[Snort-users] Upgrade from 2.5.8.1 to 2.8.6 and no alerts!

Chambers, Richard A. (LARC-B703)[RAYTHEON TECHNICAL SERVICES COMPANY] richard.a.chambers at ...57...
Tue Apr 27 13:29:40 EDT 2010


Guys,
   Currently running version 2.8.5.1 with no issues.  Got the source code today for 2.8.6 - configed/compiled as before but seem to be having issues.  It launches with no errors but doesn't generate any alerts:

Apr 27 13:14:18 feign snort[14491]: Packet Wire Totals:
Apr 27 13:14:18 feign snort[14491]:    Received:      5887624
Apr 27 13:14:18 feign snort[14491]:    Analyzed:      5825494 (98.945%)
Apr 27 13:14:18 feign snort[14491]:     Dropped:        62115 (1.055%)
Apr 27 13:14:18 feign snort[14491]: Outstanding:           15 (0.000%)
Apr 27 13:14:18 feign snort[14491]: ===============================================================================
Apr 27 13:14:18 feign snort[14491]: Breakdown by protocol (includes rebuilt packets):
Apr 27 13:14:18 feign snort[14491]:       ETH: 5825642    (100.000%)
Apr 27 13:14:18 feign snort[14491]:   ETHdisc: 0          (0.000%)
Apr 27 13:14:18 feign snort[14491]:      VLAN: 0          (0.000%)
Apr 27 13:14:18 feign snort[14491]:      IPV6: 0          (0.000%)
Apr 27 13:14:18 feign snort[14491]:   IP6 EXT: 0          (0.000%)
Apr 27 13:14:18 feign snort[14491]:   IP6opts: 0          (0.000%)
Apr 27 13:14:18 feign snort[14491]:   IP6disc: 0          (0.000%)
Apr 27 13:14:18 feign snort[14491]:       IP4: 5825642    (100.000%)
Apr 27 13:14:18 feign snort[14491]:   IP4disc: 0          (0.000%)
Apr 27 13:14:18 feign snort[14491]:     TCP 6: 0          (0.000%)
Apr 27 13:14:18 feign snort[14491]:     UDP 6: 0          (0.000%)
Apr 27 13:14:18 feign snort[14491]:     ICMP6: 0          (0.000%)
Apr 27 13:14:18 feign snort[14491]:   ICMP-IP: 0          (0.000%)
Apr 27 13:14:18 feign snort[14491]:       TCP: 5715187    (98.104%)
Apr 27 13:14:18 feign snort[14491]:       UDP: 97763      (1.678%)
Apr 27 13:14:18 feign snort[14491]:      ICMP: 3409       (0.059%)
Apr 27 13:14:18 feign snort[14491]:   TCPdisc: 0          (0.000%)
Apr 27 13:14:18 feign snort[14491]:   UDPdisc: 0          (0.000%)
Apr 27 13:14:18 feign snort[14491]:   ICMPdis: 0          (0.000%)
Apr 27 13:14:18 feign snort[14491]:      FRAG: 296        (0.005%)
Apr 27 13:14:18 feign snort[14491]:    FRAG 6: 0          (0.000%)
Apr 27 13:14:18 feign snort[14491]:       ARP: 0          (0.000%)
Apr 27 13:14:18 feign snort[14491]:     EAPOL: 0          (0.000%)
Apr 27 13:14:18 feign snort[14491]:   ETHLOOP: 0          (0.000%)
Apr 27 13:14:18 feign snort[14491]:       IPX: 0          (0.000%)
Apr 27 13:14:18 feign snort[14491]:     OTHER: 8999       (0.154%)
Apr 27 13:14:18 feign snort[14491]:   DISCARD: 0          (0.000%)
Apr 27 13:14:18 feign snort[14491]: InvChkSum: 5715187    (98.104%)
Apr 27 13:14:18 feign snort[14491]:    S5 G 1: 0          (0.000%)
Apr 27 13:14:18 feign snort[14491]:    S5 G 2: 0          (0.000%)
Apr 27 13:14:18 feign snort[14491]:     Total: 5825642
Apr 27 13:14:18 feign snort[14491]: ===============================================================================
Apr 27 13:14:18 feign snort[14491]: Action Stats:
Apr 27 13:14:18 feign snort[14491]: ALERTS: 0
Apr 27 13:14:18 feign snort[14491]: LOGGED: 0
Apr 27 13:14:18 feign snort[14491]: PASSED: 5262
Apr 27 13:14:18 feign snort[14491]: ===============================================================================
Apr 27 13:14:18 feign snort[14491]: Frag3 statistics:
Apr 27 13:14:18 feign snort[14491]:         Total Fragments: 296
Apr 27 13:14:18 feign snort[14491]:       Frags Reassembled: 148
Apr 27 13:14:18 feign snort[14491]:                Discards: 0
Apr 27 13:14:18 feign snort[14491]:           Memory Faults: 0
Apr 27 13:14:18 feign snort[14491]:                Timeouts: 0
Apr 27 13:14:18 feign snort[14491]:                Overlaps: 0
Apr 27 13:14:18 feign snort[14491]:               Anomalies: 0
Apr 27 13:14:18 feign snort[14491]:                  Alerts: 0
Apr 27 13:14:18 feign snort[14491]:                   Drops: 0
Apr 27 13:14:18 feign snort[14491]:      FragTrackers Added: 148
Apr 27 13:14:18 feign snort[14491]:     FragTrackers Dumped: 148
Apr 27 13:14:18 feign snort[14491]: FragTrackers Auto Freed: 0

Any thoughts?

Thanks

Richard A. Chambers
IT Security 
Raytheon, ConITS
Richard.A.Chambers at ...57...
757-864-5080
---- 
IT Security 
itsecurity at ...4552... 
757-864-4200 






More information about the Snort-users mailing list