[RGSPAM] RE: [Snort-users] Snort Beta v2.6

Jason Brvenik jasonb at ...1935...
Mon Mar 20 18:02:02 EST 2006


response inline.

Ron Jenkins wrote:

> I got it to load with the following; thanks Jason:
>
Good to hear. Happy to help.

>  
>
> /usr/local/bin/snort -e -i eth1 -d -c /etc/snort/snort.conf -l
> /var/log/snort --dynamic-preprocessor-lib
> /usr/local/lib/snort_dynamicpreprocessor/libsf_ftptelnet_preproc.so 
> --dynamic-preprocessor-lib
> /usr/local/lib/snort_dynamicpreprocessor/libsf_smtp_preproc.so
>
>  
>
>  
>
> Does anyone know what these messages refer too?
>
>  
>
> /Warning: flowbits key 'http.jpeg' is checked but not ever set./
>
> /Warning: flowbits key 'ms_sql_seen_dns' is checked but not ever set./
>
> /Warning: flowbits key 'dce.bind.veritas' is set but not ever checked./
>
> /Warning: flowbits key 'netbios.lsass.bind.attempt' is checked but not
> ever set./
>
> /Warning: flowbits key 'dce.isystemactivator.bind.call.attempt' is set
> but not ever checked./
>
> /Warning: flowbits key 'trojan' is set but not ever checked./
>
> /Warning: flowbits key 'realplayer.playlist' is checked but not ever set./
>
These indicate that some rules set or check flowbits but there are no
rules which set or check them. This is normal from time to time as bits
are often set for future checks, for rule chains that may be disabled,
or for rules that have been moved out. If these are never checked the
rules that set them are _usually_ safe to disable as well.

> //
>
>  
>
> /Not Using PCAP_FRAMES/
>
>  
>
You are not using a setting that can help with performance.

http://www.snort.org/docs/snort_htmanuals/htmanual_2.4/rc1/node27.html






More information about the Snort-users mailing list