[Snort-users] The snort is stoped...!!!

Joel Esler joel.esler at ...1935...
Wed Jun 7 16:27:54 EDT 2006


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Try running it in -D (daemon) mode.
Try running it outputting to Unified, and download and install barnyard
to handle unified.
Remove the -v
Remove the -s, again, output to Unified.

Joel

Daniel Cordoba wrote:
> hello people ; a consultation ; I run the snort with the following options 
> and
> this is stoped after many hours to work.
> thanks.
> 
> snort -s -v -c /etc/snort/snort.conf -A full -X
> snort -s -v -c /etc/snort/snort.conf -A full
> snort -s -v -c /etc/snort/snort.conf
> 
> =============================================================
> 
> Snort received 740284 packets
>     Analyzed: 177368(23.959%)
>     Dropped: 562916(76.041%)
> =============================================================
> Breakdown by protocol:
> TCP: 34162      (4.615%)
> UDP: 19616      (2.650%)
> ICMP: 1653       (0.223%)
> ARP: 27542      (3.720%)
> EAPOL: 0          (0.000%)
> IPv6: 0          (0.000%)
> IPX: 12         (0.002%)
> OTHER: 5665       (0.765%)
> DISCARD: 0          (0.000%)
> =============================================================
> Action Stats:
> ALERTS: 709
> LOGGED: 709
> PASSED: 0
> =============================================================
> TCP Stream Reassembly Stats:
>     TCP Packets Used: 34161      (4.615%)
>     Stream Trackers: 1385
>     Stream flushes: 3
>     Segments used: 5
>     Stream4 Memory Faults: 0
> =============================================================
> Final Flow Statistics
> ,----[ FLOWCACHE STATS ]----------
> Memcap: 10485760 Overhead Bytes 16400 used(%3.667860)/blocks (384603/2058) 
> Overhead blocks: 1 Could Hold: (58579)
> IPV4 count: 2057 frees: 0 low_time: 1149508369, high_time: 1149516896, diff: 
> 2h:22:07s
>     finds: 55438 reversed: 18725(%33.776471)
>     find_sucess: 53381 find_fail: 2057 percent_success: (%96.289549) 
> new_flows: 2057
> Protocol: 1 (%2.981709) finds: 1653  reversed: 19(%1.149425)
> find_sucess: 1404 find_fail: 249 percent_success: (%84.936479) new_flows: 
> 249
> Protocol: 2 (%0.009019) finds: 5  reversed: 0(%0.000000)
> find_sucess: 3 find_fail: 2 percent_success: (%60.000000) new_flows: 2
> Protocol: 6 (%61.625600) finds: 34164  reversed: 18621(%54.504742)
> find_sucess: 33183 find_fail: 981 percent_success: (%97.128556) new_flows: 
> 981
> Protocol: 17 (%35.383672) finds: 19616  reversed: 85(%0.433320)
> find_sucess: 18791 find_fail: 825 percent_success: (%95.794250) new_flows: 
> 825
> Snort exiting
> 
> _________________________________________________________________
> MSN Amor: busca tu ½ naranja http://latam.msn.com/amor/
> 
> 
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 

- --
+---------------------------------------------------------------------+
Joel Esler  	     Senior Security Consultant 	1-706-627-2101
Sourcefire    Security for the /Real/ World -- http://www.sourcefire.com
Snort - Open Source Network IPS/IDS -- http://www.snort.org
GPG Key http://demo.sourcefire.com/jesler.pgp.key
+---------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFEhzbKKbCSyXHckt4RAm0rAJwKMeo4HGd7fsnCGKZk1lyb/HUu6ACgpsxZ
mkeIb1OqzP+cUhRAMgvv4UA=
=ekIB
-----END PGP SIGNATURE-----




More information about the Snort-users mailing list