mailing list archives
Re: MySQL support for Snort 2.9.4
From: Joel Esler <jesler () sourcefire com>
Date: Tue, 11 Dec 2012 16:41:06 -0500
On Tue, Dec 11, 2012 at 09:26:55PM +0000, Kaya Saman wrote:
On 12/11/2012 07:11 PM, Joel Esler wrote:
You aren't generating any alerts because of:
On Dec 11, 2012, at 2:06 PM, Kaya Saman <kayasaman () gmail com
<mailto:kayasaman () gmail com>> wrote:
Bad Chk Sum: 9421212 ( 50.311%)
Try adding -k none to your Snort command line and see if you get
anything logged that way.
Alerts: 0 ( 0.000%)
Logged: 0 ( 0.000%)
Passed: 0 ( 0.000%)
See, nothing alerted.
you might want to use PulledPork to manage your ruleset, as it
looks like you have a bunch of unresolved flowbit issues.
I used PulledPork but it didn't get any of the *.rules files that
are in the tar.gz file. I manually added them in then ran PP again
out of which I got:
Setting Flowbit State....
Enabled 23 flowbits
Enabled 1 flowbits
I still get the flow bit errors as PP from above only enabled 24.
In the log file I noticed that I got a bunch of "unkown message"
entries so I don't know if that's got anything to do with it?
It would help if you'd post the errors you received.
Using the -k none option as suggested previously I don't get any
more 'Bad chck sum' errors but I still don't get anything logged
Well if you are evaluating all the traffic, then you might not have anything for Snort to trigger off of. But let's
keep checking to be sure.
Senior Research Engineer, VRT
OpenSource Community Manager
LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial
Remotely access PCs and mobile devices and provide instant support
Improve your efficiency, and focus on delivering more value-add services
Discover what IT Professionals Know. Rescue delivers
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:
Please visit http://blog.snort.org to stay current on all the latest Snort news!