Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Config Trouble

From: valentin.giraud () armaturetech com
Date: Wed, 30 Mar 2016 17:30:18 +0200
Hi snort Team,

I am trying to configure file extract ,but i am having a "weird" issue.

I downloaded 3 examples ".zip" files with firefox:
peace_essay.ZIP  peace_problem.ZIP  peace.zip

and the file extract gave GIF extension file:
***
4029FE24DC2B05D8BFB80A9027A3578C62F23380A8C1CBB8F8CE20488B64EAE0: GIF image data, version 89a, 5 x 5 8337212354871836E6763A41E615916C89BAC5B3F1F0ADF60BA43C7C806E1015: GIF image data, version 89a, 1 x 1 E16105A1ED76519D369DA7E2FF2D554FE2BE88D604D1850AA11A0D9E470E7864: GIF image data, version 89a, 20 x 19 

***
When i run snort it says :

********
File config:
    file type: ENABLED
    file signature: DISABLED (Default)
    file capture: ENABLED
    file capture directory: /var/log/snort/filestore/
    file capture disk size: 300 (Default) megabytes
    file sent to host: DISABLED (Default), port number: 0

File service: file type enabled.
File service: file capture enabled.
File service: file signature enabled.
...

...
afpacket DAQ configured to passive.
Acquiring network traffic from "eth0".
Reload thread starting...
Reload thread started, thread 0x98f32b40 (12799)
File capture thread started tid=0x98731b40 (pid=12798)

        --== Initialization Complete ==--

   ,,_     -*> Snort! <*-
  o"  )~   Version 2.9.8.0 GRE (Build 229)

...

*********
Actually, it does not work with every kind extension ( pdf do not work for example...) 

Have you any idea where i could be wrong?

I join my snort.conf file.

Regards,
Valentin.


PS: Sorry for my english in advance, i am not native.

Attachment: snort.conf
Description: 

------------------------------------------------------------------------------
Transform Data into Opportunity.
Accelerate data analysis in your applications with
Intel Data Analytics Acceleration Library.
Click to learn more.
http://pubads.g.doubleclick.net/gampad/clk?id=278785471&iu=/4140
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: