[Snort-users] help with WARNING: flowbits key

hernani coelho.hernani at ...16858...
Sun Jun 15 11:12:08 EDT 2014


*hello,**
**
**i dont have restart pc after install pulledpork,**
**
**now give me this -->*

     http://code.google.com/p/pulledpork/
       _____ ____
      `----,\    )
       `--==\\  /    PulledPork v0.7.0 - Swine Flu!
        `--==\\/
      .-~~~~-.Y|\\_  Copyright (C) 2009-2013 JJ Cummings
   @_/        /  66\_  cummingsj at ...11827...
     |    \   \   _(")
      \   /-| ||'--'  Rules give me wings!
       \_\  \_\\
  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Checking latest MD5 for snortrules-snapshot-2961.tar.gz....
Rules tarball download of snortrules-snapshot-2961.tar.gz....
     They Match
     Done!
Checking latest MD5 for community-rules.tar.gz....
Rules tarball download of community-rules.tar.gz....
     They Match
     Done!
IP Blacklist download of http://labs.snort.org/feeds/ip-filter.blf....
Reading IP List...
Checking latest MD5 for opensource.gz....
Rules tarball download of opensource.gz....
     They Match
     Done!
Checking latest MD5 for emerging.rules.tar.gz....
Rules tarball download of emerging.rules.tar.gz....
     They Match
     Done!
Prepping rules from opensource.gz for work....
     Done!
Prepping rules from emerging.rules.tar.gz for work....
     Done!
Prepping rules from snortrules-snapshot-2961.tar.gz for work....
     Done!
Prepping rules from community-rules.tar.gz for work....
     Done!
Reading rules...
Generating Stub Rules....
     An error occurred: WARNING: ip4 normalizations disabled because not 
inline.

     An error occurred: WARNING: tcp normalizations disabled because not 
inline.

     An error occurred: WARNING: icmp4 normalizations disabled because 
not inline.

     An error occurred: WARNING: ip6 normalizations disabled because not 
inline.

     An error occurred: WARNING: icmp6 normalizations disabled because 
not inline.

     Done
Reading rules...
Reading rules...
Writing Blacklist File /usr/local/snort/rules/default.blacklist....
Writing Blacklist Version 942760505 to 
/usr/local/snort/rules/iplistsIPRVersion.dat....
Setting Flowbit State....
     Enabled 114 flowbits
     Done
Writing /usr/local/snort/rules/teste.rules....
     Done
Generating sid-msg.map....
     Done
Writing v1 /usr/local/snort/etc/sid-msg.map....
     Done
Writing /var/log/sid_changes.log....
     Done
Rule Stats...
     New:-------46
     Deleted:---16
     Enabled Rules:----21167
     Dropped Rules:----0
     Disabled Rules:---19609
     Total Rules:------40776
IP Blacklist Stats...
     Total IPs:-----839

Done
Please review /var/log/sid_changes.log for additional details
Fly Piggy Fly!

*i dont know if this is right but dont fix dependencies flowbits*

someone can help me?

thanks

hernani coelho

Em 14-06-2014 17:20, hernani escreveu:
> hello Joel,
>
> i install pulledpork but tell me the rules are match and dont fix 
> dependencies
>
> were is the output
>
>
>
> Checking latest MD5 for snortrules-snapshot-2961.tar.gz....
>     They Match
>     Done!
> Checking latest MD5 for community-rules.tar.gz....
>     They Match
>     Done!
> IP Blacklist download of http://labs.snort.org/feeds/ip-filter.blf....
> Reading IP List...
> Checking latest MD5 for opensource.gz....
>     They Match
>     Done!
> Writing Blacklist File /usr/local/snort/rules/default.blacklist....
> Writing Blacklist Version 895836774 to 
> /usr/local/snort/rules/iplistsIPRVersion.dat....
> Fly Piggy Fly!
>
>
> thanks
>
> hernani coelho
>
>
>
>
>
> Em 13-06-2014 20:59, Joel Esler (jesler) escreveu:
>> Are you using pulledpork to manage your ruleset?  I suggest that you 
>> do, as pulledpork should fix these dependency problems.
>>
>> --
>> *Joel Esler*
>> Open Source Manager
>> Threat Intelligence Team Lead
>> Vulnerability Research Team
>>
>>
>> On Jun 13, 2014, at 6:23 AM, hernani <coelho.hernani at ...16858... 
>> <mailto:coelho.hernani at ...16858...>> wrote:
>>
>>> hello,
>>>
>>> how can i remove this warning --->
>>>
>>>
>>> Jun 13 11:17:08 hernani snort[13332]: WARNING: flowbits key 'file.abc'
>>> is set but not ever checked.
>>> Jun 13 11:17:08 hernani snort[13332]: WARNING: flowbits key
>>> 'imap.cram_md5' is set but not ever checked.
>>> Jun 13 11:17:08 hernani snort[13332]: WARNING: flowbits key 'file.fon'
>>> is set but not ever checked.
>>> Jun 13 11:17:08 hernani snort[13332]: WARNING: flowbits key 'file.xwd'
>>> is set but not ever checked.
>>> Jun 13 11:17:08 hernani snort[13332]: WARNING: flowbits key 'file.mp3'
>>> is checked but not ever set.
>>> Jun 13 11:17:08 hernani snort[13332]: WARNING: flowbits key 'file.wav'
>>> is checked but not ever set.
>>> Jun 13 11:17:08 hernani snort[13332]: WARNING: flowbits key 'file.maki'
>>> is checked but not ever set.
>>> Jun 13 11:17:08 hernani snort[13332]: WARNING: flowbits key
>>> 'cocsoft.stream' is set but not ever checked.
>>> Jun 13 11:17:08 hernani snort[13332]: WARNING: flowbits key
>>> 'file.pecompact' is checked but not ever set.
>>> Jun 13 11:17:08 hernani snort[13332]: WARNING: flowbits key 'file.fpx'
>>> is set but not ever checked.
>>> Jun 13 11:17:08 hernani snort[13332]: WARNING: flowbits key 'file.wma'
>>> is checked but not ever set.
>>> Jun 13 11:17:08 hernani snort[13332]: WARNING: flowbits key 'file.png'
>>> is checked but not ever set.
>>> Jun 13 11:17:08 hernani snort[13332]: WARNING: flowbits key 'file.asf'
>>> is checked but not ever set.
>>> Jun 13 11:17:08 hernani snort[13332]: WARNING: flowbits key 'hornet.4'
>>> is set but not ever checked.
>>> Jun 13 11:17:08 hernani snort[13332]: WARNING: flowbits key 
>>> 'hplogin' is
>>> set but not ever checked.
>>> Jun 13 11:17:08 hernani snort[13332]: WARNING: flowbits key 'file.nab'
>>> is set but not ever checked.
>>> Jun 13 11:17:08 hernani snort[13332]: WARNING: flowbits key 'file.xps'
>>> is set but not ever checked.
>>> Jun 13 11:17:08 hernani snort[13332]: WARNING: flowbits key
>>> 'file.wmp_playlist' is checked but not ever set.
>>>
>>>
>>> thanks
>>>
>>> hernani coelho
>>>
>>> ------------------------------------------------------------------------------
>>> HPCC Systems Open Source Big Data Platform from LexisNexis Risk 
>>> Solutions
>>> Find What Matters Most in Your Big Data with HPCC Systems
>>> Open Source. Fast. Scalable. Simple. Ideal for Dirty Data.
>>> Leverages Graph Analysis for Fast Processing & Easy Data Exploration
>>> http://p.sf.net/sfu/hpccsystems
>>> _______________________________________________
>>> Snort-users mailing list
>>> Snort-users at lists.sourceforge.net
>>> Go to this URL to change user options or unsubscribe:
>>> https://lists.sourceforge.net/lists/listinfo/snort-users
>>> Snort-users list archive:
>>> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>>>
>>> Please visit http://blog.snort.org to stay current on all the latest 
>>> Snort news!
>>
>
>
>
> ------------------------------------------------------------------------------
> HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions
> Find What Matters Most in Your Big Data with HPCC Systems
> Open Source. Fast. Scalable. Simple. Ideal for Dirty Data.
> Leverages Graph Analysis for Fast Processing & Easy Data Exploration
> http://p.sf.net/sfu/hpccsystems
>
>
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest Snort news!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140615/a37c6b6b/attachment.html>


More information about the Snort-users mailing list