Snort mailing list archives
Re: installation help
From: Sharif Uddin <Sharif.Uddin () spectrumasa com>
Date: Wed, 27 Aug 2014 17:34:01 +0000
I assumed there was something wrong. [root@snort bin]# ps aux | grep -i "snort" avahi 575 0.0 0.1 27944 1500 ? Ss 16:43 0:00 avahi-daemon: running [snort.local] snort 1415 0.0 25.8 588920 263360 ? Ssl 17:50 0:00 ./snort -A fast -b -d -D -i enp0s3 -u snort -g snort -c /etc/snort/snort.conf -l /var/log/snort root 1447 0.0 0.0 107932 620 pts/1 S+ 18:02 0:00 tail -f /var/log/messages /var/log/snort/alert root 1457 0.0 0.0 112640 980 pts/0 R+ 18:32 0:00 grep --color=auto -i snort I have a tail running which does not seem to append any output in the log file. I have tried pinging the snort server from another internal machine. From: Robert Millott [mailto:robm () millottandassociates com] Sent: 27 August 2014 18:29 To: Sharif Uddin Cc: snort-users () lists sourceforge net Subject: Re: [Snort-users] installation help I run snort with daq settings as well. I have never tried ./snort status, but I just did and I get a similiar error. snort status Running in packet dump mode --== Initializing Snort ==-- Initializing Output Plugins! Snort BPF option: status ERROR: Can't find pcap DAQ! Fatal Error, Quitting.. My snort is running just fine and has been for months, so I'm not sure that what you are seeing is a problem. Try just running ps ax | grep snort to make sure snort is running On Wed, Aug 27, 2014 at 12:52 PM, Sharif Uddin <Sharif.Uddin () spectrumasa com<mailto:Sharif.Uddin () spectrumasa com>> wrote: Hello I have followed this guide to install snort https://s3.amazonaws.com/snort-org-site/production/document_files/files/000/000/002/original/snort296x_centos6x.pdf?AWSAccessKeyId=AKIAIXACIED2SPMSC7GA&Expires=1409153064&Signature=TBLNp6Ze%2FN9F3smCPMgm1AWkl6g%3D I am using a vm on virtual box with centos 7 64bit minimal install. So far I can run following command [root@snort bin]# ./snort -A fast -b -d -D -i enp0s3 -u snort -g snort -c /etc/snort/snort.conf -l /var/log/snort Spawning daemon child... My daemon child 1415 lives... Daemon parent exiting (0) In the log file I get the following Aug 27 17:50:21 snort snort[1414]: Running in IDS mode Aug 27 17:50:21 snort snort[1414]: Aug 27 17:50:21 snort snort[1414]: --== Initializing Snort ==-- Aug 27 17:50:21 snort snort[1414]: Initializing Output Plugins! Aug 27 17:50:21 snort snort[1414]: Initializing Preprocessors! Aug 27 17:50:21 snort snort[1414]: Initializing Plug-ins! Aug 27 17:50:21 snort snort[1414]: Parsing Rules file "/etc/snort/snort.conf" Aug 27 17:50:21 snort snort[1414]: PortVar 'HTTP_PORTS' defined : Aug 27 17:50:21 snort snort[1414]: [ 36 80:90 311 383 555 591 593 631 801 808 818 901 972 1158 1220 1414 1533 1741 1830 1942 2231 2301 2381 2809 2980 3029 3037 3057 3128 3443 3702 4000 4343 4848 5000 5117 5250 5600 6080 6173 6988 7000:7001 7071 7144:7145 7510 7770 7777:7779 8000 8008 8014 8028 8080:8082 8085 8088 8090 8118 8123 8180:8181 8222 8243 8280 8300 8333 8344 8500 8509 8800 8888 8899 8983 9000 9060 9080 9090:9091 9111 9290 9443 9999:10000 11371 12601 13014 15489 29991 33300 34412 34443:34444 41080 44449 50000 50002 51423 53331 55252 55555 56712 ] Aug 27 17:50:21 snort snort[1414]: Aug 27 17:50:21 snort snort[1414]: PortVar 'SHELLCODE_PORTS' defined : Aug 27 17:50:21 snort snort[1414]: [ 0:79 81:65535 ] Aug 27 17:50:21 snort snort[1414]: Aug 27 17:50:21 snort snort[1414]: PortVar 'ORACLE_PORTS' defined : Aug 27 17:50:21 snort snort[1414]: [ 1024:65535 ] Aug 27 17:50:21 snort snort[1414]: Aug 27 17:50:21 snort snort[1414]: PortVar 'SSH_PORTS' defined : Aug 27 17:50:21 snort snort[1414]: [ 22 ] Aug 27 17:50:21 snort snort[1414]: Aug 27 17:50:21 snort snort[1414]: PortVar 'FTP_PORTS' defined : Aug 27 17:50:21 snort snort[1414]: [ 21 2100 3535 ] Aug 27 17:50:21 snort snort[1414]: Aug 27 17:50:21 snort snort[1414]: PortVar 'SIP_PORTS' defined : Aug 27 17:50:21 snort snort[1414]: [ 5060:5061 5600 ] Aug 27 17:50:21 snort snort[1414]: Aug 27 17:50:21 snort snort[1414]: PortVar 'FILE_DATA_PORTS' defined : Aug 27 17:50:21 snort snort[1414]: [ 36 80:90 110 143 311 383 555 591 593 631 801 808 818 901 972 1158 1220 1414 1533 1741 1830 1942 2231 2301 2381 2809 2980 3029 3037 3057 3128 3443 3702 4000 4343 4848 5000 5117 5250 5600 6080 6173 6988 7000:7001 7071 7144:7145 7510 7770 7777:7779 8000 8008 8014 8028 8080:8082 8085 8088 8090 8118 8123 8180:8181 8222 8243 8280 8300 8333 8344 8500 8509 8800 8888 8899 8983 9000 9060 9080 9090:9091 9111 9290 9443 9999:10000 11371 12601 13014 15489 29991 33300 34412 34443:34444 41080 44449 50000 50002 51423 53331 55252 55555 56712 ] Aug 27 17:50:21 snort snort[1414]: Aug 27 17:50:21 snort snort[1414]: PortVar 'GTP_PORTS' defined : Aug 27 17:50:21 snort snort[1414]: [ 2123 2152 3386 ] Aug 27 17:50:21 snort snort[1414]: Aug 27 17:50:21 snort snort[1414]: Detection: Aug 27 17:50:21 snort snort[1414]: Search-Method = AC-Full-Q Aug 27 17:50:21 snort snort[1414]: Split Any/Any group = enabled Aug 27 17:50:21 snort snort[1414]: Search-Method-Optimizations = enabled Aug 27 17:50:21 snort snort[1414]: Maximum pattern length = 20 Aug 27 17:50:21 snort snort[1414]: Tagged Packet Limit: 256 Aug 27 17:50:21 snort snort[1414]: Loading dynamic engine /usr/local/lib/snort_dynamicengine/libsf_engine.so... Aug 27 17:50:21 snort snort[1414]: done Aug 27 17:50:21 snort snort[1414]: Loading all dynamic detection libs from /usr/local/lib/snort_dynamicrules... Aug 27 17:50:21 snort snort[1414]: WARNING: No dynamic libraries found in directory /usr/local/lib/snort_dynamicrules. Aug 27 17:50:21 snort snort[1414]: Finished Loading all dynamic detection libs from /usr/local/lib/snort_dynamicrules Aug 27 17:50:21 snort snort[1414]: Loading all dynamic preprocessor libs from /usr/local/lib/snort_dynamicpreprocessor/... Aug 27 17:50:21 snort snort[1414]: Loading dynamic preprocessor library /usr/local/lib/snort_dynamicpreprocessor//libsf_ftptelnet_preproc.so... Aug 27 17:50:21 snort snort[1414]: done Aug 27 17:50:21 snort snort[1414]: Loading dynamic preprocessor library /usr/local/lib/snort_dynamicpreprocessor//libsf_pop_preproc.so... Aug 27 17:50:21 snort snort[1414]: done Aug 27 17:50:21 snort snort[1414]: Loading dynamic preprocessor library /usr/local/lib/snort_dynamicpreprocessor//libsf_imap_preproc.so... Aug 27 17:50:21 snort snort[1414]: done Aug 27 17:50:21 snort snort[1414]: Loading dynamic preprocessor library /usr/local/lib/snort_dynamicpreprocessor//libsf_smtp_preproc.so... Aug 27 17:50:21 snort snort[1414]: done Aug 27 17:50:21 snort snort[1414]: Loading dynamic preprocessor library /usr/local/lib/snort_dynamicpreprocessor//libsf_ssh_preproc.so... Aug 27 17:50:21 snort snort[1414]: done Aug 27 17:50:21 snort snort[1414]: Loading dynamic preprocessor library /usr/local/lib/snort_dynamicpreprocessor//libsf_dns_preproc.so... Aug 27 17:50:21 snort snort[1414]: done Aug 27 17:50:21 snort snort[1414]: Loading dynamic preprocessor library /usr/local/lib/snort_dynamicpreprocessor//libsf_ssl_preproc.so... Aug 27 17:50:21 snort snort[1414]: done Aug 27 17:50:21 snort snort[1414]: Loading dynamic preprocessor library /usr/local/lib/snort_dynamicpreprocessor//libsf_dce2_preproc.so... Aug 27 17:50:21 snort snort[1414]: done Aug 27 17:50:21 snort snort[1414]: Loading dynamic preprocessor library /usr/local/lib/snort_dynamicpreprocessor//libsf_sdf_preproc.so... Aug 27 17:50:21 snort snort[1414]: done Aug 27 17:50:21 snort snort[1414]: Loading dynamic preprocessor library /usr/local/lib/snort_dynamicpreprocessor//libsf_sip_preproc.so... Aug 27 17:50:21 snort snort[1414]: done Aug 27 17:50:21 snort snort[1414]: Loading dynamic preprocessor library /usr/local/lib/snort_dynamicpreprocessor//libsf_reputation_preproc.so... Aug 27 17:50:21 snort snort[1414]: done Aug 27 17:50:21 snort snort[1414]: Loading dynamic preprocessor library /usr/local/lib/snort_dynamicpreprocessor//libsf_gtp_preproc.so... Aug 27 17:50:21 snort snort[1414]: done Aug 27 17:50:21 snort snort[1414]: Loading dynamic preprocessor library /usr/local/lib/snort_dynamicpreprocessor//libsf_modbus_preproc.so... Aug 27 17:50:21 snort snort[1414]: done Aug 27 17:50:21 snort snort[1414]: Loading dynamic preprocessor library /usr/local/lib/snort_dynamicpreprocessor//libsf_dnp3_preproc.so... Aug 27 17:50:21 snort snort[1414]: done Aug 27 17:50:21 snort snort[1414]: Finished Loading all dynamic preprocessor libs from /usr/local/lib/snort_dynamicpreprocessor/ Aug 27 17:50:21 snort snort[1414]: Log directory = /var/log/snort Aug 27 17:50:21 snort snort[1414]: WARNING: ip4 normalizations disabled because not inline. Aug 27 17:50:21 snort snort[1414]: WARNING: tcp normalizations disabled because not inline. Aug 27 17:50:21 snort snort[1414]: WARNING: icmp4 normalizations disabled because not inline. Aug 27 17:50:21 snort snort[1414]: WARNING: ip6 normalizations disabled because not inline. Aug 27 17:50:21 snort snort[1414]: WARNING: icmp6 normalizations disabled because not inline. Aug 27 17:50:21 snort snort[1414]: Frag3 global config: Aug 27 17:50:21 snort snort[1414]: Max frags: 65536 Aug 27 17:50:21 snort snort[1414]: Fragment memory cap: 4194304 bytes Aug 27 17:50:21 snort snort[1414]: Frag3 engine config: Aug 27 17:50:21 snort snort[1414]: Bound Address: default Aug 27 17:50:21 snort snort[1414]: Target-based policy: WINDOWS Aug 27 17:50:21 snort snort[1414]: Fragment timeout: 180 seconds Aug 27 17:50:21 snort snort[1414]: Fragment min_ttl: 1 Aug 27 17:50:21 snort snort[1414]: Fragment Anomalies: Alert Aug 27 17:50:21 snort snort[1414]: Overlap Limit: 10 Aug 27 17:50:21 snort snort[1414]: Min fragment Length: 100 Aug 27 17:50:21 snort snort[1414]: Stream5 global config: Aug 27 17:50:21 snort snort[1414]: Track TCP sessions: ACTIVE Aug 27 17:50:21 snort snort[1414]: Max TCP sessions: 262144 Aug 27 17:50:21 snort snort[1414]: TCP cache pruning timeout: 30 seconds Aug 27 17:50:21 snort snort[1414]: TCP cache nominal timeout: 3600 seconds Aug 27 17:50:21 snort snort[1414]: Memcap (for reassembly packet storage): 8388608 Aug 27 17:50:21 snort snort[1414]: Track UDP sessions: ACTIVE Aug 27 17:50:21 snort snort[1414]: Max UDP sessions: 131072 Aug 27 17:50:21 snort snort[1414]: UDP cache pruning timeout: 30 seconds Aug 27 17:50:21 snort snort[1414]: UDP cache nominal timeout: 180 seconds Aug 27 17:50:21 snort snort[1414]: Track ICMP sessions: INACTIVE Aug 27 17:50:21 snort snort[1414]: Track IP sessions: INACTIVE Aug 27 17:50:21 snort snort[1414]: Log info if session memory consumption exceeds 1048576 Aug 27 17:50:21 snort snort[1414]: Send up to 2 active responses Aug 27 17:50:21 snort snort[1414]: Wait at least 5 seconds between responses Aug 27 17:50:21 snort snort[1414]: Protocol Aware Flushing: ACTIVE Aug 27 17:50:21 snort snort[1414]: Maximum Flush Point: 16000 Aug 27 17:50:21 snort snort[1414]: Max Expected Streams: 768 Aug 27 17:50:21 snort snort[1414]: Stream5 TCP Policy config: Aug 27 17:50:21 snort snort[1414]: Bound Address: default Aug 27 17:50:21 snort snort[1414]: Reassembly Policy: WINDOWS Aug 27 17:50:21 snort snort[1414]: Timeout: 180 seconds Aug 27 17:50:21 snort snort[1414]: Limit on TCP Overlaps: 10 Aug 27 17:50:21 snort snort[1414]: Maximum number of bytes to queue per session: 1048576 Aug 27 17:50:21 snort snort[1414]: Maximum number of segs to queue per session: 2621 Aug 27 17:50:21 snort snort[1414]: Options: Aug 27 17:50:21 snort snort[1414]: Require 3-Way Handshake: YES Aug 27 17:50:21 snort snort[1414]: 3-Way Handshake Timeout: 180 Aug 27 17:50:21 snort snort[1414]: Detect Anomalies: YES Aug 27 17:50:21 snort snort[1414]: Reassembly Ports: Aug 27 17:50:21 snort snort[1414]: 21 client (Footprint) Aug 27 17:50:21 snort snort[1414]: 22 client (Footprint) Aug 27 17:50:21 snort snort[1414]: 23 client (Footprint) Aug 27 17:50:21 snort snort[1414]: 25 client (Footprint) Aug 27 17:50:21 snort snort[1414]: 36 client (Footprint) server (Footprint) Aug 27 17:50:21 snort snort[1414]: 42 client (Footprint) Aug 27 17:50:21 snort snort[1414]: 53 client (Footprint) Aug 27 17:50:21 snort snort[1414]: 70 client (Footprint) Aug 27 17:50:21 snort snort[1414]: 79 client (Footprint) Aug 27 17:50:21 snort snort[1414]: 80 client (Footprint) server (Footprint) Aug 27 17:50:21 snort snort[1414]: 81 client (Footprint) server (Footprint) Aug 27 17:50:21 snort snort[1414]: 82 client (Footprint) server (Footprint) Aug 27 17:50:21 snort snort[1414]: 83 client (Footprint) server (Footprint) Aug 27 17:50:21 snort snort[1414]: 84 client (Footprint) server (Footprint) Aug 27 17:50:21 snort snort[1414]: 85 client (Footprint) server (Footprint) Aug 27 17:50:21 snort snort[1414]: 86 client (Footprint) server (Footprint) Aug 27 17:50:21 snort snort[1414]: 87 client (Footprint) server (Footprint) Aug 27 17:50:21 snort snort[1414]: 88 client (Footprint) server (Footprint) Aug 27 17:50:21 snort snort[1414]: 89 client (Footprint) server (Footprint) Aug 27 17:50:21 snort snort[1414]: 90 client (Footprint) server (Footprint) Aug 27 17:50:21 snort snort[1414]: additional ports configured but not printed. Aug 27 17:50:21 snort snort[1414]: Stream5 UDP Policy config: Aug 27 17:50:21 snort snort[1414]: Timeout: 180 seconds Aug 27 17:50:21 snort snort[1414]: HttpInspect Config: Aug 27 17:50:21 snort snort[1414]: GLOBAL CONFIG Aug 27 17:50:21 snort snort[1414]: Max Pipeline Requests: 0 Aug 27 17:50:21 snort snort[1414]: Inspection Type: STATELESS Aug 27 17:50:21 snort snort[1414]: Detect Proxy Usage: NO Aug 27 17:50:21 snort snort[1414]: IIS Unicode Map Filename: /etc/snort/unicode.map Aug 27 17:50:21 snort snort[1414]: IIS Unicode Map Codepage: 1252 Aug 27 17:50:21 snort snort[1414]: Memcap used for logging URI and Hostname: 150994944 Aug 27 17:50:21 snort snort[1414]: Max Gzip Memory: 838860 Aug 27 17:50:21 snort snort[1414]: Max Gzip Sessions: 5518 Aug 27 17:50:21 snort snort[1414]: Gzip Compress Depth: 65535 Aug 27 17:50:21 snort snort[1414]: Gzip Decompress Depth: 65535 Aug 27 17:50:21 snort snort[1414]: DEFAULT SERVER CONFIG: Aug 27 17:50:21 snort snort[1414]: Server profile: All Aug 27 17:50:21 snort snort[1414]: Ports (PAF): 36 80 81 82 83 84 85 86 87 88 89 90 311 383 555 591 593 631 801 808 818 901 972 1158 1220 1414 1533 1741 1830 1942 2231 2301 2381 2809 2980 3029 3037 3057 3128 3443 3702 4000 4343 4848 5000 5117 5250 5600 6080 6173 6988 7000 7001 7071 7144 7145 7510 7770 7777 7778 7779 8000 8008 8014 8028 8080 8081 8082 8085 8088 8090 8118 8123 8180 8181 8222 8243 8280 8300 8333 8344 8500 8509 8800 8888 8899 8983 9000 9060 9080 9090 9091 9111 9290 9443 9999 10000 11371 12601 13014 15489 29991 33300 34412 34443 34444 41080 44449 50000 50002 51423 53331 55252 55555 56712 Aug 27 17:50:21 snort snort[1414]: Server Flow Depth: 0 Aug 27 17:50:21 snort snort[1414]: Client Flow Depth: 0 Aug 27 17:50:21 snort snort[1414]: Max Chunk Length: 500000 Aug 27 17:50:21 snort snort[1414]: Small Chunk Length Evasion: chunk size <= 10, threshold >= 5 times Aug 27 17:50:21 snort snort[1414]: Max Header Field Length: 750 Aug 27 17:50:21 snort snort[1414]: Max Number Header Fields: 100 Aug 27 17:50:21 snort snort[1414]: Max Number of WhiteSpaces allowed with header folding: 200 Aug 27 17:50:21 snort snort[1414]: Inspect Pipeline Requests: YES Aug 27 17:50:21 snort snort[1414]: URI Discovery Strict Mode: NO Aug 27 17:50:21 snort snort[1414]: Allow Proxy Usage: NO Aug 27 17:50:21 snort snort[1414]: Disable Alerting: NO Aug 27 17:50:21 snort snort[1414]: Oversize Dir Length: 500 Aug 27 17:50:21 snort snort[1414]: Only inspect URI: NO Aug 27 17:50:21 snort snort[1414]: Normalize HTTP Headers: NO Aug 27 17:50:21 snort snort[1414]: Inspect HTTP Cookies: YES Aug 27 17:50:21 snort snort[1414]: Inspect HTTP Responses: YES Aug 27 17:50:21 snort snort[1414]: Extract Gzip from responses: YES Aug 27 17:50:21 snort snort[1414]: Unlimited decompression of gzip data from responses: YES Aug 27 17:50:21 snort snort[1414]: Normalize Javascripts in HTTP Responses: YES Aug 27 17:50:21 snort snort[1414]: Max Number of WhiteSpaces allowed with Javascript Obfuscation in HTTP responses: 200 Aug 27 17:50:21 snort snort[1414]: Normalize HTTP Cookies: NO Aug 27 17:50:21 snort snort[1414]: Enable XFF and True Client IP: NO Aug 27 17:50:21 snort snort[1414]: Log HTTP URI data: NO Aug 27 17:50:21 snort snort[1414]: Log HTTP Hostname data: NO Aug 27 17:50:21 snort snort[1414]: Extended ASCII code support in URI: NO Aug 27 17:50:21 snort snort[1414]: Ascii: YES alert: NO Aug 27 17:50:21 snort snort[1414]: Double Decoding: YES alert: NO Aug 27 17:50:21 snort snort[1414]: %U Encoding: YES alert: YES Aug 27 17:50:21 snort snort[1414]: Bare Byte: YES alert: NO Aug 27 17:50:21 snort snort[1414]: UTF 8: YES alert: NO Aug 27 17:50:21 snort snort[1414]: IIS Unicode: YES alert: NO Aug 27 17:50:21 snort snort[1414]: Multiple Slash: YES alert: NO Aug 27 17:50:21 snort snort[1414]: IIS Backslash: YES alert: NO Aug 27 17:50:21 snort snort[1414]: Directory Traversal: YES alert: NO Aug 27 17:50:21 snort snort[1414]: Web Root Traversal: YES alert: NO Aug 27 17:50:21 snort snort[1414]: Apache WhiteSpace: YES alert: NO Aug 27 17:50:21 snort snort[1414]: IIS Delimiter: YES alert: NO Aug 27 17:50:21 snort snort[1414]: IIS Unicode Map: GLOBAL IIS UNICODE MAP CONFIG Aug 27 17:50:21 snort snort[1414]: Non-RFC Compliant Characters: 0x00 0x01 0x02 0x03 0x04 0x05 0x06 0x07 Aug 27 17:50:21 snort snort[1414]: Whitespace Characters: 0x09 0x0b 0x0c 0x0d Aug 27 17:50:21 snort snort[1414]: rpc_decode arguments: Aug 27 17:50:21 snort snort[1414]: Ports to decode RPC on: 111 32770 32771 32772 32773 32774 32775 32776 32777 32778 32779 Aug 27 17:50:21 snort snort[1414]: alert_fragments: INACTIVE Aug 27 17:50:21 snort snort[1414]: alert_large_fragments: INACTIVE Aug 27 17:50:21 snort snort[1414]: alert_incomplete: INACTIVE Aug 27 17:50:21 snort snort[1414]: alert_multiple_requests: INACTIVE Aug 27 17:50:21 snort snort[1414]: FTPTelnet Config: Aug 27 17:50:21 snort snort[1414]: GLOBAL CONFIG Aug 27 17:50:21 snort snort[1414]: Inspection Type: stateful Aug 27 17:50:21 snort snort[1414]: Check for Encrypted Traffic: YES alert: NO Aug 27 17:50:21 snort snort[1414]: Continue to check encrypted data: YES Aug 27 17:50:21 snort snort[1414]: TELNET CONFIG: Aug 27 17:50:21 snort snort[1414]: Ports: 23 Aug 27 17:50:21 snort snort[1414]: Are You There Threshold: 20 Aug 27 17:50:21 snort snort[1414]: Normalize: YES Aug 27 17:50:21 snort snort[1414]: Detect Anomalies: YES Aug 27 17:50:21 snort snort[1414]: FTP CONFIG: Aug 27 17:50:21 snort snort[1414]: FTP Server: default Aug 27 17:50:21 snort snort[1414]: Ports (PAF): 21 2100 3535 Aug 27 17:50:21 snort snort[1414]: Check for Telnet Cmds: YES alert: YES Aug 27 17:50:21 snort snort[1414]: Ignore Telnet Cmd Operations: YES alert: YES Aug 27 17:50:21 snort snort[1414]: Ignore open data channels: NO Aug 27 17:50:21 snort snort[1414]: FTP Client: default Aug 27 17:50:21 snort snort[1414]: Check for Bounce Attacks: YES alert: YES Aug 27 17:50:21 snort snort[1414]: Check for Telnet Cmds: YES alert: YES Aug 27 17:50:21 snort snort[1414]: Ignore Telnet Cmd Operations: YES alert: YES Aug 27 17:50:21 snort snort[1414]: Max Response Length: 256 Aug 27 17:50:21 snort snort[1414]: SMTP Config: Aug 27 17:50:21 snort snort[1414]: Ports: 25 465 587 691 Aug 27 17:50:21 snort snort[1414]: Inspection Type: Stateful Aug 27 17:50:21 snort snort[1414]: Normalize: ATRN AUTH BDAT DATA DEBUG EHLO EMAL ESAM ESND ESOM ETRN EVFY EXPN HELO HELP IDENT MAIL NOOP ONEX QUEU QUIT RCPT RSET SAML SEND STARTTLS SOML TICK TIME TURN TURNME VERB VRFY X-EXPS XADR XAUTH XCIR XEXCH50 XGEN XLICENSE X-LINK2STATE XQUE XSTA XTRN XUSR CHUNKING X-ADAT X-DRCP X-ERCP X-EXCH50 Aug 27 17:50:21 snort snort[1414]: Ignore Data: No Aug 27 17:50:21 snort snort[1414]: Ignore TLS Data: No Aug 27 17:50:21 snort snort[1414]: Ignore SMTP Alerts: No Aug 27 17:50:21 snort snort[1414]: Max Command Line Length: 512 Aug 27 17:50:21 snort snort[1414]: Max Specific Command Line Length: Aug 27 17:50:21 snort snort[1414]: ATRN:255 AUTH:246 BDAT:255 DATA:246 DEBUG:255 Aug 27 17:50:21 snort snort[1414]: EHLO:500 EMAL:255 ESAM:255 ESND:255 ESOM:255 Aug 27 17:50:21 snort snort[1414]: ETRN:246 EVFY:255 EXPN:255 HELO:500 HELP:500 Aug 27 17:50:21 snort snort[1414]: IDENT:255 MAIL:260 NOOP:255 ONEX:246 QUEU:246 Aug 27 17:50:21 snort snort[1414]: QUIT:246 RCPT:300 RSET:246 SAML:246 SEND:246 Aug 27 17:50:21 snort snort[1414]: SIZE:255 STARTTLS:246 SOML:246 TICK:246 TIME:246 Aug 27 17:50:21 snort snort[1414]: TURN:246 TURNME:246 VERB:246 VRFY:255 X-EXPS:246 Aug 27 17:50:21 snort snort[1414]: XADR:246 XAUTH:246 XCIR:246 XEXCH50:246 XGEN:246 Aug 27 17:50:21 snort snort[1414]: XLICENSE:246 X-LINK2STATE:246 XQUE:246 XSTA:246 XTRN:246 Aug 27 17:50:21 snort snort[1414]: XUSR:246 Aug 27 17:50:21 snort snort[1414]: Max Header Line Length: 1000 Aug 27 17:50:21 snort snort[1414]: Max Response Line Length: 512 Aug 27 17:50:21 snort snort[1414]: X-Link2State Alert: Yes Aug 27 17:50:21 snort snort[1414]: Drop on X-Link2State Alert: No Aug 27 17:50:21 snort snort[1414]: Alert on commands: None Aug 27 17:50:21 snort snort[1414]: Alert on unknown commands: No Aug 27 17:50:21 snort snort[1414]: SMTP Memcap: 838860 Aug 27 17:50:21 snort snort[1414]: MIME Max Mem: 838860 Aug 27 17:50:21 snort snort[1414]: Base64 Decoding: Enabled Aug 27 17:50:21 snort snort[1414]: Base64 Decoding Depth: Unlimited Aug 27 17:50:21 snort snort[1414]: Quoted-Printable Decoding: Enabled Aug 27 17:50:21 snort snort[1414]: Quoted-Printable Decoding Depth: Unlimited Aug 27 17:50:21 snort snort[1414]: Unix-to-Unix Decoding: Enabled Aug 27 17:50:21 snort snort[1414]: Unix-to-Unix Decoding Depth: Unlimited Aug 27 17:50:21 snort snort[1414]: Non-Encoded MIME attachment Extraction: Enabled Aug 27 17:50:21 snort snort[1414]: Non-Encoded MIME attachment Extraction Depth: Unlimited Aug 27 17:50:21 snort snort[1414]: Log Attachment filename: Enabled Aug 27 17:50:21 snort snort[1414]: Log MAIL FROM Address: Enabled Aug 27 17:50:21 snort snort[1414]: Log RCPT TO Addresses: Enabled Aug 27 17:50:21 snort snort[1414]: Log Email Headers: Enabled Aug 27 17:50:21 snort snort[1414]: Email Hdrs Log Depth: 1464 Aug 27 17:50:21 snort snort[1414]: SSH config: Aug 27 17:50:21 snort snort[1414]: Autodetection: ENABLED Aug 27 17:50:21 snort snort[1414]: Challenge-Response Overflow Alert: ENABLED Aug 27 17:50:21 snort snort[1414]: SSH1 CRC32 Alert: ENABLED Aug 27 17:50:21 snort snort[1414]: Server Version String Overflow Alert: ENABLED Aug 27 17:50:21 snort snort[1414]: Protocol Mismatch Alert: ENABLED Aug 27 17:50:21 snort snort[1414]: Bad Message Direction Alert: DISABLED Aug 27 17:50:21 snort snort[1414]: Bad Payload Size Alert: DISABLED Aug 27 17:50:21 snort snort[1414]: Unrecognized Version Alert: DISABLED Aug 27 17:50:21 snort snort[1414]: Max Encrypted Packets: 20 Aug 27 17:50:21 snort snort[1414]: Max Server Version String Length: 100 Aug 27 17:50:21 snort snort[1414]: MaxClientBytes: 19600 (Default) Aug 27 17:50:21 snort snort[1414]: Ports: Aug 27 17:50:21 snort snort[1414]: 22 Aug 27 17:50:21 snort snort[1414]: Aug 27 17:50:21 snort snort[1414]: DCE/RPC 2 Preprocessor Configuration Aug 27 17:50:21 snort snort[1414]: Global Configuration Aug 27 17:50:21 snort snort[1414]: DCE/RPC Defragmentation: Enabled Aug 27 17:50:21 snort snort[1414]: Memcap: 102400 KB Aug 27 17:50:21 snort snort[1414]: Events: co Aug 27 17:50:21 snort snort[1414]: SMB Fingerprint policy: Disabled Aug 27 17:50:21 snort snort[1414]: Server Default Configuration Aug 27 17:50:21 snort snort[1414]: Policy: WinXP Aug 27 17:50:21 snort snort[1414]: Detect ports (PAF) Aug 27 17:50:21 snort snort[1414]: SMB: 139 445 Aug 27 17:50:21 snort snort[1414]: TCP: 135 Aug 27 17:50:21 snort snort[1414]: UDP: 135 Aug 27 17:50:21 snort snort[1414]: RPC over HTTP server: 593 Aug 27 17:50:21 snort snort[1414]: RPC over HTTP proxy: None Aug 27 17:50:21 snort snort[1414]: Autodetect ports (PAF) Aug 27 17:50:21 snort snort[1414]: SMB: None Aug 27 17:50:21 snort snort[1414]: TCP: 1025-65535 Aug 27 17:50:21 snort snort[1414]: UDP: 1025-65535 Aug 27 17:50:21 snort snort[1414]: RPC over HTTP server: 1025-65535 Aug 27 17:50:21 snort snort[1414]: RPC over HTTP proxy: None Aug 27 17:50:21 snort snort[1414]: Invalid SMB shares: C$ D$ ADMIN$ Aug 27 17:50:21 snort snort[1414]: Maximum SMB command chaining: 3 commands Aug 27 17:50:21 snort snort[1414]: SMB file inspection: Disabled Aug 27 17:50:21 snort snort[1414]: DNS config: Aug 27 17:50:21 snort snort[1414]: DNS Client rdata txt Overflow Alert: ACTIVE Aug 27 17:50:21 snort snort[1414]: Obsolete DNS RR Types Alert: INACTIVE Aug 27 17:50:21 snort snort[1414]: Experimental DNS RR Types Alert: INACTIVE Aug 27 17:50:21 snort snort[1414]: Ports: Aug 27 17:50:21 snort snort[1414]: 53 Aug 27 17:50:21 snort snort[1414]: Aug 27 17:50:21 snort snort[1414]: SSLPP config: Aug 27 17:50:21 snort snort[1414]: Encrypted packets: not inspected Aug 27 17:50:21 snort snort[1414]: Ports: Aug 27 17:50:21 snort snort[1414]: 443 465 563 636 989 Aug 27 17:50:21 snort snort[1414]: 992 993 994 995 5061 Aug 27 17:50:21 snort snort[1414]: 7801 7802 7900 7901 7902 Aug 27 17:50:21 snort snort[1414]: 7903 7904 7905 7906 7907 Aug 27 17:50:21 snort snort[1414]: 7908 7909 7910 7911 7912 Aug 27 17:50:21 snort snort[1414]: 7913 7914 7915 7916 7917 Aug 27 17:50:21 snort snort[1414]: 7918 7919 7920 Aug 27 17:50:21 snort snort[1414]: Server side data is trusted Aug 27 17:50:21 snort snort[1414]: Sensitive Data preprocessor config: Aug 27 17:50:21 snort snort[1414]: Global Alert Threshold: 25 Aug 27 17:50:21 snort snort[1414]: Masked Output: DISABLED Aug 27 17:50:21 snort snort[1414]: SIP config: Aug 27 17:50:21 snort snort[1414]: Max number of sessions: 40000 Aug 27 17:50:21 snort snort[1414]: Max number of dialogs in a session: 4 (Default) Aug 27 17:50:21 snort snort[1414]: Status: ENABLED Aug 27 17:50:21 snort snort[1414]: Ignore media channel: DISABLED Aug 27 17:50:21 snort snort[1414]: Max URI length: 512 Aug 27 17:50:21 snort snort[1414]: Max Call ID length: 80 Aug 27 17:50:21 snort snort[1414]: Max Request name length: 20 (Default) Aug 27 17:50:21 snort snort[1414]: Max From length: 256 (Default) Aug 27 17:50:21 snort snort[1414]: Max To length: 256 (Default) Aug 27 17:50:21 snort snort[1414]: Max Via length: 1024 (Default) Aug 27 17:50:21 snort snort[1414]: Max Contact length: 512 Aug 27 17:50:21 snort snort[1414]: Max Content length: 2048 Aug 27 17:50:21 snort snort[1414]: Ports: Aug 27 17:50:21 snort snort[1414]: 5060 Aug 27 17:50:21 snort snort[1414]: 5061 Aug 27 17:50:21 snort snort[1414]: 5600 Aug 27 17:50:21 snort snort[1414]: Aug 27 17:50:21 snort snort[1414]: Methods: Aug 27 17:50:21 snort snort[1414]: Aug 27 17:50:21 snort snort[1414]: invite Aug 27 17:50:21 snort snort[1414]: cancel Aug 27 17:50:21 snort snort[1414]: ack Aug 27 17:50:21 snort snort[1414]: bye Aug 27 17:50:21 snort snort[1414]: register Aug 27 17:50:21 snort snort[1414]: options Aug 27 17:50:21 snort snort[1414]: refer Aug 27 17:50:21 snort snort[1414]: subscribe Aug 27 17:50:21 snort snort[1414]: update Aug 27 17:50:21 snort snort[1414]: join Aug 27 17:50:21 snort snort[1414]: info Aug 27 17:50:21 snort snort[1414]: message Aug 27 17:50:21 snort snort[1414]: notify Aug 27 17:50:21 snort snort[1414]: benotify Aug 27 17:50:21 snort snort[1414]: do Aug 27 17:50:21 snort snort[1414]: qauth Aug 27 17:50:21 snort snort[1414]: sprack Aug 27 17:50:21 snort snort[1414]: publish Aug 27 17:50:21 snort snort[1414]: service Aug 27 17:50:21 snort snort[1414]: unsubscribe Aug 27 17:50:21 snort snort[1414]: prack Aug 27 17:50:21 snort snort[1414]: Aug 27 17:50:21 snort snort[1414]: IMAP Config: Aug 27 17:50:21 snort snort[1414]: Ports: 143 Aug 27 17:50:21 snort snort[1414]: IMAP Memcap: 838860 Aug 27 17:50:21 snort snort[1414]: MIME Max Mem: 838860 Aug 27 17:50:21 snort snort[1414]: Base64 Decoding: Enabled Aug 27 17:50:21 snort snort[1414]: Base64 Decoding Depth: Unlimited Aug 27 17:50:21 snort snort[1414]: Quoted-Printable Decoding: Enabled Aug 27 17:50:21 snort snort[1414]: Quoted-Printable Decoding Depth: Unlimited Aug 27 17:50:21 snort snort[1414]: Unix-to-Unix Decoding: Enabled Aug 27 17:50:21 snort snort[1414]: Unix-to-Unix Decoding Depth: Unlimited Aug 27 17:50:21 snort snort[1414]: Non-Encoded MIME attachment Extraction: Enabled Aug 27 17:50:21 snort snort[1414]: Non-Encoded MIME attachment Extraction Depth: Unlimited Aug 27 17:50:21 snort snort[1414]: POP Config: Aug 27 17:50:21 snort snort[1414]: Ports: 110 Aug 27 17:50:21 snort snort[1414]: POP Memcap: 838860 Aug 27 17:50:21 snort snort[1414]: MIME Max Mem: 838860 Aug 27 17:50:21 snort snort[1414]: Base64 Decoding: Enabled Aug 27 17:50:21 snort snort[1414]: Base64 Decoding Depth: Unlimited Aug 27 17:50:21 snort snort[1414]: Quoted-Printable Decoding: Enabled Aug 27 17:50:21 snort snort[1414]: Quoted-Printable Decoding Depth: Unlimited Aug 27 17:50:21 snort snort[1414]: Unix-to-Unix Decoding: Enabled Aug 27 17:50:21 snort snort[1414]: Unix-to-Unix Decoding Depth: Unlimited Aug 27 17:50:21 snort snort[1414]: Non-Encoded MIME attachment Extraction: Enabled Aug 27 17:50:21 snort snort[1414]: Non-Encoded MIME attachment Extraction Depth: Unlimited Aug 27 17:50:21 snort snort[1414]: Modbus config: Aug 27 17:50:21 snort snort[1414]: Ports: Aug 27 17:50:21 snort snort[1414]: 502 Aug 27 17:50:21 snort snort[1414]: Aug 27 17:50:21 snort snort[1414]: DNP3 config: Aug 27 17:50:21 snort snort[1414]: Memcap: 262144 Aug 27 17:50:21 snort snort[1414]: Check Link-Layer CRCs: ENABLED Aug 27 17:50:21 snort snort[1414]: Ports: Aug 27 17:50:21 snort snort[1414]: 20000 Aug 27 17:50:21 snort snort[1414]: Aug 27 17:50:21 snort snort[1414]: Reputation config: Aug 27 17:50:21 snort snort[1414]: WARNING: Can't find any whitelist/blacklist entries. Reputation Preprocessor disabled. Aug 27 17:50:21 snort snort[1414]: Aug 27 17:50:21 snort snort[1414]: +++++++++++++++++++++++++++++++++++++++++++++++++++ Aug 27 17:50:21 snort snort[1414]: Initializing rule chains... Aug 27 17:50:22 snort snort[1414]: 5125 Snort rules read Aug 27 17:50:22 snort snort[1414]: 5125 detection rules Aug 27 17:50:22 snort snort[1414]: 0 decoder rules Aug 27 17:50:22 snort snort[1414]: 0 preprocessor rules Aug 27 17:50:22 snort snort[1414]: 5125 Option Chains linked into 228 Chain Headers Aug 27 17:50:22 snort snort[1414]: 0 Dynamic rules Aug 27 17:50:22 snort snort[1414]: +++++++++++++++++++++++++++++++++++++++++++++++++++ Aug 27 17:50:22 snort snort[1414]: Aug 27 17:50:23 snort snort[1414]: +-------------------[Rule Port Counts]--------------------------------------- Aug 27 17:50:23 snort snort[1414]: | tcp udp icmp ip Aug 27 17:50:23 snort snort[1414]: | src 1737 7 0 0 Aug 27 17:50:23 snort snort[1414]: | dst 2679 594 0 0 Aug 27 17:50:23 snort snort[1414]: | any 104 2 3 0 Aug 27 17:50:23 snort snort[1414]: | nc 14 0 0 0 Aug 27 17:50:23 snort snort[1414]: | s+d 1 1 0 0 Aug 27 17:50:23 snort snort[1414]: +---------------------------------------------------------------------------- Aug 27 17:50:23 snort snort[1414]: Aug 27 17:50:23 snort snort[1414]: +-----------------------[detection-filter-config]------------------------------ Aug 27 17:50:23 snort snort[1414]: | memory-cap : 1048576 bytes Aug 27 17:50:23 snort snort[1414]: +-----------------------[detection-filter-rules]------------------------------- Aug 27 17:50:23 snort snort[1414]: ------------------------------------------------------------------------------- Aug 27 17:50:23 snort snort[1414]: Aug 27 17:50:23 snort snort[1414]: +-----------------------[rate-filter-config]----------------------------------- Aug 27 17:50:23 snort snort[1414]: | memory-cap : 1048576 bytes Aug 27 17:50:23 snort snort[1414]: +-----------------------[rate-filter-rules]------------------------------------ Aug 27 17:50:23 snort snort[1414]: | none Aug 27 17:50:23 snort snort[1414]: ------------------------------------------------------------------------------- Aug 27 17:50:23 snort snort[1414]: Aug 27 17:50:23 snort snort[1414]: +-----------------------[event-filter-config]---------------------------------- Aug 27 17:50:23 snort snort[1414]: | memory-cap : 1048576 bytes Aug 27 17:50:23 snort snort[1414]: +-----------------------[event-filter-global]---------------------------------- Aug 27 17:50:23 snort snort[1414]: +-----------------------[event-filter-local]----------------------------------- Aug 27 17:50:23 snort snort[1414]: | none Aug 27 17:50:23 snort snort[1414]: +-----------------------[suppression]------------------------------------------ Aug 27 17:50:23 snort snort[1414]: | none Aug 27 17:50:23 snort snort[1414]: ------------------------------------------------------------------------------- Aug 27 17:50:23 snort snort[1414]: Rule application order: activation->dynamic->pass->drop->sdrop->reject->alert->log Aug 27 17:50:23 snort snort[1414]: Verifying Preprocessor Configurations! Aug 27 17:50:23 snort snort[1414]: ICMP tracking disabled, no ICMP sessions allocated Aug 27 17:50:23 snort snort[1414]: IP tracking disabled, no IP sessions allocated Aug 27 17:50:23 snort snort[1414]: WARNING: flowbits key 'acunetix-scan' is set but not ever checked. Aug 27 17:50:23 snort snort[1414]: WARNING: flowbits key 'kit.blackhole' is set but not ever checked. Aug 27 17:50:23 snort snort[1414]: WARNING: flowbits key 'ssl_handshake' is set but not ever checked. Aug 27 17:50:23 snort snort[1414]: WARNING: flowbits key 'file.dmg' is checked but not ever set. Aug 27 17:50:23 snort snort[1414]: WARNING: flowbits key 'file.msi' is set but not ever checked. Aug 27 17:50:23 snort snort[1414]: WARNING: flowbits key 'file.fpx' is set but not ever checked. Aug 27 17:50:23 snort snort[1414]: WARNING: flowbits key 'tlsv1.0_handshake' is set but not ever checked. Aug 27 17:50:23 snort snort[1414]: WARNING: flowbits key 'tlsv1.2_handshake' is set but not ever checked. Aug 27 17:50:23 snort snort[1414]: WARNING: flowbits key 'file.htc' is set but not ever checked. Aug 27 17:50:23 snort snort[1414]: WARNING: flowbits key 'file.wri' is set but not ever checked. Aug 27 17:50:23 snort snort[1414]: WARNING: flowbits key 'file.hhk' is set but not ever checked. Aug 27 17:50:23 snort snort[1414]: WARNING: flowbits key 'tlsv1.1_handshake' is set but not ever checked. Aug 27 17:50:23 snort snort[1414]: WARNING: flowbits key 'spyrat_bd' is set but not ever checked. Aug 27 17:50:23 snort snort[1414]: WARNING: flowbits key 'file.zip.winrar.spoof' is set but not ever checked. Aug 27 17:50:23 snort snort[1414]: WARNING: flowbits key 'imap.cram_md5' is set but not ever checked. Aug 27 17:50:23 snort snort[1414]: WARNING: flowbits key 'file.lanman' is set but not ever checked. Aug 27 17:50:23 snort snort[1414]: WARNING: flowbits key 'file.xfdl' is set but not ever checked. Aug 27 17:50:23 snort snort[1414]: WARNING: flowbits key 'file.vwr' is set but not ever checked. Aug 27 17:50:23 snort snort[1414]: WARNING: flowbits key 'file.ram' is checked but not ever set. Aug 27 17:50:23 snort snort[1414]: WARNING: flowbits key 'hornet.2' is set but not ever checked. Aug 27 17:50:23 snort snort[1414]: 130 out of 1024 flowbits in use. Aug 27 17:50:29 snort snort[1414]: Aug 27 17:50:29 snort snort[1414]: [ Port Based Pattern Matching Memory ] Aug 27 17:50:29 snort snort[1414]: +- [ Aho-Corasick Summary ] ------------------------------------- Aug 27 17:50:29 snort snort[1414]: | Storage Format : Full-Q Aug 27 17:50:29 snort snort[1414]: | Finite Automaton : DFA Aug 27 17:50:29 snort snort[1414]: | Alphabet Size : 256 Chars Aug 27 17:50:29 snort snort[1414]: | Sizeof State : Variable (1,2,4 bytes) Aug 27 17:50:29 snort snort[1414]: | Instances : 162 Aug 27 17:50:29 snort snort[1414]: | 1 byte states : 152 Aug 27 17:50:29 snort snort[1414]: | 2 byte states : 10 Aug 27 17:50:29 snort snort[1414]: | 4 byte states : 0 Aug 27 17:50:29 snort snort[1414]: | Characters : 94220 Aug 27 17:50:29 snort snort[1414]: | States : 72484 Aug 27 17:50:29 snort snort[1414]: | Transitions : 7893243 Aug 27 17:50:29 snort snort[1414]: | State Density : 42.5% Aug 27 17:50:29 snort snort[1414]: | Patterns : 5159 Aug 27 17:50:29 snort snort[1414]: | Match States : 5800 Aug 27 17:50:29 snort snort[1414]: | Memory (MB) : 37.42 Aug 27 17:50:29 snort snort[1414]: | Patterns : 0.57 Aug 27 17:50:29 snort snort[1414]: | Match Lists : 1.26 Aug 27 17:50:29 snort snort[1414]: | DFA Aug 27 17:50:29 snort snort[1414]: | 1 byte states : 0.94 Aug 27 17:50:29 snort snort[1414]: | 2 byte states : 34.36 Aug 27 17:50:29 snort snort[1414]: | 4 byte states : 0.00 Aug 27 17:50:29 snort snort[1414]: +---------------------------------------------------------------- Aug 27 17:50:29 snort snort[1414]: [ Number of patterns truncated to 20 bytes: 318 ] Aug 27 17:50:29 snort snort[1414]: pcap DAQ configured to passive. Aug 27 17:50:29 snort snort[1414]: Acquiring network traffic from "enp0s3". Aug 27 17:50:29 snort snort[1414]: Initializing daemon mode Aug 27 17:50:29 snort snort[1415]: Daemon initialized, signaled parent pid: 1414 Aug 27 17:50:29 snort snort[1415]: Reload thread starting... Aug 27 17:50:29 snort snort[1415]: Reload thread started, thread 0x7fee608f3700 (1416) Aug 27 17:50:29 snort snort[1415]: Decoding Ethernet Aug 27 17:50:29 snort snort[1415]: Checking PID path... Aug 27 17:50:29 snort snort[1415]: PID path stat checked out ok, PID path set to /var/run/ Aug 27 17:50:29 snort snort[1415]: Writing PID "1415" to file "/var/run//snort_enp0s3.pid" Aug 27 17:50:29 snort kernel: device enp0s3 entered promiscuous mode Aug 27 17:50:29 snort snort[1415]: Set gid to 40000 Aug 27 17:50:29 snort snort[1415]: Set uid to 40000 Aug 27 17:50:29 snort snort[1415]: Aug 27 17:50:29 snort snort[1415]: --== Initialization Complete ==-- Aug 27 17:50:29 snort snort[1415]: Commencing packet processing (pid=1415) When I check status I get following [root@snort bin]# ./snort status Running in packet dump mode --== Initializing Snort ==-- Initializing Output Plugins! Snort BPF option: status pcap DAQ configured to passive. Acquiring network traffic from "enp0s3". ERROR: Can't set DAQ BPF filter to 'status' (pcap_daq_set_filter: pcap_compile: syntax error)! Fatal Error, Quitting.. How do I fix this issue? Sharif Uddin Development/Support Engineer ------------------- Spectrum Geo Ltd Dukes Court, Duke Street Woking, Surrey GU21 5BH UNITED KINGDOM Tel: +44 (0) 1483 730201 Fax: +44 (0) 1483 762620 www.spectrumasa.com<http://www.spectrumasa.com/> IMPORTANT - This message and any attached files contain information intended for the exclusive use of the party or parties to whom it is addressed and may contain information that is proprietary, privileged, confidential and/or exempt from disclosure under applicable law. If you are not an intended recipient, you are hereby notified that any viewing, copying, disclosure or distribution of this information may be subject to legal restriction or sanction. Please notify the sender immediately and delete the original message without making any copies. Copyright in this email and any attachments belong to Spectrum Geo Limited. We cannot guarantee the security or confidentiality of email communications. We do not accept any liability for losses or damages that you may suffer as a result of your receipt of this email. Email communication with Spectrum Geo Ltd., may be monitored as permitted by UK legislation. Spectrum Geo Limited, is a limited company registered in England and Wales. Registered number: 1979422. Registered office: 95 Aldwych, London WC2B 4JF. ------------------------------------------------------------------------------ Slashdot TV. Video for Nerds. Stuff that matters. http://tv.slashdot.org/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net<mailto:Snort-users () lists sourceforge net> Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news! -- Robert Millott President, Millott and Associates (443) 255-3588 IMPORTANT - This message and any attached files contain information intended for the exclusive use of the party or parties to whom it is addressed and may contain information that is proprietary, privileged, confidential and/or exempt from disclosure under applicable law. If you are not an intended recipient, you are hereby notified that any viewing, copying, disclosure or distribution of this information may be subject to legal restriction or sanction. Please notify the sender immediately and delete the original message without making any copies. Copyright in this email and any attachments belong to Spectrum Geo Limited. We cannot guarantee the security or confidentiality of email communications. We do not accept any liability for losses or damages that you may suffer as a result of your receipt of this email. Email communication with Spectrum Geo Ltd., may be monitored as permitted by UK legislation. Spectrum Geo Limited, is a limited company registered in England and Wales. Registered number: 1979422. Registered office: 95 Aldwych, London WC2B 4JF.
------------------------------------------------------------------------------ Slashdot TV. Video for Nerds. Stuff that matters. http://tv.slashdot.org/
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- installation help Sharif Uddin (Aug 27)
- Re: installation help Robert Millott (Aug 27)
- Re: installation help Sharif Uddin (Aug 27)
- Re: installation help Robert Millott (Aug 27)
- Re: installation help Jeremy Hoel (Aug 27)
- Re: installation help Sharif Uddin (Aug 27)
- Re: installation help Joel Esler (jesler) (Aug 27)
- Re: installation help waldo kitty (Aug 27)
- Re: installation help Sharif Uddin (Aug 28)
- Re: installation help Sharif Uddin (Aug 28)
- Re: installation help Sharif Uddin (Aug 28)
- <Possible follow-ups>
- Re: installation help Scott Finlon (Aug 27)
- Re: installation help Robert Millott (Aug 27)