Snort mailing list archives
Re: Snort-users Digest, Vol 93, Issue 9
From: Aditya Prakash <adipra90 () gmail com>
Date: Wed, 12 Feb 2014 10:12:15 +0530
hi all can any one tell how to trim the snort alert output tht is timestamp parameter trimming. i just want the timestamp in the format date ,time in hr min sec.. i do not require milisecond field in time stamp parameter aditya On Tue, Feb 11, 2014 at 4:24 PM, <snort-users-request () lists sourceforge net>wrote:
Send Snort-users mailing list submissions to snort-users () lists sourceforge net To subscribe or unsubscribe via the World Wide Web, visit https://lists.sourceforge.net/lists/listinfo/snort-users or, via email, send a message with subject or body 'help' to snort-users-request () lists sourceforge net You can reach the person managing the list at snort-users-owner () lists sourceforge net When replying, please edit your Subject line so it is more specific than "Re: Contents of Snort-users digest..." When responding, please don't respond with the entire Digest. Please trim your response. Today's Topics: 1. Snort 2.9.6.0 rpm for RHEL6.x (Feroz Basir) 2. Re: Snort 2.9.6.0 rpm for RHEL6.x (Jeremy Hoel) 3. Re: Snort 2.9.6.0 rpm for RHEL6.x (waldo kitty) 4. Events vs. Alerts (Thomas Hyslip) 5. Snort vs. Barnyard2 performance logging to a database (Dubrawsky, Ido) ---------------------------------------------------------------------- Message: 1 Date: Tue, 11 Feb 2014 02:59:37 +0800 From: Feroz Basir <feroz.basir () gmail com> Subject: [Snort-users] Snort 2.9.6.0 rpm for RHEL6.x To: snort-users () lists sourceforge net Message-ID: <85C4F71B-FF24-4D46-96EB-83C0D160633C () gmail com> Content-Type: text/plain; charset=us-ascii Hi All, Where can I download snort rpm for rhel6.x? Website only for centos and fedora. Thanks. Regards, Feroz Basir ------------------------------ Message: 2 Date: Mon, 10 Feb 2014 19:04:25 +0000 From: Jeremy Hoel <jthoel () gmail com> Subject: Re: [Snort-users] Snort 2.9.6.0 rpm for RHEL6.x To: Feroz Basir <feroz.basir () gmail com> Cc: "snort-users () lists sourceforge net" <snort-users () lists sourceforge net> Message-ID: <CAH_p-VPV50Ear5tKZO96CCXLf9bv= F1oR73Q0AnHy3523FA7kg () mail gmail com> Content-Type: text/plain; charset=ISO-8859-1 CentOS is basically RedHat without the RedHat logos and it should be binary compatable (minus stupid scripts looking for the words RedHat somewhere). Have you tried using the CentOS build? We run CentOS, but we build ours from source. On Mon, Feb 10, 2014 at 6:59 PM, Feroz Basir <feroz.basir () gmail com> wrote:Hi All, Where can I download snort rpm for rhel6.x? Website only for centos andfedora.Thanks. Regards, Feroz Basir------------------------------------------------------------------------------Androi apps run on BlackBerry 10 Introducing the new BlackBerry 10.2.1 Runtime for Android apps. Now with support for Jelly Bean, Bluetooth, Mapview and more. Get your Android app in front of a whole new audience. Start now.http://pubads.g.doubleclick.net/gampad/clk?id=124407151&iu=/4140/ostg.clktrk_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latestSnort news! ------------------------------ Message: 3 Date: Mon, 10 Feb 2014 18:45:07 -0500 From: waldo kitty <wkitty42 () windstream net> Subject: Re: [Snort-users] Snort 2.9.6.0 rpm for RHEL6.x To: snort-users () lists sourceforge net Message-ID: <52F96483.30406 () windstream net> Content-Type: text/plain; charset=UTF-8; format=flowed On 2/10/2014 1:59 PM, Feroz Basir wrote:Where can I download snort rpm for rhel6.x? Website only for centos and fedora.you are better off to build from the sources so you get the latest version... rpms are very likely to be out of date and their snort no longer supported due to EoL status... that means that you can't get rules for old versions, too... -- NOTE: No off-list assistance is given without prior approval. Please keep mailing list traffic on the list unless private contact is specifically requested and granted. ------------------------------ Message: 4 Date: Mon, 10 Feb 2014 19:32:41 -0500 From: Thomas Hyslip <thomas.hyslip () gmail com> Subject: [Snort-users] Events vs. Alerts To: snort-users () lists sourceforge net Message-ID: <CALhgiWhJCCftw= RUz+9vy3W0gnZnA8UXB4gpsYNd1baeeueQug () mail gmail com> Content-Type: text/plain; charset="iso-8859-1" not quite sure i understand the difference between an event and and alert. I have a threshold within a rule for 25 syn packets every second (ddos) egressing the network. I have tried different pcaps with tcpreplay to test the rule. When i know there are more than 25 syn packets within a second, i see the alerts in barnyard2 and afterwards when i stop snort. But, when I'm sure there are not 25 syns in one second, i get no alerts, but after stopping snort and barnyard, i see events were logged or filtered. so, I am little confused what Snort means be an event that is not an alert. Also, FYI, I have no other rules or pre-processors running. Here is the output from snort =============================================================================== Action Stats: Alerts: 0 ( 0.000%) Logged: 0 ( 0.000%) Passed: 0 ( 0.000%) Limits: Match: 0 Queue: 0 Log: 0 Event: 241 Alert: 0 Verdicts: Allow: 722528 (100.000%) Block: 0 ( 0.000%) Replace: 0 ( 0.000%) Whitelist: 0 ( 0.000%) Blacklist: 0 ( 0.000%) Ignore: 0 ( 0.000%) =============================================================================== +-----------------------[filtered events]-------------------------------------- | gen-id=1 sig-id=1000001 type=Threshold tracking=src count=25 seconds=1 filtered=241 Any idea what the 241 event and filtered could be? Thanks Tom -------------- next part -------------- An HTML attachment was scrubbed... ------------------------------ Message: 5 Date: Tue, 11 Feb 2014 10:38:07 +0000 From: "Dubrawsky, Ido" <Ido.Dubrawsky () itron com> Subject: [Snort-users] Snort vs. Barnyard2 performance logging to a database To: "snort-users () lists sourceforge net" <snort-users () lists sourceforge net> Message-ID: < 68769062e01946249813eee22b925295 () BLUPR04MB722 namprd04 prod outlook com> Content-Type: text/plain; charset="us-ascii" Has anyone done any performance tests benchmarking whether its better for the Snort IDS process to insert alerts directly into a database (MySQL or PostGREsql) or whether performance is better if Snort writes the unified2 file and lets Barnyard2 insert alerts into a database? A quick Google search hasnt easily revealed anything relevant at the moment. Thanks, Ido Description: cid:image008.png@01CD8783.D34173C0 Description: Description: http://marketing.itron.com/campaign/ribbon_logo_rgb_92h.jpg < https://www.itron.com/> Ido Dubrawsky Sr. Principal Systems Engineer Security Engineering Team Lead Ido.Dubrawsky () itron com <mailto:Ido.Dubrawsky () itron com> 509-891-3452 (O)/301-928-0020(M) Description: Description: http://marketing.itron.com/campaign/social_media_icon_twitter29.jpg < http://twitter.com/#!/itron> Description: Description: http://marketing.itron.com/campaign/social_media_icon_facebook29.jpg < http://www.facebook.com/ItronInc> Description: Description: http://marketing.itron.com/campaign/social_media_icon_linkedin29.jpg < http://www.linkedin.com/company/7550?trk=null> Description: Description: http://marketing.itron.com/campaign/social_media_icon_youtube29.jpg < http://www.youtube.com/itronsmartmedia> P Please consider the impact to the environment and your responsibility before printing this e-mail. -------------- next part -------------- An HTML attachment was scrubbed... -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/png Size: 124 bytes Desc: not available -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/jpeg Size: 4585 bytes Desc: not available -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/jpeg Size: 1675 bytes Desc: not available -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/jpeg Size: 1586 bytes Desc: not available -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/jpeg Size: 1696 bytes Desc: not available -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/jpeg Size: 1656 bytes Desc: not available -------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 476 bytes Desc: not available ------------------------------ ------------------------------------------------------------------------------ Android apps run on BlackBerry 10 Introducing the new BlackBerry 10.2.1 Runtime for Android apps. Now with support for Jelly Bean, Bluetooth, Mapview and more. Get your Android app in front of a whole new audience. Start now. http://pubads.g.doubleclick.net/gampad/clk?id=124407151&iu=/4140/ostg.clktrk ------------------------------ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-users End of Snort-users Digest, Vol 93, Issue 9 ******************************************
-- Aditya prakash(SDDE)
------------------------------------------------------------------------------ Android apps run on BlackBerry 10 Introducing the new BlackBerry 10.2.1 Runtime for Android apps. Now with support for Jelly Bean, Bluetooth, Mapview and more. Get your Android app in front of a whole new audience. Start now. http://pubads.g.doubleclick.net/gampad/clk?id=124407151&iu=/4140/ostg.clktrk
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Re: Snort-users Digest, Vol 93, Issue 9 Aditya Prakash (Feb 11)