[Snort-devel] Re: No stats

Martin Olsson elof at ...969...
Thu May 15 22:23:06 EDT 2003


On Fri, 16 May 2003, Eric Lauzon wrote:
> Have you tried
> ./configure --enable-debug
> ?

Yes. No change. Just a lot of debugging information. The info &
stats are still missing.

Here's the output with --enable-debug:


./snort-2.0.0-mysql-3.23.49-debug -c /usr/sentor/etc/snort.conf -l /usr/sentor/log -u snort -g snort -T
Stdout:
Running in IDS mode
Log directory = /usr/sentor/log

Initializing Network Interface ed1

        --== Initializing Snort ==--
Initializing Output Plugins!
Decoding Ethernet on interface ed1
Initializing Preprocessors!
Initializing Plug-ins!
Plugin: TcpWinCheckInit Initialized
-------------------------------------------------
 Keyword     |       Preprocessor @
-------------------------------------------------
http_decode  :       0x8085b70
http_decode_ignore:       0x8085cbc
portscan     :       0x8088600
portscan-ignorehosts:       0x808918c
rpc_decode   :       0x8089800
bo           :       0x80830dc
telnet_decode:       0x8092f04
stream4      :       0x808b3b8
stream4_reassemble:       0x808bf20
frag2        :       0x8083bac
arpspoof     :       0x8082d28
arpspoof_detect_host:       0x8082e8c
conversation :       0x80948c0
portscan2    :       0x8097938
portscan2-ignorehosts:       0x8096260
portscan2-ignoreports-from:       0x80966f4
portscan2-ignoreports-to:       0x8096718
HttpFlow     :       0x80934fc
PerfMonitor  :       0x8093b04
-------------------------------------------------

-------------------------------------------------
 Keyword     |      Plugin Registered @
-------------------------------------------------
content      :      0x807c7e8
content-list :      0x807c708
offset       :      0x807c948
depth        :      0x807caa4
nocase       :      0x807cbd8
rawbytes     :      0x807ccac
regex        :      0x807cfdc
uricontent   :      0x807c898
distance     :      0x807cd14
within       :      0x807ce78
flags        :      0x807f590
itype        :      0x807a4cc
icode        :      0x8079d54
ttl          :      0x80801b4
id           :      0x807b0e4
ack          :      0x807f3c4
seq          :      0x807fd08
dsize        :      0x80797e4
ipopts       :      0x807bb80
rpc          :      0x807e54c
icmp_id      :      0x807a00c
icmp_seq     :      0x807a26c
session      :      0x807ec38
tos          :      0x807b8a4
fragbits     :      0x807a7ac
fragoffset   :      0x807acfc
window       :      0x807fec0
ip_proto     :      0x807b2fc
sameip       :      0x807b66c
flow         :      0x80807a8
byte_test    :      0x8080fa0
byte_jump    :      0x8081ba0
-------------------------------------------------

-------------------------------------------------
 Keyword     |          Output @
-------------------------------------------------
alert_syslog :       0x8072260
log_tcpdump  :       0x8076fd8
database     :       0x8073f94
alert_fast   :       0x807161c
alert_full   :       0x8071cd8
alert_unixsock:       0x8072d78
alert_CSV    :       0x80731f0
log_null     :       0x8076efc
log_unified  :       0x80786b4
alert_unified:       0x80783f0
unified      :       0x8077634
log_ascii    :       0x8078cfc
-------------------------------------------------

Parsing Rules file /usr/sentor/etc/snort.conf

+++++++++++++++++++++++++++++++++++++++++++++++++++
Initializing rule chains...
Found logdir config directive (/usr/sentor/log)

Initializing Network Interface ed1






syslog:
/kernel: ed1: promiscuous mode enabled
/kernel: ed1: promiscuous mode disabled
/kernel: ed1: promiscuous mode enabled
snort: http_decode arguments:
snort:     Unicode decoding
snort:     IIS alternate Unicode decoding
snort:     IIS double encoding vuln
snort:     Flip backslash to slash
snort:     Include additional whitespace separators
snort:     Ports to decode http on: 80
snort: rpc_decode arguments:
snort:     Ports to decode RPC on: 111 32771
snort:     alert_fragments: INACTIVE
snort:     alert_large_fragments: ACTIVE
snort:     alert_incomplete: ACTIVE
snort:     alert_multiple_requests: ACTIVE
snort: telnet_decode arguments:
snort:     Ports to decode telnet on: 21 23 25 119
snort: Conversation Config:
snort:    KeepStats: 0
snort:    Conv Count: 3000
snort:    Timeout   : 60
snort:    Alert Odd?: 0
snort:    Allowed IP Protocols:
snort:  All
snort:
snort: Portscan2 config:
snort:     log: /usr/sentor/log/snort.portscan
snort:     scanners_max: 256
snort:     targets_max: 1024
snort:     target_limit: 5
snort:     port_limit: 20
snort:     timeout: 60
snort: [**] Rule start
snort: Rule id: trapdb
snort: Rule type:
snort: Alert
snort: [**] Rule start
snort: Rule id: trapdb
snort: Rule type:
snort: Alert
snort: [**] Rule start
snort: Rule id: trapdb
snort: Rule type:
snort: Alert
snort: [**] Rule start
snort: Rule id: trapdb
snort: Rule type:
snort: Alert
snort: [**] Rule start
snort: Rule id: trapdb
snort: Rule type:
snort: Alert
snort: [**] Rule start
snort: Rule id: trapdb
snort: Rule type:
snort: Alert
snort: [**] Rule start
snort: Rule id: trapdb
snort: Rule type:
snort: Alert
snort: [**] Rule start
snort: Rule id: trapdb
snort: Rule type:
snort: Alert
snort: [**] Rule start
snort: Rule id: trapdb
snort: Rule type:
snort: Alert
snort: [**] Rule start
snort: Rule id: trapdb
snort: Rule type:
snort: Alert
snort: [**] Rule start
snort: Rule id: trapdb
snort: Rule type:
snort: Alert
snort: [**] Rule start
snort: Rule id: trapdb
snort: Rule type:
snort: Alert
snort:  Snort sucessfully loaded all rules and checked all rule chains!
/kernel: ed1: promiscuous mode disabled
snort: Snort exiting







More information about the Snort-devel mailing list