[Snort-users] help with WARNING: flowbits key

hernani coelho.hernani at ...16858...
Sat Jun 14 12:20:11 EDT 2014


hello Joel,

i install pulledpork but tell me the rules are match and dont fix 
dependencies

were is the output



Checking latest MD5 for snortrules-snapshot-2961.tar.gz....
     They Match
     Done!
Checking latest MD5 for community-rules.tar.gz....
     They Match
     Done!
IP Blacklist download of http://labs.snort.org/feeds/ip-filter.blf....
Reading IP List...
Checking latest MD5 for opensource.gz....
     They Match
     Done!
Writing Blacklist File /usr/local/snort/rules/default.blacklist....
Writing Blacklist Version 895836774 to 
/usr/local/snort/rules/iplistsIPRVersion.dat....
Fly Piggy Fly!


thanks

hernani coelho





Em 13-06-2014 20:59, Joel Esler (jesler) escreveu:
> Are you using pulledpork to manage your ruleset?  I suggest that you 
> do, as pulledpork should fix these dependency problems.
>
> --
> *Joel Esler*
> Open Source Manager
> Threat Intelligence Team Lead
> Vulnerability Research Team
>
>
> On Jun 13, 2014, at 6:23 AM, hernani <coelho.hernani at ...16858... 
> <mailto:coelho.hernani at ...16858...>> wrote:
>
>> hello,
>>
>> how can i remove this warning --->
>>
>>
>> Jun 13 11:17:08 hernani snort[13332]: WARNING: flowbits key 'file.abc'
>> is set but not ever checked.
>> Jun 13 11:17:08 hernani snort[13332]: WARNING: flowbits key
>> 'imap.cram_md5' is set but not ever checked.
>> Jun 13 11:17:08 hernani snort[13332]: WARNING: flowbits key 'file.fon'
>> is set but not ever checked.
>> Jun 13 11:17:08 hernani snort[13332]: WARNING: flowbits key 'file.xwd'
>> is set but not ever checked.
>> Jun 13 11:17:08 hernani snort[13332]: WARNING: flowbits key 'file.mp3'
>> is checked but not ever set.
>> Jun 13 11:17:08 hernani snort[13332]: WARNING: flowbits key 'file.wav'
>> is checked but not ever set.
>> Jun 13 11:17:08 hernani snort[13332]: WARNING: flowbits key 'file.maki'
>> is checked but not ever set.
>> Jun 13 11:17:08 hernani snort[13332]: WARNING: flowbits key
>> 'cocsoft.stream' is set but not ever checked.
>> Jun 13 11:17:08 hernani snort[13332]: WARNING: flowbits key
>> 'file.pecompact' is checked but not ever set.
>> Jun 13 11:17:08 hernani snort[13332]: WARNING: flowbits key 'file.fpx'
>> is set but not ever checked.
>> Jun 13 11:17:08 hernani snort[13332]: WARNING: flowbits key 'file.wma'
>> is checked but not ever set.
>> Jun 13 11:17:08 hernani snort[13332]: WARNING: flowbits key 'file.png'
>> is checked but not ever set.
>> Jun 13 11:17:08 hernani snort[13332]: WARNING: flowbits key 'file.asf'
>> is checked but not ever set.
>> Jun 13 11:17:08 hernani snort[13332]: WARNING: flowbits key 'hornet.4'
>> is set but not ever checked.
>> Jun 13 11:17:08 hernani snort[13332]: WARNING: flowbits key 'hplogin' is
>> set but not ever checked.
>> Jun 13 11:17:08 hernani snort[13332]: WARNING: flowbits key 'file.nab'
>> is set but not ever checked.
>> Jun 13 11:17:08 hernani snort[13332]: WARNING: flowbits key 'file.xps'
>> is set but not ever checked.
>> Jun 13 11:17:08 hernani snort[13332]: WARNING: flowbits key
>> 'file.wmp_playlist' is checked but not ever set.
>>
>>
>> thanks
>>
>> hernani coelho
>>
>> ------------------------------------------------------------------------------
>> HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions
>> Find What Matters Most in Your Big Data with HPCC Systems
>> Open Source. Fast. Scalable. Simple. Ideal for Dirty Data.
>> Leverages Graph Analysis for Fast Processing & Easy Data Exploration
>> http://p.sf.net/sfu/hpccsystems
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>>
>> Please visit http://blog.snort.org to stay current on all the latest 
>> Snort news!
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140614/871843e7/attachment.html>


More information about the Snort-users mailing list