[Snort-users] Couple of questions.

Jeremy Hoel jthoel at ...11827...
Tue Jun 10 01:18:38 EDT 2014


You need to post to the snort lists please, not directly to me as there are
others that might help you and faster.

This could be an issue with snort version vs rule version downloaded?  I've
never seen that error.  It would probably also help to have more of the
error from the logs.


On Mon, Jun 9, 2014 at 7:18 PM, Allan <yummycheese at ...6696...> wrote:

>  Actually...
>
> I just updated snort via pulledpork and got this error.
>
> FATAL ERROR: Failed to load /usr/local/lib/snort_dynamicrules/misc.so:
> /usr/local/lib/snort_dynamicrules/misc.so: unsupported file layout
>
> A quick search of google doesn't show me anything with a file layout error.
>
> ----- Original Message -----
> *From:* Jeremy Hoel <jthoel at ...11827...>
> *To:* Allan <yummycheese at ...6696...>
> *Sent:* Monday, June 09, 2014 7:08 PM
> *Subject:* Re: [Snort-users] Couple of questions.
>
> No problem.. if you have any other questions.. just ask the list. And
> enjoy all the new visibility.
>
>
> On Mon, Jun 9, 2014 at 7:01 PM, Allan <yummycheese at ...6696...> wrote:
>
>>  Hi Jeremy,
>>
>> Yea I kind of figured that. I just wasn't 100% sure.
>>
>> I have added a bunch of rules to my threshold file and will continue to
>> do so till the alerts aren't so crazy.
>>
>> Thank you.
>>
>> ----- Original Message -----
>> *From:* Jeremy Hoel <jthoel at ...11827...>
>> *To:* Allan <yummycheese at ...6696...>
>> *Cc:* snort-users at lists.sourceforge.net
>> *Sent:* Monday, June 09, 2014 6:26 PM
>> *Subject:* Re: [Snort-users] Couple of questions.
>>
>> A nessus scan may or may not trigger alerts depending on the plugins you
>> used to scan, the services you have listening and any firewalls or iptables
>> rules that might be in place.  Which interface you have snort listening on
>> is a matter of preference and what you are hoping to see/alert on.  If it's
>> your gateway doing NAT and you monitor the wan interface, you won't get the
>> client IP's that might be sending out bad things, or the client ip's that
>> bad things talk too.  If you watch just the inside and it's secure then it
>> might be boring.
>>
>> In either case, you will have to do rule filtering, adjusting and white
>> listing/thresholds of things you don't want to see, alerts you don't care
>> about or machines that are false positives.  Snort is not just a turn it on
>> and go thing.  The fact that you see alerts means it's working, now it's up
>> to you to figure out what type of alerts you want to see and from where.
>>
>>
>>
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140610/00e79415/attachment.html>


More information about the Snort-users mailing list