Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: snort preprocessor reputation Shared memory load entries always 0

From: "Hui Cao (huica)" <huica () cisco com>
Date: Tue, 9 May 2017 15:49:30 +0000
Can you provide all the cofig files and also files under your “shared_mem” path?

Best,
Hui

On 5/9/17, 11:28 AM, "阔野嘹歌" <85358830 () qq com> wrote:

    Good day to all! I'm using Snort 2.9.8.3 on a Debian 8.2 virtual machine.To test reputation share memory and 
control-socket.I'm follow Snort manual 2.2.20 shared memory support.step by step.but it looks not work well.
    
    
    My config file and whait/black list file in mail attachemnts.
    The following line is my start snort command:
    ./snort -G 1 -Q --process-all-events -c ../etc/snort.conf
    
    
    The following is the output of the snort:
    .......
    ...
    Reputation config: 
        Reputation total memory usage: 0 bytes
        Reputation total entries loaded: 0, invalid: 0, re-defined: 0
        Memcap: 500 (Default) M bytes 
        Scan local network: ENABLED
        Reputation priority:  whitelist(Default) 
        Nested IP: both  
        White action: unblack (Default) 
        Shared memory supported, Update directory: /usr/reputation/iplists
        Shared memory refresh period: 60 (Default) seconds 
        Shared memory max instances: 2
    
    +++++++++++++++++++++++++++++++++++++++++++++++++++
    Initializing rule chains...
    1 Snort rules read
        0 detection rules
        0 decoder rules
        1 preprocessor rules
    1 Option Chains linked into 1 Chain Headers
    0 Dynamic rules
    +++++++++++++++++++++++++++++++++++++++++++++++++++
    
    ..........
    .....
    
    
    nfq DAQ configured to inline.
    Reload thread starting...
    Reload thread started, thread 0xa443db40 (25579)
        Reputation Preprocessor: Size of shared memory segment SFShmemMgmt.0.0 is 128
    Mapped shared management region of size 128 as a reader.
    
    ........
    .....
    
    
    It appears that the blacklist is not load into shared memory.why?
    who can tell me why?
    
    
    I am searching for a long time on net. But no use. Please help or try to give some ideas how to achieve this.
    
    I'm sorry my English is not good.sorry I am a novice.
    sorry.
    
     
    
    Can someone give me some help?
    
    Can the Chinese give me some help?in Chinese.
    
    I am a lonely self learner, if you can give me a little help , Thank you very much.
    Best regards to all!

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: