[Snort-users] Unknown POP3 Command

Josh Bitto jbitto at ...16055...
Wed Jun 5 13:54:58 EDT 2013


James,

This is what I have for output plugins.

###################################################
# Step #6: Configure output plugins
# For more information, see Snort Manual, Configuring Snort - Output Modules
###################################################

# unified2 
# Recommended for most installs
# output unified2: filename merged.log, limit 128, nostamp, mpls_event_types, vlan_event_types


They are commented out, but I would have to do some research on manually editing the conf. Since snort is integrated into pfsense configuring and editing the config file is done differently than if you had a dedicated linux box.

Josh



-----Original Message-----
From: James Lay [mailto:jlay at ...13475...] 
Sent: Wednesday, June 05, 2013 10:46 AM
To: snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] Unknown POP3 Command

On 2013-06-05 09:28, Josh Bitto wrote:
> The only problem with doing a pcap is we use pfsense (open source
> firewall) and it has snort built into it. There is a way to do a pcap 
> for the offending IP's, but doing it continuously isn't going to 
> happen. I'm already having memory issues with the amount of sensors we 
> have and each one using high amount of memory.
>

Josh,

What do your output plugins show in your snort.conf?

James

------------------------------------------------------------------------------
How ServiceNow helps IT people transform IT departments:
1. A cloud service to automate IT design, transition and operations 2. Dashboards that offer high-level views of enterprise services 3. A single system of record for all IT processes http://p.sf.net/sfu/servicenow-d2d-j
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!




More information about the Snort-users mailing list