[Snort-users] MySQL support for Snort 2.9.4

Kaya Saman kayasaman at ...11827...
Wed Dec 12 13:49:01 EST 2012


On 12/12/2012 04:36 PM, waldo kitty wrote:
> On 12/12/2012 09:49, Russ Combs wrote:
>> On Wed, Dec 12, 2012 at 9:32 AM, waldo kitty <wkitty42 at ...14940...> wrote:
>>      On 12/11/2012 17:08, Kaya Saman wrote:
>>       > Starting Snort does give me a few warnings:
>>       >
>>       > Running in IDS mode
>>       >
>>       > --== Initializing Snort ==--
>>       > Initializing Output Plugins!
>>      [...]
>>       > pcap DAQ configured to passive.
>>       > Acquiring network traffic from "trunk0".
>>       > Reload thread starting...
>>       > Reload thread started, thread 0x205d9a600 (18685)
>>
>>      pretty much ok to here...
>>
>>       > Decoding Ethernet
>>
>>      this bothers me... why? because it seems to indicate that only ethernet is being
>>      sniffed and not tcp/ip...
>>
>> FYI - this is just an indication of the outermost layer decoder (the datalink
>> type obtained from the DAQ).  Snort can handle others, but Ethernet will be the
>> most common.
> ahhh... ok... i'm so used to seeing "Decoding 'ANY' on interface foo"... there
> are literally thousands of those still running out there ;)

Thanks for all the useful comments in the meantime even though by the 
time they came in I had got everything sorted :-)

I really appreciate that!


Regards,


Kaya


>
>
> ------------------------------------------------------------------------------
> LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial
> Remotely access PCs and mobile devices and provide instant support
> Improve your efficiency, and focus on delivering more value-add services
> Discover what IT Professionals Know. Rescue delivers
> http://p.sf.net/sfu/logmein_12329d2d
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest Snort news!





More information about the Snort-users mailing list