Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: help with WARNING: flowbits key

From: hernani <coelho.hernani () sapo pt>
Date: Sun, 15 Jun 2014 16:12:08 +0100
*hello,**
**
**i dont have restart pc after install pulledpork,**
**
**now give me this -->*

    http://code.google.com/p/pulledpork/
      _____ ____
     `----,\    )
      `--==\\  /    PulledPork v0.7.0 - Swine Flu!
       `--==\\/
     .-~~~~-.Y|\\_  Copyright (C) 2009-2013 JJ Cummings
  @_/        /  66\_  cummingsj () gmail com
    |    \   \   _(")
     \   /-| ||'--'  Rules give me wings!
      \_\  \_\\
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Checking latest MD5 for snortrules-snapshot-2961.tar.gz....
Rules tarball download of snortrules-snapshot-2961.tar.gz....
    They Match
    Done!
Checking latest MD5 for community-rules.tar.gz....
Rules tarball download of community-rules.tar.gz....
    They Match
    Done!
IP Blacklist download of http://labs.snort.org/feeds/ip-filter.blf....
Reading IP List...
Checking latest MD5 for opensource.gz....
Rules tarball download of opensource.gz....
    They Match
    Done!
Checking latest MD5 for emerging.rules.tar.gz....
Rules tarball download of emerging.rules.tar.gz....
    They Match
    Done!
Prepping rules from opensource.gz for work....
    Done!
Prepping rules from emerging.rules.tar.gz for work....
    Done!
Prepping rules from snortrules-snapshot-2961.tar.gz for work....
    Done!
Prepping rules from community-rules.tar.gz for work....
    Done!
Reading rules...
Generating Stub Rules....
An error occurred: WARNING: ip4 normalizations disabled because not inline.
An error occurred: WARNING: tcp normalizations disabled because not inline.
An error occurred: WARNING: icmp4 normalizations disabled because not inline.
An error occurred: WARNING: ip6 normalizations disabled because not inline.
An error occurred: WARNING: icmp6 normalizations disabled because not inline. 

    Done
Reading rules...
Reading rules...
Writing Blacklist File /usr/local/snort/rules/default.blacklist....
Writing Blacklist Version 942760505 to /usr/local/snort/rules/iplistsIPRVersion.dat.... 
Setting Flowbit State....
    Enabled 114 flowbits
    Done
Writing /usr/local/snort/rules/teste.rules....
    Done
Generating sid-msg.map....
    Done
Writing v1 /usr/local/snort/etc/sid-msg.map....
    Done
Writing /var/log/sid_changes.log....
    Done
Rule Stats...
    New:-------46
    Deleted:---16
    Enabled Rules:----21167
    Dropped Rules:----0
    Disabled Rules:---19609
    Total Rules:------40776
IP Blacklist Stats...
    Total IPs:-----839

Done
Please review /var/log/sid_changes.log for additional details
Fly Piggy Fly!

*i dont know if this is right but dont fix dependencies flowbits*

someone can help me?

thanks

hernani coelho

Em 14-06-2014 17:20, hernani escreveu:

hello Joel,
i install pulledpork but tell me the rules are match and dont fix dependencies 

were is the output



Checking latest MD5 for snortrules-snapshot-2961.tar.gz....
    They Match
    Done!
Checking latest MD5 for community-rules.tar.gz....
    They Match
    Done!
IP Blacklist download of http://labs.snort.org/feeds/ip-filter.blf....
Reading IP List...
Checking latest MD5 for opensource.gz....
    They Match
    Done!
Writing Blacklist File /usr/local/snort/rules/default.blacklist....
Writing Blacklist Version 895836774 to /usr/local/snort/rules/iplistsIPRVersion.dat.... 
Fly Piggy Fly!


thanks

hernani coelho





Em 13-06-2014 20:59, Joel Esler (jesler) escreveu:
Are you using pulledpork to manage your ruleset? I suggest that you do, as pulledpork should fix these dependency problems. 

--
*Joel Esler*
Open Source Manager
Threat Intelligence Team Lead
Vulnerability Research Team
On Jun 13, 2014, at 6:23 AM, hernani <coelho.hernani () sapo pt <mailto:coelho.hernani () sapo pt>> wrote: 


hello,

how can i remove this warning --->


Jun 13 11:17:08 hernani snort[13332]: WARNING: flowbits key 'file.abc'
is set but not ever checked.
Jun 13 11:17:08 hernani snort[13332]: WARNING: flowbits key
'imap.cram_md5' is set but not ever checked.
Jun 13 11:17:08 hernani snort[13332]: WARNING: flowbits key 'file.fon'
is set but not ever checked.
Jun 13 11:17:08 hernani snort[13332]: WARNING: flowbits key 'file.xwd'
is set but not ever checked.
Jun 13 11:17:08 hernani snort[13332]: WARNING: flowbits key 'file.mp3'
is checked but not ever set.
Jun 13 11:17:08 hernani snort[13332]: WARNING: flowbits key 'file.wav'
is checked but not ever set.
Jun 13 11:17:08 hernani snort[13332]: WARNING: flowbits key 'file.maki'
is checked but not ever set.
Jun 13 11:17:08 hernani snort[13332]: WARNING: flowbits key
'cocsoft.stream' is set but not ever checked.
Jun 13 11:17:08 hernani snort[13332]: WARNING: flowbits key
'file.pecompact' is checked but not ever set.
Jun 13 11:17:08 hernani snort[13332]: WARNING: flowbits key 'file.fpx'
is set but not ever checked.
Jun 13 11:17:08 hernani snort[13332]: WARNING: flowbits key 'file.wma'
is checked but not ever set.
Jun 13 11:17:08 hernani snort[13332]: WARNING: flowbits key 'file.png'
is checked but not ever set.
Jun 13 11:17:08 hernani snort[13332]: WARNING: flowbits key 'file.asf'
is checked but not ever set.
Jun 13 11:17:08 hernani snort[13332]: WARNING: flowbits key 'hornet.4'
is set but not ever checked.
Jun 13 11:17:08 hernani snort[13332]: WARNING: flowbits key 'hplogin' is 
set but not ever checked.
Jun 13 11:17:08 hernani snort[13332]: WARNING: flowbits key 'file.nab'
is set but not ever checked.
Jun 13 11:17:08 hernani snort[13332]: WARNING: flowbits key 'file.xps'
is set but not ever checked.
Jun 13 11:17:08 hernani snort[13332]: WARNING: flowbits key
'file.wmp_playlist' is checked but not ever set.


thanks

hernani coelho

------------------------------------------------------------------------------
HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions 
Find What Matters Most in Your Big Data with HPCC Systems
Open Source. Fast. Scalable. Simple. Ideal for Dirty Data.
Leverages Graph Analysis for Fast Processing & Easy Data Exploration
http://p.sf.net/sfu/hpccsystems
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
Please visit http://blog.snort.org to stay current on all the latest Snort news! 





------------------------------------------------------------------------------
HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions
Find What Matters Most in Your Big Data with HPCC Systems
Open Source. Fast. Scalable. Simple. Ideal for Dirty Data.
Leverages Graph Analysis for Fast Processing & Easy Data Exploration
http://p.sf.net/sfu/hpccsystems


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!



------------------------------------------------------------------------------
HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions
Find What Matters Most in Your Big Data with HPCC Systems
Open Source. Fast. Scalable. Simple. Ideal for Dirty Data.
Leverages Graph Analysis for Fast Processing & Easy Data Exploration
http://p.sf.net/sfu/hpccsystems
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: