[Snort-users] Snort-1.9 on OBSD-3.2

bthaler at ...2720... bthaler at ...2720...
Tue Jan 28 06:36:04 EST 2003

Here's some more detail:

Command Line = /usr/local/bin/snort -c /etc/snort/snort.conf -i xl0 -D (same
as Snort-1.8.7)

Here's my preprocessors (pretty much default, as I haven't tweaked this
install yet)
preprocessor frag2
preprocessor stream4: disable_evasion_alerts, ttl_limit 0
preprocessor stream4_reassemble: noalerts
preprocessor http_decode: 80 unicode iis_alt_unicode double_encode
iis_flip_slash full_whitespace
preprocessor rpc_decode: 111 32771
preprocessor conversation: allowed_ip_protocols all, timeout 60,
max_conversations 32000
preprocessor portscan2: scanners_max 3200, targets_max 5000, target_limit 5,
port_limit 20, timeout 60

And the output plugin (again this was working fine with Snort-1.8.7)
output database: log, mysql, user=snort dbname=snort password=snort
host= sensor_name=Webstream

Since my first message, I have built Snort-1.8.7 and it's running smoothly
(so far).


Brad Thaler
Technical Support
WebStream Internet Solutions

bthaler at ...2720...
(954) 730-7405 Help Desk
(954) 733-7067 Fax
*** For further assistance you can go to http://helpdesk.webstream.net
where you can find most of the answers you need.

WebStream accepts no liability for the content of this email, or for the
consequences of any actions taken on the basis of the information provided,
unless that information is subsequently confirmed in writing. Any views or
opinions presented in this email are solely those of the author and do not
necessarily represent those of WebStream. WARNING: Computer viruses can be
transmitted via email. The recipient should check this email and any
attachments for the presence of viruses. WebStream accepts no liability for
any damage caused by any virus transmitted by this email.
----- Original Message -----
From: "Gonzalez, Albert" <albert.gonzalez at ...7950...>
To: <bthaler at ...2720...>; <snort-users at lists.sourceforge.net>
Sent: Tuesday, January 28, 2003 9:21 AM
Subject: RE: [Snort-users] Snort-1.9 on OBSD-3.2

> well, you aren't providing much detail.
> I was running Snort 1.9.0 with OBSD 3.1
> and upgraded my system to 3.2 without any
> problems.
> What exactly does your setup look like?
> What commands are you passing on the command line?
> what preprocessors are you running?
> etc.....
> Cheers!
> ---
> Alberto Gonzalez
> EDS - Global Security Operations Center
> Security and Privacy Professional Servics
> -----Original Message-----
> From: bthaler at ...2720... [mailto:bthaler at ...2720...]
> Sent: Tuesday, January 28, 2003 9:03 AM
> To: snort-users at lists.sourceforge.net
> Subject: [Snort-users] Snort-1.9 on OBSD-3.2
> Is anyone else running Snort-1.9 on OpenBSD-3.2?
> I recently upgraded my OBSD-3.1 running Snort-1.8 to OBSD-3.2 running
> Snort-1.9, and now the entire OS crashes, but only if Snort is running.  I
> made the mistake of upgrading both Snort and OBSD at the same time, so I'm
> not exactly sure which of these is causing the problem.
> I do know that Snort-1.8 was running fine on OBSD-3.1.  I also know that
> with the same rules enabled, Snort-1.9 has about 30% packet loss, while
> Snort-1.8 only gave me 1%.
> Any ideas here?  I'm probably going to remove Snort-1.9 and go back to 1.8
> due to the packet loss issue, unless someone has a better idea.
> Sincerely,
> Brad Thaler
> -------------------------------------------------------
> This SF.NET email is sponsored by:
> SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
> http://www.vasoftware.com
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

More information about the Snort-users mailing list