[Snort-users] Snort Installed fine but daemon will not run

Jeremy Hoel jthoel at ...11827...
Wed Aug 22 14:05:10 EDT 2012


When you run 'service snortd start' when it finally says running (I assume
it says that) if you tail your syslog/messages file, what do you see?

On Wed, Aug 22, 2012 at 5:53 PM, Jimmy Ford <Jimmy.Ford at ...15764...>wrote:

>  To start the daemon >service snortd start****
>
> ** **
>
> Thank you,****
>
> *Jimmy L Ford*
>
> Network Security Engineer – Information Technology Services (ITS)****
>
> South Texas Blood & Tissue Center****
>
> Tel: (210)731-5555 x1496****
>
> E-mail: jimmy.ford at ...15764...****
>
> [image: untitled]****
>
> ** **
>
> *From:* Heine Lysemose [mailto:lysemose at ...11827...]
> *Sent:* Wednesday, August 22, 2012 1:36 PM
> *To:* Jimmy Ford
> *Cc:* snort-users at lists.sourceforge.net
> *Subject:* Re: [Snort-users] Snort Installed fine but daemon will not run*
> ***
>
> ** **
>
> What your command for starting snort? As you wrote you have just verified
> the snort.conf file... ****
>
> /Lysemose****
>
> On Aug 22, 2012 7:31 PM, "Jimmy Ford" <Jimmy.Ford at ...15764...> wrote:
> ****
>
> ****
>
> So if I run:****
>
> snort -c /usr/local/snort/etc/snort.conf -T****
>
>  ****
>
> root at ...15765...:/etc/init.d# snort -c /usr/local/snort/etc/snort.conf -T****
>
> Running in Test mode****
>
>  ****
>
>         --== Initializing Snort ==--****
>
> Initializing Output Plugins!****
>
> Initializing Preprocessors!****
>
> Initializing Plug-ins!****
>
> Parsing Rules file "/usr/local/snort/etc/snort.conf"****
>
> PortVar 'HTTP_PORTS' defined :  [ 80:81 311 591 593 901 1220 1414 1741
> 1830 2301 2381 2809 3128 3702 4343 4848 5250 7001 7145 7510 7777 7779 8000
> 8008 8014 8028 8080 8088 8090 8118 8123 8180:8181 8243 8280 8800 8888 8899
> 9000 9080 9090:9091 9443 9999 11371 55555 ]****
>
> PortVar 'SHELLCODE_PORTS' defined :  [ 0:79 81:65535 ]****
>
> PortVar 'ORACLE_PORTS' defined :  [ 1024:65535 ]****
>
> PortVar 'SSH_PORTS' defined :  [ 22 ]****
>
> PortVar 'FTP_PORTS' defined :  [ 21 2100 3535 ]****
>
> PortVar 'SIP_PORTS' defined :  [ 5060:5061 5600 ]****
>
> PortVar 'FILE_DATA_PORTS' defined :  [ 80:81 110 143 311 591 593 901 1220
> 1414 1741 1830 2301 2381 2809 3128 3702 4343 4848 5250 7001 7145 7510 7777
> 7779 8000 8008 8014 8028 8080 8088 8090 8118 8123 8180:8181 8243 8280 8800
> 8888 8899 9000 9080 9090:9091 9443 9999 11371 55555 ]****
>
> PortVar 'GTP_PORTS' defined :  [ 2123 2152 3386 ]****
>
> Detection:****
>
>    Search-Method = AC-Full-Q****
>
>     Split Any/Any group = enabled****
>
>     Search-Method-Optimizations = enabled****
>
>     Maximum pattern length = 20****
>
> Tagged Packet Limit: 256****
>
> Loading dynamic engine
> /usr/local/lib/snort_dynamicengine/libsf_engine.so... done****
>
> Loading all dynamic detection libs from
> /usr/local/lib/snort_dynamicrules...****
>
>   Loading dynamic detection library
> /usr/local/lib/snort_dynamicrules/bad-traffic.so... done****
>
>   Loading dynamic detection library
> /usr/local/lib/snort_dynamicrules/dos.so... done****
>
>   Loading dynamic detection library
> /usr/local/lib/snort_dynamicrules/multimedia.so... done****
>
>   Loading dynamic detection library
> /usr/local/lib/snort_dynamicrules/specific-threats.so... done****
>
>   Loading dynamic detection library
> /usr/local/lib/snort_dynamicrules/chat.so... done****
>
>   Loading dynamic detection library
> /usr/local/lib/snort_dynamicrules/misc.so... done****
>
>   Loading dynamic detection library
> /usr/local/lib/snort_dynamicrules/web-iis.so... done****
>
>   Loading dynamic detection library
> /usr/local/lib/snort_dynamicrules/web-misc.so... done****
>
>   Loading dynamic detection library
> /usr/local/lib/snort_dynamicrules/exploit.so... done****
>
>   Loading dynamic detection library
> /usr/local/lib/snort_dynamicrules/p2p.so... done****
>
>   Loading dynamic detection library
> /usr/local/lib/snort_dynamicrules/snmp.so... done****
>
>   Loading dynamic detection library
> /usr/local/lib/snort_dynamicrules/imap.so... done****
>
>   Loading dynamic detection library
> /usr/local/lib/snort_dynamicrules/web-client.so... done****
>
>   Loading dynamic detection library
> /usr/local/lib/snort_dynamicrules/icmp.so... done****
>
>   Loading dynamic detection library
> /usr/local/lib/snort_dynamicrules/netbios.so... done****
>
>   Loading dynamic detection library
> /usr/local/lib/snort_dynamicrules/web-activex.so... done****
>
>   Loading dynamic detection library
> /usr/local/lib/snort_dynamicrules/smtp.so... done****
>
>   Loading dynamic detection library
> /usr/local/lib/snort_dynamicrules/nntp.so... done****
>
>   Finished Loading all dynamic detection libs from
> /usr/local/lib/snort_dynamicrules****
>
> Loading all dynamic preprocessor libs from
> /usr/local/snort/lib/snort_dynamicpreprocessor/...****
>
>   Loading dynamic preprocessor library
> /usr/local/snort/lib/snort_dynamicpreprocessor//libsf_dns_preproc.so... done
> ****
>
>   Loading dynamic preprocessor library
> /usr/local/snort/lib/snort_dynamicpreprocessor//libsf_reputation_preproc.so...
> done****
>
>   Loading dynamic preprocessor library
> /usr/local/snort/lib/snort_dynamicpreprocessor//libsf_gtp_preproc.so... done
> ****
>
>   Loading dynamic preprocessor library
> /usr/local/snort/lib/snort_dynamicpreprocessor//libsf_ftptelnet_preproc.so...
> done****
>
>   Loading dynamic preprocessor library
> /usr/local/snort/lib/snort_dynamicpreprocessor//libsf_imap_preproc.so...
> done****
>
>   Loading dynamic preprocessor library
> /usr/local/snort/lib/snort_dynamicpreprocessor//libsf_ssl_preproc.so... done
> ****
>
>   Loading dynamic preprocessor library
> /usr/local/snort/lib/snort_dynamicpreprocessor//libsf_pop_preproc.so... done
> ****
>
>   Loading dynamic preprocessor library
> /usr/local/snort/lib/snort_dynamicpreprocessor//libsf_sip_preproc.so... done
> ****
>
>   Loading dynamic preprocessor library
> /usr/local/snort/lib/snort_dynamicpreprocessor//libsf_smtp_preproc.so...
> done****
>
>   Loading dynamic preprocessor library
> /usr/local/snort/lib/snort_dynamicpreprocessor//libsf_modbus_preproc.so...
> done****
>
>   Loading dynamic preprocessor library
> /usr/local/snort/lib/snort_dynamicpreprocessor//libsf_sdf_preproc.so... done
> ****
>
>   Loading dynamic preprocessor library
> /usr/local/snort/lib/snort_dynamicpreprocessor//libsf_dnp3_preproc.so...
> done****
>
>   Loading dynamic preprocessor library
> /usr/local/snort/lib/snort_dynamicpreprocessor//libsf_ssh_preproc.so... done
> ****
>
>   Loading dynamic preprocessor library
> /usr/local/snort/lib/snort_dynamicpreprocessor//libsf_dce2_preproc.so...
> done****
>
>   Finished Loading all dynamic preprocessor libs from
> /usr/local/snort/lib/snort_dynamicpreprocessor/****
>
> Log directory = /var/log/snort****
>
> WARNING: ip4 normalizations disabled because not inline.****
>
> WARNING: tcp normalizations disabled because not inline.****
>
> WARNING: icmp4 normalizations disabled because not inline.****
>
> WARNING: ip6 normalizations disabled because not inline.****
>
> WARNING: icmp6 normalizations disabled because not inline.****
>
> Frag3 global config:****
>
>     Max frags: 65536****
>
>     Fragment memory cap: 4194304 bytes****
>
> Frag3 engine config:****
>
>     Bound Address: default****
>
>     Target-based policy: WINDOWS****
>
>     Fragment timeout: 180 seconds****
>
>     Fragment min_ttl:   1****
>
>     Fragment Anomalies: Alert****
>
>     Overlap Limit:     10****
>
>     Min fragment Length:     100****
>
> Stream5 global config:****
>
>     Track TCP sessions: ACTIVE****
>
>     Max TCP sessions: 262144****
>
>     Memcap (for reassembly packet storage): 8388608****
>
>     Track UDP sessions: ACTIVE****
>
>     Max UDP sessions: 131072****
>
>     Track ICMP sessions: INACTIVE****
>
>     Track IP sessions: INACTIVE****
>
>     Log info if session memory consumption exceeds 1048576****
>
>     Send up to 2 active responses****
>
>     Wait at least 5 seconds between responses****
>
>     Protocol Aware Flushing: ACTIVE****
>
>         Maximum Flush Point: 16000****
>
> Stream5 TCP Policy config:****
>
>     Bound Address: default****
>
>     Reassembly Policy: WINDOWS****
>
>     Timeout: 180 seconds****
>
>     Limit on TCP Overlaps: 10****
>
>     Maximum number of bytes to queue per session: 1048576****
>
>     Maximum number of segs to queue per session: 2621****
>
>     Options:****
>
>         Require 3-Way Handshake: YES****
>
>         3-Way Handshake Timeout: 180****
>
>         Detect Anomalies: YES****
>
>     Reassembly Ports:****
>
>       21 client (Footprint)****
>
>       22 client (Footprint)****
>
>       23 client (Footprint)****
>
>       25 client (Footprint)****
>
>       42 client (Footprint)****
>
>       53 client (Footprint)****
>
>       79 client (Footprint)****
>
>       80 client (Footprint) server (Footprint)****
>
>       81 client (Footprint) server (Footprint)****
>
>       109 client (Footprint)****
>
>       110 client (Footprint)****
>
>       111 client (Footprint)****
>
>       113 client (Footprint)****
>
>       119 client (Footprint)****
>
>       135 client (Footprint)****
>
>       136 client (Footprint)****
>
>       137 client (Footprint)****
>
>       139 client (Footprint)****
>
>       143 client (Footprint)****
>
>       161 client (Footprint)****
>
>       additional ports configured but not printed.****
>
> Stream5 UDP Policy config:****
>
>     Timeout: 180 seconds****
>
> HttpInspect Config:****
>
>     GLOBAL CONFIG****
>
>       Max Pipeline Requests:    0****
>
>       Inspection Type:          STATELESS****
>
>       Detect Proxy Usage:       NO****
>
>       IIS Unicode Map Filename: /usr/local/snort/etc/unicode.map****
>
>       IIS Unicode Map Codepage: 1252****
>
>       Memcap used for logging URI and Hostname: 150994944****
>
>       Max Gzip Memory: 838860****
>
>       Max Gzip Sessions: 5518****
>
>       Gzip Compress Depth: 65535****
>
>       Gzip Decompress Depth: 65535****
>
>     DEFAULT SERVER CONFIG:****
>
>       Server profile: All****
>
>       Ports (PAF): 80 81 311 591 593 901 1220 1414 1741 1830 2301 2381
> 2809 3128 3702 4343 4848 5250 7001 7145 7510 7777 7779 8000 8008 8014 8028
> 8080 8088 8090 8118 8123 8180 8181 8243 8280 8800 8888 8899 9000 9080 9090
> 9091 9443 9999 11371 55555****
>
>       Server Flow Depth: 0****
>
>       Client Flow Depth: 0****
>
>       Max Chunk Length: 500000****
>
>       Small Chunk Length Evasion: chunk size <= 10, threshold >= 5 times**
> **
>
>       Max Header Field Length: 750****
>
>       Max Number Header Fields: 100****
>
>       Max Number of WhiteSpaces allowed with header folding: 200****
>
>       Inspect Pipeline Requests: YES****
>
>       URI Discovery Strict Mode: NO****
>
>       Allow Proxy Usage: NO****
>
>       Disable Alerting: NO****
>
>       Oversize Dir Length: 500****
>
>       Only inspect URI: NO****
>
>       Normalize HTTP Headers: NO****
>
>       Inspect HTTP Cookies: YES****
>
>       Inspect HTTP Responses: YES****
>
>       Extract Gzip from responses: YES****
>
>       Unlimited decompression of gzip data from responses: YES****
>
>       Normalize Javascripts in HTTP Responses: YES****
>
>       Max Number of WhiteSpaces allowed with Javascript Obfuscation in
> HTTP responses: 200****
>
>       Normalize HTTP Cookies: NO****
>
>       Enable XFF and True Client IP: NO****
>
>       Log HTTP URI data: NO****
>
>       Log HTTP Hostname data: NO****
>
>       Extended ASCII code support in URI: NO****
>
>       Ascii: YES alert: NO****
>
>       Double Decoding: YES alert: NO****
>
>       %U Encoding: YES alert: YES****
>
>       Bare Byte: YES alert: NO****
>
>       UTF 8: YES alert: NO****
>
>       IIS Unicode: YES alert: NO****
>
>       Multiple Slash: YES alert: NO****
>
>       IIS Backslash: YES alert: NO****
>
>       Directory Traversal: YES alert: NO****
>
>       Web Root Traversal: YES alert: NO****
>
>       Apache WhiteSpace: YES alert: NO****
>
>       IIS Delimiter: YES alert: NO****
>
>       IIS Unicode Map: GLOBAL IIS UNICODE MAP CONFIG****
>
>       Non-RFC Compliant Characters: 0x00 0x01 0x02 0x03 0x04 0x05 0x06 0x07
> ****
>
>       Whitespace Characters: 0x09 0x0b 0x0c 0x0d****
>
> rpc_decode arguments:****
>
>     Ports to decode RPC on: 111 32770 32771 32772 32773 32774 32775 32776
> 32777 32778 32779****
>
>     alert_fragments: INACTIVE****
>
>     alert_large_fragments: INACTIVE****
>
>     alert_incomplete: INACTIVE****
>
>     alert_multiple_requests: INACTIVE****
>
> FTPTelnet Config:****
>
>     GLOBAL CONFIG****
>
>       Inspection Type: stateful****
>
>       Check for Encrypted Traffic: YES alert: NO****
>
>       Continue to check encrypted data: YES****
>
>     TELNET CONFIG:****
>
>       Ports: 23****
>
>       Are You There Threshold: 20****
>
>       Normalize: YES****
>
>       Detect Anomalies: YES****
>
>     FTP CONFIG:****
>
>       FTP Server: default****
>
>         Ports (PAF): 21 2100 3535****
>
>         Check for Telnet Cmds: YES alert: YES****
>
>         Ignore Telnet Cmd Operations: YES alert: YES****
>
>         Identify open data channels: NO****
>
>       FTP Client: default****
>
>         Check for Bounce Attacks: YES alert: YES****
>
>         Check for Telnet Cmds: YES alert: YES****
>
>         Ignore Telnet Cmd Operations: YES alert: YES****
>
>         Max Response Length: 256****
>
> SMTP Config:****
>
>     Ports: 25 465 587 691****
>
>     Inspection Type: Stateful****
>
>     Normalize: ATRN AUTH BDAT DATA DEBUG EHLO EMAL ESAM ESND ESOM ETRN
> EVFY EXPN HELO HELP IDENT MAIL NOOP ONEX QUEU QUIT RCPT RSET SAML SEND
> STARTTLS SOML TICK TIME TURN TURNME VERB VRFY X-EXPS XADR XAUTH XCIR
> XEXCH50 XGEN XLICENSE X-LINK2STATE XQUE XSTA XTRN XUSR CHUNKING X-ADAT
> X-DRCP X-ERCP X-EXCH50****
>
>     Ignore Data: No****
>
>     Ignore TLS Data: No****
>
>     Ignore SMTP Alerts: No****
>
>     Max Command Line Length: 512****
>
>     Max Specific Command Line Length:****
>
>        ATRN:255 AUTH:246 BDAT:255 DATA:246 DEBUG:255****
>
>        EHLO:500 EMAL:255 ESAM:255 ESND:255 ESOM:255****
>
>        ETRN:246 EVFY:255 EXPN:255 HELO:500 HELP:500****
>
>        IDENT:255 MAIL:260 NOOP:255 ONEX:246 QUEU:246****
>
>        QUIT:246 RCPT:300 RSET:246 SAML:246 SEND:246****
>
>        SIZE:255 STARTTLS:246 SOML:246 TICK:246 TIME:246****
>
>        TURN:246 TURNME:246 VERB:246 VRFY:255 X-EXPS:246****
>
>        XADR:246 XAUTH:246 XCIR:246 XEXCH50:246 XGEN:246****
>
>        XLICENSE:246 X-LINK2STATE:246 XQUE:246 XSTA:246 XTRN:246****
>
>        XUSR:246****
>
>     Max Header Line Length: 1000****
>
>     Max Response Line Length: 512****
>
>     X-Link2State Alert: Yes****
>
>     Drop on X-Link2State Alert: No****
>
>     Alert on commands: None****
>
>     Alert on unknown commands: No****
>
>     SMTP Memcap: 838860****
>
>     MIME Max Mem: 838860****
>
>     Base64 Decoding: Enabled****
>
>     Base64 Decoding Depth: Unlimited****
>
>     Quoted-Printable Decoding: Enabled****
>
>     Quoted-Printable Decoding Depth: Unlimited****
>
>     Unix-to-Unix Decoding: Enabled****
>
>     Unix-to-Unix Decoding Depth: Unlimited****
>
>     Non-Encoded MIME attachment Extraction: Enabled****
>
>     Non-Encoded MIME attachment Extraction Depth: Unlimited****
>
>     Log Attachment filename: Enabled****
>
>     Log MAIL FROM Address: Enabled****
>
>     Log RCPT TO Addresses: Enabled****
>
>     Log Email Headers: Enabled****
>
>     Email Hdrs Log Depth: 1464****
>
> SSH config:****
>
>     Autodetection: ENABLED****
>
>     Challenge-Response Overflow Alert: ENABLED****
>
>     SSH1 CRC32 Alert: ENABLED****
>
>     Server Version String Overflow Alert: ENABLED****
>
>     Protocol Mismatch Alert: ENABLED****
>
>     Bad Message Direction Alert: DISABLED****
>
>     Bad Payload Size Alert: DISABLED****
>
>     Unrecognized Version Alert: DISABLED****
>
>     Max Encrypted Packets: 20****
>
>     Max Server Version String Length: 100****
>
>     MaxClientBytes: 19600 (Default)****
>
>     Ports:****
>
>         22****
>
> DCE/RPC 2 Preprocessor Configuration****
>
>   Global Configuration****
>
>     DCE/RPC Defragmentation: Enabled****
>
>     Memcap: 102400 KB****
>
>     Events: co****
>
>     SMB Fingerprint policy: Disabled****
>
>   Server Default Configuration****
>
>     Policy: WinXP****
>
>     Detect ports (PAF)****
>
>       SMB: 139 445****
>
>       TCP: 135****
>
>       UDP: 135****
>
>       RPC over HTTP server: 593****
>
>       RPC over HTTP proxy: None****
>
>     Autodetect ports (PAF)****
>
>       SMB: None****
>
>       TCP: 1025-65535****
>
>       UDP: 1025-65535****
>
>       RPC over HTTP server: 1025-65535****
>
>       RPC over HTTP proxy: None****
>
>     Invalid SMB shares: C$ D$ ADMIN$****
>
>     Maximum SMB command chaining: 3 commands****
>
> DNS config:****
>
>     DNS Client rdata txt Overflow Alert: ACTIVE****
>
>     Obsolete DNS RR Types Alert: INACTIVE****
>
>     Experimental DNS RR Types Alert: INACTIVE****
>
>     Ports: 53****
>
> SSLPP config:****
>
>     Encrypted packets: not inspected****
>
>     Ports:****
>
>       443      465      563      636      989****
>
>       992      993      994      995     7801****
>
>      7802     7900     7901     7902     7903****
>
>      7904     7905     7906     7907     7908****
>
>      7909     7910     7911     7912     7913****
>
>      7914     7915     7916     7917     7918****
>
>      7919     7920****
>
>     Server side data is trusted****
>
> Sensitive Data preprocessor config:****
>
>     Global Alert Threshold: 25****
>
>     Masked Output: DISABLED****
>
> SIP config:****
>
>     Max number of sessions: 40000****
>
>     Max number of dialogs in a session: 4 (Default)****
>
>     Status: ENABLED****
>
>     Ignore media channel: DISABLED****
>
>     Max URI length: 512****
>
>     Max Call ID length: 80****
>
>     Max Request name length: 20 (Default)****
>
>     Max From length: 256 (Default)****
>
>     Max To length: 256 (Default)****
>
>     Max Via length: 1024 (Default)****
>
>     Max Contact length: 512****
>
>     Max Content length: 2048****
>
>     Ports:****
>
>         5060    5061    5600****
>
>     Methods:****
>
>           invite cancel ack bye register options refer subscribe update
> join info message notify benotify do qauth sprack publish service
> unsubscribe prack****
>
> IMAP Config:****
>
>     Ports: 143****
>
>     IMAP Memcap: 838860****
>
>     Base64 Decoding: Enabled****
>
>     Base64 Decoding Depth: Unlimited****
>
>     Quoted-Printable Decoding: Enabled****
>
>     Quoted-Printable Decoding Depth: Unlimited****
>
>     Unix-to-Unix Decoding: Enabled****
>
>     Unix-to-Unix Decoding Depth: Unlimited****
>
>     Non-Encoded MIME attachment Extraction: Enabled****
>
>     Non-Encoded MIME attachment Extraction Depth: Unlimited****
>
> POP Config:****
>
>     Ports: 110****
>
>     POP Memcap: 838860****
>
>     Base64 Decoding: Enabled****
>
>     Base64 Decoding Depth: Unlimited****
>
>     Quoted-Printable Decoding: Enabled****
>
>     Quoted-Printable Decoding Depth: Unlimited****
>
>     Unix-to-Unix Decoding: Enabled****
>
>     Unix-to-Unix Decoding Depth: Unlimited****
>
>     Non-Encoded MIME attachment Extraction: Enabled****
>
>     Non-Encoded MIME attachment Extraction Depth: Unlimited****
>
> Modbus config:****
>
>     Ports:****
>
>         502****
>
> DNP3 config:****
>
>     Memcap: 262144****
>
>     Check Link-Layer CRCs: ENABLED****
>
>     Ports:****
>
>         20000****
>
>  ****
>
> +++++++++++++++++++++++++++++++++++++++++++++++++++****
>
> Initializing rule chains...****
>
> 3053 Snort rules read****
>
>     3053 detection rules****
>
>     0 decoder rules****
>
>     0 preprocessor rules****
>
> 3053 Option Chains linked into 200 Chain Headers****
>
> 0 Dynamic rules****
>
> +++++++++++++++++++++++++++++++++++++++++++++++++++****
>
>  ****
>
> +-------------------[Rule Port
> Counts]---------------------------------------****
>
> |             tcp     udp    icmp      ip****
>
> |     src    1489      13       0       0****
>
> |     dst    1321      76       0       0****
>
> |     any     130      54      38      34****
>
> |      nc     266      33       4       7****
>
> |     s+d       0       3       0       0****
>
>
> +----------------------------------------------------------------------------
> ****
>
>  ****
>
>
> +-----------------------[detection-filter-config]------------------------------
> ****
>
> | memory-cap : 1048576 bytes****
>
>
> +-----------------------[detection-filter-rules]-------------------------------
> ****
>
>
> -------------------------------------------------------------------------------
> ****
>
>  ****
>
>
> +-----------------------[rate-filter-config]-----------------------------------
> ****
>
> | memory-cap : 1048576 bytes****
>
>
> +-----------------------[rate-filter-rules]------------------------------------
> ****
>
> | none****
>
>
> -------------------------------------------------------------------------------
> ****
>
>  ****
>
>
> +-----------------------[event-filter-config]----------------------------------
> ****
>
> | memory-cap : 1048576 bytes****
>
>
> +-----------------------[event-filter-global]----------------------------------
> ****
>
>
> +-----------------------[event-filter-local]-----------------------------------
> ****
>
> | none****
>
>
> +-----------------------[suppression]------------------------------------------
> ****
>
> | none****
>
>
> -------------------------------------------------------------------------------
> ****
>
> Rule application order:
> activation->dynamic->pass->drop->sdrop->reject->alert->log****
>
> Verifying Preprocessor Configurations!****
>
> ICMP tracking disabled, no ICMP sessions allocated****
>
> IP tracking disabled, no IP sessions allocated****
>
> WARNING: flowbits key 'file.bak' is set but not ever checked.****
>
> WARNING: flowbits key 'file.macho64le' is set but not ever checked.****
>
> WARNING: flowbits key 'file.postscript' is set but not ever checked.****
>
> WARNING: flowbits key 'file.oless.v3' is set but not ever checked.****
>
> WARNING: flowbits key 'file.fon' is set but not ever checked.****
>
> WARNING: flowbits key 'soliddb' is set but not ever checked.****
>
> WARNING: flowbits key 'file.sln' is set but not ever checked.****
>
> WARNING: flowbits key 'file.realplayer' is set but not ever checked.****
>
> WARNING: flowbits key 'vnc.auth' is checked but not ever set.****
>
> WARNING: flowbits key 'file.pkp' is set but not ever checked.****
>
> WARNING: flowbits key 'file.pptx' is set but not ever checked.****
>
> WARNING: flowbits key 'file.oless.v4' is set but not ever checked.****
>
> WARNING: flowbits key 'file.mht' is set but not ever checked.****
>
> WARNING: flowbits key 'file.macho64be' is set but not ever checked.****
>
> WARNING: flowbits key 'file.wps' is set but not ever checked.****
>
> WARNING: flowbits key 'file.wrf' is set but not ever checked.****
>
> WARNING: flowbits key 'file.aom' is set but not ever checked.****
>
> WARNING: flowbits key 'file.autodesk_max' is set but not ever checked.****
>
> WARNING: flowbits key 'file.3g2' is set but not ever checked.****
>
> WARNING: flowbits key 'file.mppl' is set but not ever checked.****
>
> WARNING: flowbits key 'file.k3g' is set but not ever checked.****
>
> WARNING: flowbits key 'ipp.application' is checked but not ever set.****
>
> WARNING: flowbits key 'file.m4v' is set but not ever checked.****
>
> WARNING: flowbits key 'backdoor.fearless.runtime' is checked but not ever
> set.****
>
> WARNING: flowbits key 'file.mpeg' is set but not ever checked.****
>
> WARNING: flowbits key 'file.m4p' is set but not ever checked.****
>
> WARNING: flowbits key 'file.tnef' is set but not ever checked.****
>
> WARNING: flowbits key 'backdoor.y3krat_15.client.response' is checked but
> not ever set.****
>
> WARNING: flowbits key 'file.ram' is set but not ever checked.****
>
> WARNING: flowbits key 'file.mid' is set but not ever checked.****
>
> WARNING: flowbits key 'file.cyb' is set but not ever checked.****
>
> WARNING: flowbits key 'file.cryptff' is set but not ever checked.****
>
> WARNING: flowbits key 'file.3gp' is set but not ever checked.****
>
> WARNING: flowbits key 'RTMP.sysMemCall' is set but not ever checked.****
>
> WARNING: flowbits key 'file.collada' is set but not ever checked.****
>
> WARNING: flowbits key 'asteriskmi' is set but not ever checked.****
>
> WARNING: flowbits key 'file.cnt' is set but not ever checked.****
>
> WARNING: flowbits key 'file.eml' is set but not ever checked.****
>
> WARNING: flowbits key 'file.mime' is set but not ever checked.****
>
> WARNING: flowbits key 'file.m4r' is set but not ever checked.****
>
> WARNING: flowbits key 'file.dat' is set but not ever checked.****
>
> WARNING: flowbits key 'file.bzip' is set but not ever checked.****
>
> WARNING: flowbits key 'file.msproducer' is set but not ever checked.****
>
> WARNING: flowbits key 'ABSystemSpy_Inforetrieve1' is set but not ever
> checked.****
>
> WARNING: flowbits key 'file.arj' is set but not ever checked.****
>
> WARNING: flowbits key 'file.vwr' is set but not ever checked.****
>
> WARNING: flowbits key 'file.csv' is set but not ever checked.****
>
> WARNING: flowbits key 'file.rdp' is set but not ever checked.****
>
> WARNING: flowbits key 'file.plp' is set but not ever checked.****
>
> WARNING: flowbits key 'file.skm' is set but not ever checked.****
>
> WARNING: flowbits key 'file.dvr-ms' is set but not ever checked.****
>
> WARNING: flowbits key 'file.mov' is set but not ever checked.****
>
> WARNING: flowbits key 'file.daz_ds' is set but not ever checked.****
>
> WARNING: flowbits key 'file.bat' is set but not ever checked.****
>
> WARNING: flowbits key 'file.rar' is set but not ever checked.****
>
> WARNING: flowbits key 'file.wk4' is set but not ever checked.****
>
> WARNING: flowbits key 'smtp.contenttype.attachment' is checked but not
> ever set.****
>
> WARNING: flowbits key 'file.machobe' is set but not ever checked.****
>
> WARNING: flowbits key 'file.rss' is set but not ever checked.****
>
> WARNING: flowbits key 'file.hta' is set but not ever checked.****
>
> WARNING: flowbits key 'file.mkv' is set but not ever checked.****
>
> WARNING: flowbits key 'waprox.init' is set but not ever checked.****
>
> WARNING: flowbits key 'dce.spoolss.4.call' is checked but not ever set.***
> *
>
> WARNING: flowbits key 'file.hlp' is set but not ever checked.****
>
> WARNING: flowbits key 'file.vmd' is set but not ever checked.****
>
> WARNING: flowbits key 'file.autodesk_ma' is set but not ever checked.****
>
> WARNING: flowbits key 'file.cws' is set but not ever checked.****
>
> WARNING: flowbits key 'file.application' is set but not ever checked.****
>
> WARNING: flowbits key 'file.amf' is set but not ever checked.****
>
> WARNING: flowbits key 'file.7zip' is set but not ever checked.****
>
> WARNING: flowbits key 'sslv2.server_hello.request' is checked but not ever
> set.****
>
> WARNING: flowbits key 'file.tiff.big' is set but not ever checked.****
>
> WARNING: flowbits key 'file.sis' is set but not ever checked.****
>
> WARNING: flowbits key 'file.symantec' is set but not ever checked.****
>
> WARNING: flowbits key 'file.docx' is set but not ever checked.****
>
> WARNING: flowbits key 'file.file.tar' is set but not ever checked.****
>
> WARNING: flowbits key 'file.screnc' is set but not ever checked.****
>
> WARNING: flowbits key 'AOLAdmin1.1.connection' is checked but not ever set.
> ****
>
> WARNING: flowbits key 'file.xm' is set but not ever checked.****
>
> WARNING: flowbits key 'file.esignal' is set but not ever checked.****
>
> WARNING: flowbits key 'file.nab' is set but not ever checked.****
>
> WARNING: flowbits key 'file.cab' is set but not ever checked.****
>
> WARNING: flowbits key 'file.rat' is set but not ever checked.****
>
> WARNING: flowbits key 'file.rt' is set but not ever checked.****
>
> WARNING: flowbits key 'file.cy3' is set but not ever checked.****
>
> WARNING: flowbits key 'file.rp' is set but not ever checked.****
>
> WARNING: flowbits key 'file.addin' is set but not ever checked.****
>
> WARNING: flowbits key 'file.dbp' is set but not ever checked.****
>
> WARNING: flowbits key 'backdoor.asylum.connect' is checked but not ever
> set.****
>
> WARNING: flowbits key 'file.m4a' is set but not ever checked.****
>
> WARNING: flowbits key 'smb.neoteris' is checked but not ever set.****
>
> WARNING: flowbits key 'file.svg' is set but not ever checked.****
>
> WARNING: flowbits key 'file.qt' is set but not ever checked.****
>
> WARNING: flowbits key 'file.gzip' is set but not ever checked.****
>
> WARNING: flowbits key 'file.binhex' is set but not ever checked.****
>
> WARNING: flowbits key 'file.rmf' is set but not ever checked.****
>
> WARNING: flowbits key 'trojan.nervos' is set but not ever checked.****
>
> WARNING: flowbits key 'file.m4b' is set but not ever checked.****
>
> WARNING: flowbits key 'file.ffmpeg' is set but not ever checked.****
>
> WARNING: flowbits key 'file.crx' is set but not ever checked.****
>
> WARNING: flowbits key 'file.htm' is set but not ever checked.****
>
> WARNING: flowbits key 'file.ivr' is set but not ever checked.****
>
> WARNING: flowbits key 'file.siplog' is set but not ever checked.****
>
> WARNING: flowbits key 'file.s3m' is set but not ever checked.****
>
> WARNING: flowbits key 'file.webm' is set but not ever checked.****
>
> WARNING: flowbits key 'file.plf' is set but not ever checked.****
>
> WARNING: flowbits key 'asp.upload' is checked but not ever set.****
>
> WARNING: flowbits key 'file.ht3' is set but not ever checked.****
>
> WARNING: flowbits key 'file.jar.agent_helper' is set but not ever checked.
> ****
>
> WARNING: flowbits key 'dorkbot.ircinit' is set but not ever checked.****
>
> WARNING: flowbits key 'file.mp4' is set but not ever checked.****
>
> WARNING: flowbits key 'file.lzh' is set but not ever checked.****
>
> WARNING: flowbits key 'file.flac' is set but not ever checked.****
>
> WARNING: flowbits key 'file.cue' is set but not ever checked.****
>
> WARNING: flowbits key 'backdoor.donalddick.1.5.b.3.conn' is checked but
> not ever set.****
>
> WARNING: flowbits key 'oracle.connect' is checked but not ever set.****
>
> WARNING: flowbits key 'file.machole' is set but not ever checked.****
>
> WARNING: flowbits key 'file.rmp' is set but not ever checked.****
>
> WARNING: flowbits key 'file.fli' is set but not ever checked.****
>
> WARNING: flowbits key 'file.search-ms' is set but not ever checked.****
>
> 217 out of 1024 flowbits in use.****
>
>  ****
>
> [ Port Based Pattern Matching Memory ]****
>
> +- [ Aho-Corasick Summary ] -------------------------------------****
>
> | Storage Format    : Full-Q****
>
> | Finite Automaton  : DFA****
>
> | Alphabet Size     : 256 Chars****
>
> | Sizeof State      : Variable (1,2,4 bytes)****
>
> | Instances         : 162****
>
> |     1 byte states : 151****
>
> |     2 byte states : 11****
>
> |     4 byte states : 0****
>
> | Characters        : 46605****
>
> | States            : 35979****
>
> | Transitions       : 3519216****
>
> | State Density     : 38.2%****
>
> | Patterns          : 3174****
>
> | Match States      : 3077****
>
> | Memory (MB)       : 18.40****
>
> |   Patterns        : 0.33****
>
> |   Match Lists     : 0.64****
>
> |   DFA****
>
> |     1 byte states : 0.85****
>
> |     2 byte states : 16.30****
>
> |     4 byte states : 0.00****
>
> +----------------------------------------------------------------****
>
> [ Number of patterns truncated to 20 bytes: 506 ]****
>
>  ****
>
>         --== Initialization Complete ==--****
>
>  ****
>
>    ,,_     -*> Snort! <*-****
>
>   o"  )~   Version 2.9.3.1 IPv6 GRE (Build 40)****
>
>    ''''    By Martin Roesch & The Snort Team:
> http://www.snort.org/snort/snort-team****
>
>            Copyright (C) 1998-2012 Sourcefire, Inc., et al.****
>
>            Using libpcap version 1.1.1****
>
>            Using PCRE version: 8.12 2011-01-15****
>
>            Using ZLIB version: 1.2.3.4****
>
>  ****
>
>            Rules Engine: SF_SNORT_DETECTION_ENGINE  Version 1.16  <Build
> 18>****
>
>            Rules Object: nntp  Version 1.0  <Build 1>****
>
>            Rules Object: smtp  Version 1.0  <Build 1>****
>
>            Rules Object: web-activex  Version 1.0  <Build 1>****
>
>            Rules Object: netbios  Version 1.0  <Build 1>****
>
>            Rules Object: icmp  Version 1.0  <Build 1>****
>
>            Rules Object: web-client  Version 1.0  <Build 1>****
>
>            Rules Object: imap  Version 1.0  <Build 1>****
>
>            Rules Object: snmp  Version 1.0  <Build 1>****
>
>            Rules Object: p2p  Version 1.0  <Build 1>****
>
>            Rules Object: exploit  Version 1.0  <Build 1>****
>
>            Rules Object: web-misc  Version 1.0  <Build 1>****
>
>            Rules Object: web-iis  Version 1.0  <Build 1>****
>
>            Rules Object: misc  Version 1.0  <Build 1>****
>
>            Rules Object: chat  Version 1.0  <Build 1>****
>
>            Rules Object: specific-threats  Version 1.0  <Build 1>****
>
>            Rules Object: multimedia  Version 1.0  <Build 1>****
>
>            Rules Object: dos  Version 1.0  <Build 1>****
>
>            Rules Object: bad-traffic  Version 1.0  <Build 1>****
>
>            Preprocessor Object: SF_DCERPC2 (IPV6)  Version 1.0  <Build 3>*
> ***
>
>            Preprocessor Object: SF_SSH (IPV6)  Version 1.1  <Build 3>****
>
>            Preprocessor Object: SF_DNP3 (IPV6)  Version 1.1  <Build 1>****
>
>            Preprocessor Object: SF_SDF (IPV6)  Version 1.1  <Build 1>****
>
>            Preprocessor Object: SF_MODBUS (IPV6)  Version 1.1  <Build 1>**
> **
>
>            Preprocessor Object: SF_SMTP (IPV6)  Version 1.1  <Build 9>****
>
>            Preprocessor Object: SF_SIP (IPV6)  Version 1.1  <Build 1>****
>
>            Preprocessor Object: SF_POP (IPV6)  Version 1.0  <Build 1>****
>
>            Preprocessor Object: SF_SSLPP (IPV6)  Version 1.1  <Build 4>***
> *
>
>            Preprocessor Object: SF_IMAP (IPV6)  Version 1.0  <Build 1>****
>
>            Preprocessor Object: SF_FTPTELNET (IPV6)  Version 1.2  <Build
> 13>****
>
>            Preprocessor Object: SF_GTP (IPV6)  Version 1.1  <Build 1>****
>
>            Preprocessor Object: SF_REPUTATION (IPV6)  Version 1.1  <Build
> 1>****
>
>            Preprocessor Object: SF_DNS (IPV6)  Version 1.1  <Build 4>****
>
>  ****
>
> Snort successfully validated the configuration!****
>
> Snort exiting****
>
>  ****
>
> But when I run: ps –auxww****
>
>  ****
>
> root at ...15765...:/etc/init.d# ps -auxww****
>
> Warning: bad ps syntax, perhaps a bogus '-'? See
> http://procps.sf.net/faq.html****
>
> USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND**
> **
>
> root         1  0.0  0.0  24312  2252 ?        Ss   Aug21   0:01 /sbin/init
> ****
>
> root         2  0.0  0.0      0     0 ?        S    Aug21   0:00 [kthreadd]
> ****
>
> root         3  0.0  0.0      0     0 ?        S    Aug21   0:00
> [ksoftirqd/0]****
>
> root         6  0.0  0.0      0     0 ?        S    Aug21   0:00
> [migration/0]****
>
> root         7  0.0  0.0      0     0 ?        S    Aug21   0:00
> [watchdog/0]****
>
> root         8  0.0  0.0      0     0 ?        S<   Aug21   0:00 [cpuset]*
> ***
>
> root         9  0.0  0.0      0     0 ?        S<   Aug21   0:00 [khelper]
> ****
>
> root        10  0.0  0.0      0     0 ?        S    Aug21   0:00
> [kdevtmpfs]****
>
> root        11  0.0  0.0      0     0 ?        S<   Aug21   0:00 [netns]**
> **
>
> root        12  0.0  0.0      0     0 ?        S    Aug21   0:00
> [sync_supers]****
>
> root        13  0.0  0.0      0     0 ?        S    Aug21   0:00
> [bdi-default]****
>
> root        14  0.0  0.0      0     0 ?        S<   Aug21   0:00
> [kintegrityd]****
>
> root        15  0.0  0.0      0     0 ?        S<   Aug21   0:00 [kblockd]
> ****
>
> root        16  0.0  0.0      0     0 ?        S<   Aug21   0:00 [ata_sff]
> ****
>
> root        17  0.0  0.0      0     0 ?        S    Aug21   0:00 [khubd]**
> **
>
> root        18  0.0  0.0      0     0 ?        S<   Aug21   0:00 [md]****
>
> root        19  0.0  0.0      0     0 ?        S    Aug21   0:00
> [kworker/u:1]****
>
> root        21  0.0  0.0      0     0 ?        S    Aug21   0:00
> [khungtaskd]****
>
> root        22  0.0  0.0      0     0 ?        S    Aug21   0:00 [kswapd0]
> ****
>
> root        23  0.0  0.0      0     0 ?        SN   Aug21   0:00 [ksmd]***
> *
>
> root        24  0.0  0.0      0     0 ?        SN   Aug21   0:00
> [khugepaged]****
>
> root        25  0.0  0.0      0     0 ?        S    Aug21   0:00
> [fsnotify_mark]****
>
> root        26  0.0  0.0      0     0 ?        S    Aug21   0:00
> [ecryptfs-kthrea]****
>
> root        27  0.0  0.0      0     0 ?        S<   Aug21   0:00 [crypto]*
> ***
>
> root        35  0.0  0.0      0     0 ?        S<   Aug21   0:00 [kthrotld]
> ****
>
> root        37  0.0  0.0      0     0 ?        S    Aug21   0:00
> [scsi_eh_0]****
>
> root        38  0.0  0.0      0     0 ?        S    Aug21   0:00
> [scsi_eh_1]****
>
> root        39  0.0  0.0      0     0 ?        S    Aug21   0:01
> [kworker/u:2]****
>
> root        59  0.0  0.0      0     0 ?        S<   Aug21   0:00
> [devfreq_wq]****
>
> root        60  0.0  0.0      0     0 ?        S    Aug21   0:08
> [kworker/0:2]****
>
> root       196  0.0  0.0      0     0 ?        S<   Aug21   0:00
> [mpt_poll_0]****
>
> root       198  0.0  0.0      0     0 ?        S<   Aug21   0:00 [mpt/0]**
> **
>
> root       205  0.0  0.0      0     0 ?        S    Aug21   0:00
> [scsi_eh_2]****
>
> root       218  0.0  0.0      0     0 ?        S<   Aug21   0:00 [kdmflush]
> ****
>
> root       228  0.0  0.0      0     0 ?        S<   Aug21   0:00 [kdmflush]
> ****
>
> root       240  0.0  0.0      0     0 ?        S    Aug21   0:01
> [jbd2/dm-0-8]****
>
> root       241  0.0  0.0      0     0 ?        S<   Aug21   0:00
> [ext4-dio-unwrit]****
>
> root       493  0.0  0.0      0     0 ?        S<   Aug21   0:00
> [kpsmoused]****
>
> root       643  0.0  0.0  15180   616 ?        S    Aug21   0:00
> upstart-socket-bridge --daemon****
>
> syslog     724  0.0  0.0 249464  1620 ?        Sl   Aug21   0:04 rsyslogd
> -c5****
>
> 102        797  0.0  0.0  23940  1292 ?        Ss   Aug21   0:00
> dbus-daemon --system --fork --activation=upstart****
>
> root       856  0.0  0.0  15776   968 tty4     Ss+  Aug21   0:00
> /sbin/getty -8 38400 tty4****
>
> root       861  0.0  0.0  15776   964 tty5     Ss+  Aug21   0:00
> /sbin/getty -8 38400 tty5****
>
> root       879  0.0  0.0  15776   956 tty2     Ss+  Aug21   0:00
> /sbin/getty -8 38400 tty2****
>
> root       880  0.0  0.0  15776   968 tty3     Ss+  Aug21   0:00
> /sbin/getty -8 38400 tty3****
>
> root       882  0.0  0.0  15776   964 tty6     Ss+  Aug21   0:00
> /sbin/getty -8 38400 tty6****
>
> root       885  0.0  0.0   4320   680 ?        Ss   Aug21   0:00 acpid -c
> /etc/acpi/events -s /var/run/acpid.socket****
>
> daemon     902  0.0  0.0  16900   376 ?        Ss   Aug21   0:00 atd****
>
> whoopsie   904  0.0  0.1 187568  4232 ?        Ssl  Aug21   0:00 whoopsie*
> ***
>
> root       920  0.0  0.0  15776   972 tty1     Ss+  Aug21   0:00
> /sbin/getty -8 38400 tty1****
>
> root       975  0.0  0.0  73352  3588 ?        Ss   Aug21   0:00 sshd:
> forjim1 [priv]****
>
> forjim1   1113  0.0  0.0  73352  1932 ?        S    Aug21   0:02 sshd:
> forjim1 at ...13997.../0****
>
> forjim1   1114  0.0  0.1  26256  7540 pts/0    Ss   Aug21   0:00 -bash****
>
> root      1212  0.0  0.0  73352  3564 ?        Ss   Aug21   0:00 sshd:
> forjim1 [priv]****
>
> forjim1   1350  0.0  0.0  73828  2424 ?        S    Aug21   0:03 sshd:
> forjim1 at ...15773...****
>
> forjim1   1351  0.0  0.0  13272  1356 ?        Ss   Aug21   0:00
> /usr/lib/openssh/sftp-server****
>
> root      1355  0.0  0.0  37088  1808 pts/0    S    Aug21   0:00 sudo su**
> **
>
> root      1356  0.0  0.0  40796  1388 pts/0    S    Aug21   0:00 su****
>
> root      1357  0.0  0.0  21068  2328 pts/0    S    Aug21   0:00 bash****
>
> root      3013  0.0  0.2 193492 10836 ?        Ss   Aug21   0:02
> /usr/sbin/apache2 -k start****
>
> www-data  3582  0.0  0.1 193516  5892 ?        S    Aug21   0:00
> /usr/sbin/apache2 -k start****
>
> www-data  3583  0.0  0.1 193516  5892 ?        S    Aug21   0:00
> /usr/sbin/apache2 -k start****
>
> www-data  3584  0.0  0.1 193516  5892 ?        S    Aug21   0:00
> /usr/sbin/apache2 -k start****
>
> www-data  3585  0.0  0.1 193516  5892 ?        S    Aug21   0:00
> /usr/sbin/apache2 -k start****
>
> www-data  3586  0.0  0.1 193516  5892 ?        S    Aug21   0:00
> /usr/sbin/apache2 -k start****
>
> root      6329  0.0  0.0  21324   656 ?        S    06:48   0:00
> /sbin/udevd --daemon****
>
> root      6332  0.0  0.0      0     0 ?        S<   06:48   0:00
> [xfs_mru_cache]****
>
> root      6333  0.0  0.0      0     0 ?        S<   06:48   0:00 [xfslogd]
> ****
>
> root      6334  0.0  0.0      0     0 ?        S<   06:48   0:00
> [xfsdatad]****
>
> root      6335  0.0  0.0      0     0 ?        S<   06:48   0:00
> [xfsconvertd]****
>
> root      6338  0.0  0.0      0     0 ?        S    06:48   0:00 [jfsIO]**
> **
>
> root      6339  0.0  0.0      0     0 ?        S    06:48   0:00
> [jfsCommit]****
>
> root      6340  0.0  0.0      0     0 ?        S    06:48   0:00 [jfsSync]
> ****
>
> root      6894  0.0  0.0      0     0 ?        S    12:09   0:00
> [flush-252:0]****
>
> root      6896  0.0  0.0      0     0 ?        S    12:14   0:00
> [kworker/0:0]****
>
> root      6900  0.0  0.0      0     0 ?        S    12:19   0:00
> [kworker/0:1]****
>
> root      6917  0.0  0.0  18152  1280 pts/0    R+   12:23   0:00 ps -auxww
> ****
>
> mysql    13146  0.0  1.0 623732 44480 ?        Ssl  Aug21   0:17
> /usr/sbin/mysqld****
>
> root     29671  0.0  0.0  19104  1032 ?        Ss   Aug21   0:00 cron****
>
> root     30000  0.0  0.0  17224   636 ?        S    Aug21   0:00
> upstart-udev-bridge --daemon****
>
> root     30002  0.0  0.0  21328  1100 ?        Ss   Aug21   0:00
> /sbin/udevd --daemon****
>
> root     32367  0.0  0.1  54144  4848 pts/0    T    Aug21   0:00 vi
> /etc/network/interfaces****
>
> root     32409  0.0  0.0  49948  2872 ?        Ss   Aug21   0:00
> /usr/sbin/sshd –D****
>
>  ****
>
> I get no snortd running… Where can I go to try and resolve this?****
>
>  ****
>
> Thank you,****
>
> *Jimmy L Ford*****
>
> Network Security Engineer – Information Technology Services (ITS)****
>
> South Texas Blood & Tissue Center****
>
> Tel: (210)731-5555 x1496****
>
> E-mail: jimmy.ford at ...15764...****
>
> [image: untitled]****
>
>  ****
>
> ** **
>  ------------------------------
>
> Confidentiality Notice: This e-mail message, including any attachments, is
> for the sole use of the intended recipient(s) and may contain confidential
> and privileged information. Any unauthorized review, use, disclosure or
> distribution is prohibited. If you are not the intended recipient, please
> contact the sender by reply e-mail and original message.****
>
>
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!****
>
> ------------------------------
> Confidentiality Notice: This e-mail message, including any attachments, is
> for the sole use of the intended recipient(s) and may contain confidential
> and privileged information. Any unauthorized review, use, disclosure or
> distribution is prohibited. If you are not the intended recipient, please
> contact the sender by reply e-mail and original message.
>
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20120822/99921510/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.gif
Type: image/gif
Size: 70 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20120822/99921510/attachment.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.jpg
Type: image/jpeg
Size: 5790 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20120822/99921510/attachment.jpg>


More information about the Snort-users mailing list