mailing list archives
Re: MySQL support for Snort 2.9.4
From: waldo kitty <wkitty42 () windstream net>
Date: Wed, 12 Dec 2012 09:10:55 -0500
On 12/11/2012 16:26, Kaya Saman wrote:
I still get the flow bit errors as PP from above only enabled 24.
PP's flowbit resolving only goes one way...
if a rule checks for a flowbit, PP will enable the rule(s) that set that
flowbit... this fixes the "flowbit is checked but never set" warning...
if a rule sets a flowbit and there are no rules to check it, PP will not enable
those checking rules... snort will still alert that "flowbit is set but never
checked"... this is something manual that you will have to handle by either
turning off that rule or turning on at least one of those that checks that
In the log file I noticed that I got a bunch of "unkown message" entries so I
don't know if that's got anything to do with it?
we'd have to see a log snippet of what you are talking about...
Using the -k none option as suggested previously I don't get any more 'Bad chck
sum' errors but I still don't get anything logged either?
how is snort connected to the traffic flow? thru a span port or a switch or hub?
Previously when I used version 2.8.6 with the Emerging Threats ruleset even when
run for a few seconds Base would just spike with occurrences, mainly for p2p
Basically it's still not working :-(
yup, something's just not right yet...
the biggest change between 2.8.6 and 2.9 is the use of the DAQ stuff... that and
the removal of the database output stuff... however, there is something about
this logging thing that is problematic... i see it quite often on new
installations of our packaged environment... several times we've thought we've
found the definitive answer to fix it but while it works for some, it doesn't
for others... and then another fix will work for them but there are still more
how are not getting logging... we're still looking at it in our stuff since we
are including snort in our packaged environment and folks come to us for help
with it... one day we will find it...
LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial
Remotely access PCs and mobile devices and provide instant support
Improve your efficiency, and focus on delivering more value-add services
Discover what IT Professionals Know. Rescue delivers
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:
Please visit http://blog.snort.org to stay current on all the latest Snort news!
Re: MySQL support for Snort 2.9.4 Michael Steele (Dec 11)