[Snort-users] php, base issue

Doug Burks doug.burks at ...11827...
Fri May 18 14:05:26 EDT 2012


Hi Greg,

We'd be glad to help you troubleshoot any performance issues you're having
with Security Onion over on our mailing list:
http://groups.google.com/group/security-onion

Thanks,
Doug

On Fri, May 18, 2012 at 1:56 PM, Greg Williams <alphawebfx at ...11827...> wrote:

> I tried it and was a little disappointed in how slow it was running for
> me.  I only gave it about 15 minutes, but I was definitely losing more
> packets than my custom install.  Maybe it's better now. ~400-500 MBps
> sustained.
>
>
> On Fri, May 18, 2012 at 11:53 AM, Rick Chisholm <chavez243 at ...11827...>wrote:
>
>> FWIW - you can always take a look at Security Onion - it has a bunch of
>> Snort front-ends you can play with.
>>
>> First we had ACID and it went ker-splat, then BASE, which is dying on the
>> vine. Not sure what the next move is, all I know is that I need a
>> functional front-end and for right now that's Snorby.
>>
>>
>> On Fri, May 18, 2012 at 1:46 PM, Greg Williams <alphawebfx at ...11827...>wrote:
>>
>>> Well said! I 100% agree. Even though I have alerts forwarding via syslog
>>> to other destinations like Splunk, there is just something about BASE that
>>> trumps everything else.  I've tried many other apps as well including
>>> Snorby and Sguil.
>>>
>>>
>>>
>>> On May 18, 2012, at 11:36 AM, Ron Sinclair <unixfool at ...11827...> wrote:
>>>
>>> I hear such statements all the time.  Would be nice if someone took BASE
>>> and revamped (but not whole-hog) it.
>>>
>>> I've been using BASE for almost 10 years, even after using both Sguil
>>> and Snorby.  There's something about BASE that Snorby just can't
>>> match...just my opinion.  I do check Snorby from time to time to assess any
>>> new features.  Last I checked, it still had a long way to go, so I kept
>>> using BASE.  Sguil...I don't know, since I never force myself to spend
>>> enough time to better utilize it.  I usually just get frustrated and wipe
>>> it out.
>>>
>>> BASE seems less maintenance intensive than either Sguil and Snorby.  I
>>> don't want to have to learn Ruby/Rails to use Snorby.  I didn't really have
>>> to understand all that much about PHP to begin using BASE, and I already
>>> had a good knowledge of MySQL, Snort, and Apache (and a multitude of other
>>> things).  I'll be using BASE for another 10 years, or until something else
>>> (that isn't Sguil or Snorby) is released. If that doesn't happen, I'll go
>>> straight to the raw logs and begin using correlation scripts and tools.
>>>
>>> On Fri, May 18, 2012 at 1:06 PM, Rick Chisholm <chavez243 at ...11827...>wrote:
>>>
>>>> Hi Dennis:
>>>>
>>>> BASE is getting pretty long in the tooth, does not appear to be
>>>> actively developed and as PHP advances, is slowly breaking. It is advisable
>>>> to switch to something like Snorby, Sguil etc.
>>>>
>>>>  On Fri, May 18, 2012 at 12:37 PM, Dennis Circolone <
>>>> djcircolone at ...11827...> wrote:
>>>>
>>>>>  Hello,
>>>>> I have configured snort-2.9.2.2 on an opensuse 12.1 box, everything is
>>>>> working great except for the portscan traffic stays at 0% after an NMAP
>>>>> test and when I select source ports link or dest ports link I recieve an
>>>>> error.Does anyone know how I can resolve this issue?
>>>>>
>>>>>
>>>>>  Basic Analysis and Security Engine (BASE)
>>>>>
>>>>>     - Today's alerts: unique<http://10.2.7.170/base/base_stat_alerts.php?time_cnt=1&time%5B0%5D%5B0%5D=+&time%5B0%5D%5B1%5D=%3E%3D&time%5B0%5D%5B2%5D=05&time%5B0%5D%5B3%5D=18&time%5B0%5D%5B4%5D=2012&time%5B0%5D%5B5%5D=&time%5B0%5D%5B6%5D=&time%5B0%5D%5B7%5D=&time%5B0%5D%5B8%5D=+&time%5B0%5D%5B9%5D=+>
>>>>> listing<http://10.2.7.170/base/base_qry_main.php?new=1&time%5B0%5D%5B0%5D=+&time%5B0%5D%5B1%5D=%3E%3D&time%5B0%5D%5B2%5D=05&time%5B0%5D%5B3%5D=18&time%5B0%5D%5B4%5D=2012&time%5B0%5D%5B5%5D=&time%5B0%5D%5B6%5D=&time%5B0%5D%5B7%5D=&time%5B0%5D%5B8%5D=+&time%5B0%5D%5B9%5D=+&submit=Query+DB&num_result_rows=-1&time_cnt=1> Source
>>>>> IP<http://10.2.7.170/base/base_stat_uaddr.php?addr_type=1&sort_order=occur_d&time_cnt=1&time%5B0%5D%5B0%5D=+&time%5B0%5D%5B1%5D=%3E%3D&time%5B0%5D%5B2%5D=05&time%5B0%5D%5B3%5D=18&time%5B0%5D%5B4%5D=2012&time%5B0%5D%5B5%5D=&time%5B0%5D%5B6%5D=&time%5B0%5D%5B7%5D=&time%5B0%5D%5B8%5D=+&time%5B0%5D%5B9%5D=+> Destination
>>>>> IP<http://10.2.7.170/base/base_stat_uaddr.php?addr_type=2&sort_order=occur_d&time_cnt=1&time%5B0%5D%5B0%5D=+&time%5B0%5D%5B1%5D=%3E%3D&time%5B0%5D%5B2%5D=05&time%5B0%5D%5B3%5D=18&time%5B0%5D%5B4%5D=2012&time%5B0%5D%5B5%5D=&time%5B0%5D%5B6%5D=&time%5B0%5D%5B7%5D=&time%5B0%5D%5B8%5D=+&time%5B0%5D%5B9%5D=+>  -
>>>>> Last 24 Hours alerts: unique<http://10.2.7.170/base/base_stat_alerts.php?time_cnt=1&time%5B0%5D%5B0%5D=+&time%5B0%5D%5B1%5D=%3E%3D&time%5B0%5D%5B2%5D=05&time%5B0%5D%5B3%5D=17&time%5B0%5D%5B4%5D=2012&time%5B0%5D%5B5%5D=16&time%5B0%5D%5B6%5D=&time%5B0%5D%5B7%5D=&time%5B0%5D%5B8%5D=+&time%5B0%5D%5B9%5D=+>
>>>>> listing<http://10.2.7.170/base/base_qry_main.php?new=1&time%5B0%5D%5B0%5D=+&time%5B0%5D%5B1%5D=%3E%3D&time%5B0%5D%5B2%5D=05&time%5B0%5D%5B3%5D=17&time%5B0%5D%5B4%5D=2012&time%5B0%5D%5B5%5D=16&time%5B0%5D%5B6%5D=&time%5B0%5D%5B7%5D=&time%5B0%5D%5B8%5D=+&time%5B0%5D%5B9%5D=+&submit=Query+DB&num_result_rows=-1&time_cnt=1> Source
>>>>> IP<http://10.2.7.170/base/base_stat_uaddr.php?addr_type=1&sort_order=occur_d&time_cnt=1&time%5B0%5D%5B0%5D=+&time%5B0%5D%5B1%5D=%3E%3D&time%5B0%5D%5B2%5D=05&time%5B0%5D%5B3%5D=17&time%5B0%5D%5B4%5D=2012&time%5B0%5D%5B5%5D=16&time%5B0%5D%5B6%5D=&time%5B0%5D%5B7%5D=&time%5B0%5D%5B8%5D=+&time%5B0%5D%5B9%5D=+> Destination
>>>>> IP<http://10.2.7.170/base/base_stat_uaddr.php?addr_type=2&sort_order=occur_d&time_cnt=1&time%5B0%5D%5B0%5D=+&time%5B0%5D%5B1%5D=%3E%3D&time%5B0%5D%5B2%5D=05&time%5B0%5D%5B3%5D=17&time%5B0%5D%5B4%5D=2012&time%5B0%5D%5B5%5D=16&time%5B0%5D%5B6%5D=&time%5B0%5D%5B7%5D=&time%5B0%5D%5B8%5D=+&time%5B0%5D%5B9%5D=+>  -
>>>>> Last 72 Hours alerts: unique<http://10.2.7.170/base/base_stat_alerts.php?time_cnt=1&time%5B0%5D%5B0%5D=+&time%5B0%5D%5B1%5D=%3E%3D&time%5B0%5D%5B2%5D=05&time%5B0%5D%5B3%5D=15&time%5B0%5D%5B4%5D=2012&time%5B0%5D%5B5%5D=16&time%5B0%5D%5B6%5D=&time%5B0%5D%5B7%5D=&time%5B0%5D%5B8%5D=+&time%5B0%5D%5B9%5D=+>
>>>>> listing<http://10.2.7.170/base/base_qry_main.php?new=1&time%5B0%5D%5B0%5D=+&time%5B0%5D%5B1%5D=%3E%3D&time%5B0%5D%5B2%5D=05&time%5B0%5D%5B3%5D=15&time%5B0%5D%5B4%5D=2012&time%5B0%5D%5B5%5D=16&time%5B0%5D%5B6%5D=&time%5B0%5D%5B7%5D=&time%5B0%5D%5B8%5D=+&time%5B0%5D%5B9%5D=+&submit=Query+DB&num_result_rows=-1&time_cnt=1> Source
>>>>> IP<http://10.2.7.170/base/base_stat_uaddr.php?addr_type=1&sort_order=occur_d&time_cnt=1&time%5B0%5D%5B0%5D=+&time%5B0%5D%5B1%5D=%3E%3D&time%5B0%5D%5B2%5D=05&time%5B0%5D%5B3%5D=15&time%5B0%5D%5B4%5D=2012&time%5B0%5D%5B5%5D=16&time%5B0%5D%5B6%5D=&time%5B0%5D%5B7%5D=&time%5B0%5D%5B8%5D=+&time%5B0%5D%5B9%5D=+> Destination
>>>>> IP<http://10.2.7.170/base/base_stat_uaddr.php?addr_type=2&sort_order=occur_d&time_cnt=1&time%5B0%5D%5B0%5D=+&time%5B0%5D%5B1%5D=%3E%3D&time%5B0%5D%5B2%5D=05&time%5B0%5D%5B3%5D=15&time%5B0%5D%5B4%5D=2012&time%5B0%5D%5B5%5D=16&time%5B0%5D%5B6%5D=&time%5B0%5D%5B7%5D=&time%5B0%5D%5B8%5D=+&time%5B0%5D%5B9%5D=+>  -
>>>>> Most recent 15 Alerts: any protocol<http://10.2.7.170/base/base_qry_main.php?new=1&caller=last_any&num_result_rows=-1&submit=Last%20Any>
>>>>> TCP<http://10.2.7.170/base/base_qry_main.php?new=1&layer4=TCP&caller=last_tcp&num_result_rows=-1&submit=Last%20TCP>
>>>>> UDP<http://10.2.7.170/base/base_qry_main.php?new=1&layer4=UDP&caller=last_udp&num_result_rows=-1&submit=Last%20UDP>
>>>>> ICMP<http://10.2.7.170/base/base_qry_main.php?new=1&layer4=ICMP&caller=last_icmp&num_result_rows=-1&submit=Last%20ICMP> -
>>>>> Last Source Ports: any protocol<http://10.2.7.170/base/base_stat_ports.php?caller=last_ports&port_type=1&proto=-1&sort_order=last_d>
>>>>> TCP<http://10.2.7.170/base/base_stat_ports.php?caller=last_ports&port_type=1&proto=6&sort_order=last_d>
>>>>> UDP<http://10.2.7.170/base/base_stat_ports.php?caller=last_ports&port_type=1&proto=17&sort_order=last_d> -
>>>>> Last Destination Ports: any protocol<http://10.2.7.170/base/base_stat_ports.php?caller=last_ports&port_type=2&proto=-1&sort_order=last_d>
>>>>> TCP<http://10.2.7.170/base/base_stat_ports.php?caller=last_ports&port_type=2&proto=6&sort_order=last_d>
>>>>> UDP<http://10.2.7.170/base/base_stat_ports.php?caller=last_ports&port_type=2&proto=17&sort_order=last_d> -
>>>>> Most Frequent Source Ports: any protocol<http://10.2.7.170/base/base_stat_ports.php?caller=most_frequent&port_type=1&proto=-1&sort_order=occur_d>
>>>>> TCP<http://10.2.7.170/base/base_stat_ports.php?caller=most_frequent&port_type=1&proto=6&sort_order=occur_d>
>>>>> UDP<http://10.2.7.170/base/base_stat_ports.php?caller=most_frequent&port_type=1&proto=17&sort_order=occur_d> -
>>>>> Most Frequent Destination Ports: any protocol<http://10.2.7.170/base/base_stat_ports.php?caller=most_frequent&port_type=2&proto=-1&sort_order=occur_d>
>>>>> TCP<http://10.2.7.170/base/base_stat_ports.php?caller=most_frequent&port_type=2&proto=6&sort_order=occur_d>
>>>>> UDP<http://10.2.7.170/base/base_stat_ports.php?caller=most_frequent&port_type=2&proto=17&sort_order=occur_d> -
>>>>> Most frequent 15 Addresses: Source<http://10.2.7.170/base/base_stat_uaddr.php?caller=most_frequent&addr_type=1&sort_order=occur_d>
>>>>> Destination<http://10.2.7.170/base/base_stat_uaddr.php?caller=most_frequent&addr_type=2&sort_order=occur_d> -
>>>>> Most recent 15 Unique Alerts<http://10.2.7.170/base/base_stat_alerts.php?caller=last_alerts&sort_order=last_d> -
>>>>> Most frequent 5 Unique Alerts<http://10.2.7.170/base/base_stat_alerts.php?caller=most_frequent&sort_order=occur_d>
>>>>>  *Queried on *: Fri May 18, 2012 16:34:43
>>>>> *Database:* snort at ...274...    (*Schema Version:* 107)
>>>>> *Time Window:* [2012-05-18 11:05:19] - [2012-05-18 11:06:55]
>>>>>  *Search <http://10.2.7.170/base/base_qry_main.php?new=1>*
>>>>> *Graph Alert Data <http://10.2.7.170/base/base_graph_main.php>*
>>>>> Graph Alert Detection Time <http://10.2.7.170/base/base_stat_time.php>
>>>>>
>>>>> ------------------------------
>>>>>   *Sensors/Total:* 1 <http://10.2.7.170/base/base_stat_sensor.php> /
>>>>> 2
>>>>> *Unique Alerts:* 1 <http://10.2.7.170/base/base_stat_alerts.php>
>>>>> *Categories: *1<http://10.2.7.170/base/base_stat_class.php?sort_order=class_a>
>>>>> *Total Number of Alerts:* 48<http://10.2.7.170/base/base_qry_main.php?&num_result_rows=-1&submit=Query+DB&current_view=-1>
>>>>>
>>>>>    - Src IP addrs: 13<http://10.2.7.170/base/base_stat_uaddr.php?addr_type=1>
>>>>>    - Dest. IP addrs: 1<http://10.2.7.170/base/base_stat_uaddr.php?addr_type=2>
>>>>>    - Unique IP links 13 <http://10.2.7.170/base/base_stat_iplink.php>
>>>>>    -
>>>>>
>>>>>    Source Ports: 2<http://10.2.7.170/base/base_stat_ports.php?port_type=1&proto=-1>
>>>>>    -
>>>>>       - TCP ( 0<http://10.2.7.170/base/base_stat_ports.php?port_type=1&proto=6>)  UDP
>>>>>       ( 2<http://10.2.7.170/base/base_stat_ports.php?port_type=1&proto=17>
>>>>>       )
>>>>>    - Dest Ports: 2<http://10.2.7.170/base/base_stat_ports.php?port_type=2&proto=-1>
>>>>>    -
>>>>>       - TCP ( 0<http://10.2.7.170/base/base_stat_ports.php?port_type=2&proto=6>)  UDP
>>>>>       ( 2<http://10.2.7.170/base/base_stat_ports.php?port_type=2&proto=17>
>>>>>       )
>>>>>
>>>>> *Traffic Profile by Protocol*  TCP (0%)<http://10.2.7.170/base/base_qry_main.php?new=1&layer4=TCP&num_result_rows=-1&sort_order=time_d&submit=Query+DB>
>>>>>    UDP (100%)<http://10.2.7.170/base/base_qry_main.php?new=1&layer4=UDP&num_result_rows=-1&sort_order=time_d&submit=Query+DB>
>>>>>      ICMP (0%)<http://10.2.7.170/base/base_qry_main.php?new=1&layer4=ICMP&num_result_rows=-1&sort_order=time_d&submit=Query+DB>
>>>>>
>>>>> ------------------------------
>>>>>   Portscan Traffic (0%)<http://10.2.7.170/base/base_qry_main.php?new=1&layer4=RawIP&num_result_rows=-1&sort_order=time_d&submit=Query+DB>
>>>>>
>>>>>
>>>>>   Basic Analysis and Security Engine (BASE)
>>>>>   Home <http://10.2.7.170/base/base_main.php>  |   Search<http://10.2.7.170/base/base_qry_main.php?new=1>
>>>>>
>>>>>   [ Back <http://10.2.7.170/base/base_main.php?back=1&> ]
>>>>>
>>>>> /srv/www/htdocs/base/includes/base_cache.inc.php:556: ERROR:
>>>>> $number_sensors_array is NOT an array!
>>>>>
>>>>>
>>>>> /srv/www/htdocs/base/includes/base_cache.inc.php:564: ERROR:
>>>>> $number_sensors_array is either NULL or empty!
>>>>>
>>>>>  *Queried on* : Fri May 18, 2012 16:36:23      Meta Criteria *   any *
>>>>>    IP Criteria *   any *   Layer 4 Criteria *   none * Payload
>>>>> Criteria *   any *
>>>>>
>>>>> *No Alerts were found.*
>>>>>
>>>>>          <<http://10.2.7.170/base/base_stat_ports.php?caller=&sort_order=&port_type=1&proto=1&sort_order=port_a>
>>>>>  Port ><http://10.2.7.170/base/base_stat_ports.php?caller=&sort_order=&port_type=1&proto=1&sort_order=port_d>
>>>>>    <<http://10.2.7.170/base/base_stat_ports.php?caller=&sort_order=&port_type=1&proto=1&sort_order=sensor_a>
>>>>>  Sensor ><http://10.2.7.170/base/base_stat_ports.php?caller=&sort_order=&port_type=1&proto=1&sort_order=sensor_d>
>>>>>    <<http://10.2.7.170/base/base_stat_ports.php?caller=&sort_order=&port_type=1&proto=1&sort_order=occur_a>
>>>>>  Occurrences ><http://10.2.7.170/base/base_stat_ports.php?caller=&sort_order=&port_type=1&proto=1&sort_order=occur_d>
>>>>>    <<http://10.2.7.170/base/base_stat_ports.php?caller=&sort_order=&port_type=1&proto=1&sort_order=alerts_a>
>>>>> Unique Alerts ><http://10.2.7.170/base/base_stat_ports.php?caller=&sort_order=&port_type=1&proto=1&sort_order=alerts_d>
>>>>>    <<http://10.2.7.170/base/base_stat_ports.php?caller=&sort_order=&port_type=1&proto=1&sort_order=sip_a>
>>>>>  Src. Addr. ><http://10.2.7.170/base/base_stat_ports.php?caller=&sort_order=&port_type=1&proto=1&sort_order=sip_d>
>>>>>    <<http://10.2.7.170/base/base_stat_ports.php?caller=&sort_order=&port_type=1&proto=1&sort_order=dip_a>
>>>>>  Dest. Addr. ><http://10.2.7.170/base/base_stat_ports.php?caller=&sort_order=&port_type=1&proto=1&sort_order=dip_d>
>>>>>    <<http://10.2.7.170/base/base_stat_ports.php?caller=&sort_order=&port_type=1&proto=1&sort_order=first_a>
>>>>>  First ><http://10.2.7.170/base/base_stat_ports.php?caller=&sort_order=&port_type=1&proto=1&sort_order=first_d>
>>>>>    <<http://10.2.7.170/base/base_stat_ports.php?caller=&sort_order=&port_type=1&proto=1&sort_order=last_a>
>>>>>  Last ><http://10.2.7.170/base/base_stat_ports.php?caller=&sort_order=&port_type=1&proto=1&sort_order=last_d>
>>>>>      ACTION
>>>>> { action }ADD to AG (by ID)ADD to AG (by Name)Create AG (by Name)Delete
>>>>> alert(s)Email alert(s) (full)Email alert(s) (summary)Email alert(s)
>>>>> (csv)Archive alert(s) (copy)Archive alert(s) (move)
>>>>>
>>>>>
>>>>>
>>>>> ------------------------------------------------------------------------------
>>>>> Live Security Virtual Conference
>>>>> Exclusive live event will cover all the ways today's security and
>>>>> threat landscape has changed and how IT managers can respond.
>>>>> Discussions
>>>>> will include endpoint security, mobile security and the latest in
>>>>> malware
>>>>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>>>>> _______________________________________________
>>>>> Snort-users mailing list
>>>>> Snort-users at lists.sourceforge.net
>>>>> Go to this URL to change user options or unsubscribe:
>>>>> https://lists.sourceforge.net/lists/listinfo/snort-users
>>>>> Snort-users list archive:
>>>>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>>>>
>>>>> Please visit http://blog.snort.org to stay current on all the latest
>>>>> Snort news!
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> Rick Chisholm
>>>> http://parallel42.ca
>>>> http://appliedusers.ca
>>>> =========================
>>>> "There is no faith which has never yet been broken, except that of a
>>>> truly faithful dog." - Konrad Lorenz
>>>>
>>>>
>>>> ------------------------------------------------------------------------------
>>>> Live Security Virtual Conference
>>>> Exclusive live event will cover all the ways today's security and
>>>> threat landscape has changed and how IT managers can respond.
>>>> Discussions
>>>> will include endpoint security, mobile security and the latest in
>>>> malware
>>>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>>>> _______________________________________________
>>>> Snort-users mailing list
>>>> Snort-users at lists.sourceforge.net
>>>> Go to this URL to change user options or unsubscribe:
>>>> https://lists.sourceforge.net/lists/listinfo/snort-users
>>>> Snort-users list archive:
>>>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>>>
>>>> Please visit http://blog.snort.org to stay current on all the latest
>>>> Snort news!
>>>>
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> Live Security Virtual Conference
>>> Exclusive live event will cover all the ways today's security and
>>> threat landscape has changed and how IT managers can respond.
>>> Discussions
>>> will include endpoint security, mobile security and the latest in
>>> malware
>>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>>>
>>> _______________________________________________
>>> Snort-users mailing list
>>> Snort-users at lists.sourceforge.net
>>> Go to this URL to change user options or unsubscribe:
>>> https://lists.sourceforge.net/lists/listinfo/snort-users
>>> Snort-users list archive:
>>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>>
>>> Please visit http://blog.snort.org to stay current on all the latest
>>> Snort news!
>>>
>>>
>>
>>
>> --
>> Rick Chisholm
>> http://parallel42.ca
>> http://appliedusers.ca
>> =========================
>> "There is no faith which has never yet been broken, except that of a
>> truly faithful dog." - Konrad Lorenz
>>
>
>
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
>



-- 
Doug Burks | http://securityonion.blogspot.com
Don't miss SANS SEC503 Intrusion Detection In-Depth in
Augusta GA 6/11 - 6/16 | 10% discount for ISSA Members!
http://augusta.issa.org/drupal/SANS-Augusta-2012
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20120518/1c45695d/attachment.html>


More information about the Snort-users mailing list