[Snort-users] preprocessor file_inspect does not capture file

Lương Minh Tuấn not.soledad at ...11827...
Wed Dec 2 01:45:41 EST 2015


Hi everybody,
     I had problem when using file_inspect to capture file send over 
FTP. Please help me resolv. Here's my Snort info:
     - Server OS:
     $cat /etc/redhat-release
     CentOS Linux release 7.1.1503 (Core)
     - Snort version: 2.9.7.6, build options: --enable-file-inspect 
--enable-open-appid --enable-sourcefire
     - configuration file:
     exactly from snortrules-snapshot-2976.tar.gz, add file_inspect 
config as discuss in README.file:
         include file_magic.conf
         preprocessor file_inspect: signature, \
               capture_queue_size 5000, \
               capture_disk /home/file_capture/tmp/

     Snort does not detect or process any file, here's my exit stat:
       File Preprocessor Statistics
       Total file type callbacks:            0
       Total file signature callbacks:       0
       Total files would saved to disk:      0
       Total files saved to disk:            0
       Total file data saved to disk:        0         bytes
       Total files duplicated:               0
       Total files reserving failed:         0
       Total file capture min:               0
       Total file capture max:               0
       Total file capture memcap:            0
       Total files reading failed:           0
       Total file agent memcap failures:     0
       Total files sent:                     0
       Total file data sent:                 0
       Total file transfer failures:         0
===============================================================================
     Files processed: none

     I tried to build snort v2.9.7.0, 2.9.6.2 and latest 2.9.8.0 but no 
luck. Please help me!

Thanks and best regards!
-- 
Lương Minh Tuấn
Email: not.soledad at ...11827...
Skype: minhtuan208





More information about the Snort-users mailing list