insights, analysis and resources for efficient Application Performance Management. Visit us today!http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk------------------------------ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-users End of Snort-users Digest, Vol 87, Issue 65 *******************************************-------------- next part -------------- An HTML attachment was scrubbed... ------------------------------ ------------------------------------------------------------------------------ Introducing Performance Central, a new site from SourceForge and AppDynamics. Performance Central is your source for news, insights, analysis and resources for efficient Application Performance Management. Visit us today! http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk ------------------------------ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-users End of Snort-users Digest, Vol 87, Issue 67 *******************************************
------------------------------------------------------------------------------ Introducing Performance Central, a new site from SourceForge and AppDynamics. Performance Central is your source for news, insights, analysis and resources for efficient Application Performance Management. Visit us today! http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Re: Snort-users Digest, Vol 87, Issue 67 anagha b (Aug 24)