[Snort-users] Upgraded to 2.9.7.0, then down graded to 2.9.6.2 and snort will not start

Joel Esler (jesler) jesler at ...589...
Tue Feb 3 11:02:07 EST 2015


So, the next question is, why did 2.9.7.0 work for you?

--
Joel Esler
Sent from my iPhone

On Feb 3, 2015, at 8:38 AM, Avery Rozar <Avery.Rozar at ...16118...<mailto:Avery.Rozar at ...16118...>> wrote:

Sorry, I did get the uninstall working. I was not in the correct src directory, and it did fix the issue. Since 2.9.7 was not uninstalled it was trying to load OpenAppID with 2.9.6.2 but it's working now.

Thanks!


________________________________________
From: Juan Jesus Prieto [jjprieto at ...16842...<mailto:jjprieto at ...16842...>]
Sent: Monday, February 02, 2015 7:42 AM
To: Avery Rozar; snort-users at lists.sourceforge.net<mailto:snort-users at ...7287....sourceforge.net>
Subject: Re: [Snort-users] Upgraded to 2.9.7.0, then down graded to 2.9.6.2 and snort will not start

Hi Avery,

  Which is your 'make uninstall' output?

El 02/02/15 13:18, Avery Rozar escribió:
Thank you Juan,
I think I may have found the issue. Not sure how to fix it though.

"sudo snort -i dna0 -u snort -g snort" works fine...

If I change the snort00.conf to use afpacket and not pfring_dna when running with the normal

"sudo snort -Q -i dna0:dna1 -u snort -g snort -c /etc/snort/snort00.conf -l /var/log/snort/Z0"

I get the following error..

"ERROR: Failed to initialize dynamic preprocessor: APPID version 1.1.4 (-1)"

Appid id not in 2.9.6.2 so it seems my installing of 2.9.6.2 is sort of mixed.. It is defanitly trying to use 2.9.6.2.

sudo snort --version

   ,,_     -*> Snort! <*-
  o"  )~   Version 2.9.6.2 GRE (Build 77)
   ''''    By Martin Roesch & The Snort Team: http://www.snort.org/snort/snort-team
           Copyright (C) 2014 Cisco and/or its affiliates. All rights reserved.
           Copyright (C) 1998-2013 Sourcefire, Inc., et al.
           Using libpcap version 1.1.1
           Using PCRE version: 7.8 2008-09-05
           Using ZLIB version: 1.2.3


Is there a proper "uninstall" method when using source? "make uninstall does not seem to work."




________________________________________
From: Juan Jesus Prieto [jjprieto at ...16842...<mailto:jjprieto at ...16842...>]
Sent: Sunday, February 01, 2015 2:23 PM
To: snort-users at lists.sourceforge.net<mailto:snort-users at ...3783...net>
Subject: Re: [Snort-users] Upgraded to 2.9.7.0, then down graded to 2.9.6.2 and snort will not start

Hi Avery,

   Try executing snort  (without -q and -D) in foreground, rsyslogd is
dropping messages due to rate-limiting, and maybe you are discarding
important messages.

   In the other hand, the barnyard2 messages are the known "lonely
packet" effect. Are the rules set to 'log' intead of 'alert'? This
messages appears when snort register a packet in the unified2 file and
set event to null due the non existance of it (only log intead of
alert/drop) or because the snort.log files has been rotated and the
related event information has been lost from barnyard2 cache due a
service restart.

   Regards.

El 01/02/15 19:30, Avery Rozar escribió:
I'm tailing /var/log/messages and all I get is "ERROR version 7 < 11".

After upgrading to 2.9.7.0 I was getting "WARNING database [Database()]: Called with Event[0x0] Event Type [0] (P)acket [0x1e6fcc0], information has not been outputed." I did not realize it until I did not see any alerts for a few days. Thinking this may just be a Barnyard2 and Snort 2.9.7.0 compatibility issue I just decided to down grade to 2.9.6.2 and now snort will not start.

I make sure the "/usr/local/lib/snort_dynamicrules/" has the proper so rules, and pulled pork is set for "2.9.6.2". Pulled pork pulls sigs just fine.

Below is the output from "messages" when starting snort. Any ideas what I've done wrong?


Starting snort: Feb  1 13:20:54 vs-101 snort[3091]: Enabling inline operation

Feb  1 13:20:54 vs-101 snort[3091]: Running in IDS mode

Feb  1 13:20:54 vs-101 snort[3091]:

Feb  1 13:20:54 vs-101 snort[3091]:         --== Initializing Snort ==--

Feb  1 13:20:54 vs-101 snort[3091]: Initializing Output Plugins!

Feb  1 13:20:54 vs-101 snort[3091]: Initializing Preprocessors!

Feb  1 13:20:54 vs-101 snort[3091]: Initializing Plug-ins!

Feb  1 13:20:54 vs-101 snort[3091]: Parsing Rules file "/etc/snort/snort00.conf"

Feb  1 13:20:54 vs-101 snort[3091]: PortVar 'HTTP_PORTS' defined :

Feb  1 13:20:54 vs-101 snort[3091]:  [ 36 80:90 311 383 555 591 593 631 801 808 818 901 972 1158 1220 1414 1533 1741 1830 2231 2301 2381 2809 3029 3037 3057 3128 3443 3702 4000 4343 4848 5117 5250 6080 6173 6988 7000:7001 7071 7144:7145 7510 7770 7777 7779 8000 8008 8014 8028 8080:8082 8085 8088 8090 8118 8123 8180:8181 8222 8243 8280 8300 8500 8509 8800 8888 8899 9000 9060 9080 9090:9091 9111 9443 9999:10000 11371 12601 15489 29991 33300 34412 34443:34444 41080 44449 50000 50002 51423 53331 55252 55555 56712 ]

Feb  1 13:20:54 vs-101 snort[3091]:

Feb  1 13:20:54 vs-101 snort[3091]: PortVar 'SHELLCODE_PORTS' defined :

Feb  1 13:20:54 vs-101 snort[3091]:  [ 0:79 81:65535 ]

Feb  1 13:20:54 vs-101 snort[3091]:

Feb  1 13:20:54 vs-101 snort[3091]: PortVar 'ORACLE_PORTS' defined :

Feb  1 13:20:54 vs-101 snort[3091]:  [ 1024:65535 ]

Feb  1 13:20:54 vs-101 snort[3091]:

Feb  1 13:20:54 vs-101 snort[3091]: PortVar 'SSH_PORTS' defined :

Feb  1 13:20:54 vs-101 snort[3091]:  [ 22 ]

Feb  1 13:20:54 vs-101 snort[3091]:

Feb  1 13:20:54 vs-101 snort[3091]: PortVar 'FTP_PORTS' defined :

Feb  1 13:20:54 vs-101 snort[3091]:  [ 21 2100 3535 ]

Feb  1 13:20:54 vs-101 snort[3091]:

Feb  1 13:20:54 vs-101 snort[3091]: PortVar 'SIP_PORTS' defined :

Feb  1 13:20:54 vs-101 snort[3091]:  [ 5060:5061 5600 ]

Feb  1 13:20:54 vs-101 snort[3091]:

Feb  1 13:20:54 vs-101 snort[3091]: PortVar 'FILE_DATA_PORTS' defined :

Feb  1 13:20:54 vs-101 snort[3091]:  [ 36 80:90 110 143 311 383 555 591 593 631 801 808 818 901 972 1158 1220 1414 1533 1741 1830 2231 2301 2381 2809 3029 3037 3057 3128 3443 3702 4000 4343 4848 5117 5250 6080 6173 6988 7000:7001 7071 7144:7145 7510 7770 7777 7779 8000 8008 8014 8028 8080:8082 8085 8088 8090 8118 8123 8180:8181 8222 8243 8280 8300 8500 8509 8800 8888 8899 9000 9060 9080 9090:9091 9111 9443 9999:10000 11371 12601 15489 29991 33300 34412 34443:34444 41080 44449 50000 50002 51423 53331 55252 55555 56712 ]

Feb  1 13:20:54 vs-101 snort[3091]:

Feb  1 13:20:54 vs-101 snort[3091]: PortVar 'GTP_PORTS' defined :

Feb  1 13:20:54 vs-101 snort[3091]:  [ 2123 2152 3386 ]

Feb  1 13:20:54 vs-101 snort[3091]:

Feb  1 13:20:54 vs-101 snort[3091]: Detection:

Feb  1 13:20:54 vs-101 snort[3091]:    Search-Method = AC-Full-Q

Feb  1 13:20:54 vs-101 snort[3091]:     Split Any/Any group = enabled

Feb  1 13:20:54 vs-101 snort[3091]:     Search-Method-Optimizations = enabled

Feb  1 13:20:54 vs-101 snort[3091]:     Maximum pattern length = 20

Feb  1 13:20:55 vs-101 snort[3091]: Tagged Packet Limit: 256

Feb  1 13:20:55 vs-101 snort[3091]: Loading dynamic engine /usr/local/lib/snort_dynamicengine/libsf_engine.so...

Feb  1 13:20:55 vs-101 snort[3091]: done

Feb  1 13:20:55 vs-101 snort[3091]: Loading all dynamic detection libs from /usr/local/lib/snort_dynamicrules...

Feb  1 13:20:55 vs-101 snort[3091]:   Loading dynamic detection library /usr/local/lib/snort_dynamicrules/server-apache.so...

Feb  1 13:20:55 vs-101 snort[3091]: done

Feb  1 13:20:55 vs-101 snort[3091]:   Loading dynamic detection library /usr/local/lib/snort_dynamicrules/browser-other.so...

Feb  1 13:20:55 vs-101 snort[3091]: done

Feb  1 13:20:55 vs-101 snort[3091]:   Loading dynamic detection library /usr/local/lib/snort_dynamicrules/exploit-kit.so...

Feb  1 13:20:55 vs-101 snort[3091]: done

Feb  1 13:20:55 vs-101 snort[3091]:   Loading dynamic detection library /usr/local/lib/snort_dynamicrules/os-linux.so...

Feb  1 13:20:55 vs-101 snort[3091]: done

Feb  1 13:20:55 vs-101 snort[3091]:   Loading dynamic detection library /usr/local/lib/snort_dynamicrules/os-windows.so...

Feb  1 13:20:55 vs-101 snort[3091]: done

Feb  1 13:20:55 vs-101 snort[3091]:   Loading dynamic detection library /usr/local/lib/snort_dynamicrules/malware-other.so...

Feb  1 13:20:55 vs-101 snort[3091]: done

Feb  1 13:20:55 vs-101 snort[3091]:   Loading dynamic detection library /usr/local/lib/snort_dynamicrules/protocol-dns.so...

Feb  1 13:20:55 vs-101 snort[3091]: done

Feb  1 13:20:55 vs-101 snort[3091]:   Loading dynamic detection library /usr/local/lib/snort_dynamicrules/policy-social.so...

Feb  1 13:20:55 vs-101 snort[3091]: done

Feb  1 13:20:55 vs-101 snort[3091]:   Loading dynamic detection library /usr/local/lib/snort_dynamicrules/protocol-icmp.so...

Feb  1 13:20:55 vs-101 snort[3091]: done

Feb  1 13:20:55 vs-101 snort[3091]:   Loading dynamic detection library /usr/local/lib/snort_dynamicrules/server-iis.so...

Feb  1 13:20:55 vs-101 snort[3091]: done

Feb  1 13:20:55 vs-101 snort[3091]:   Loading dynamic detection library /usr/local/lib/snort_dynamicrules/server-other.so...

Feb  1 13:20:55 vs-101 snort[3091]: done

Feb  1 13:20:55 vs-101 snort[3091]:   Loading dynamic detection library /usr/local/lib/snort_dynamicrules/file-pdf.so...

Feb  1 13:20:55 vs-101 snort[3091]: done

Feb  1 13:20:55 vs-101 snort[3091]:   Loading dynamic detection library /usr/local/lib/snort_dynamicrules/os-other.so...

Feb  1 13:20:55 vs-101 snort[3091]: done

Feb  1 13:20:55 vs-101 snort[3091]:   Loading dynamic detection library /usr/local/lib/snort_dynamicrules/pua-p2p.so...

Feb  1 13:20:55 vs-101 snort[3091]: done

Feb  1 13:20:55 vs-101 snort[3091]:   Loading dynamic detection library /usr/local/lib/snort_dynamicrules/file-office.so...

Feb  1 13:20:55 vs-101 snort[3091]: done

Feb  1 13:20:55 vs-101 snort[3091]:   Loading dynamic detection library /usr/local/lib/snort_dynamicrules/browser-plugins.so...

Feb  1 13:20:55 vs-101 snort[3091]: done

Feb  1 13:20:55 vs-101 snort[3091]:   Loading dynamic detection library /usr/local/lib/snort_dynamicrules/file-other.so...

Feb  1 13:20:55 vs-101 snort[3091]: done

Feb  1 13:20:55 vs-101 snort[3091]:   Loading dynamic detection library /usr/local/lib/snort_dynamicrules/file-flash.so...

Feb  1 13:20:55 vs-101 snort[3091]: done

Feb  1 13:20:55 vs-101 snort[3091]:   Loading dynamic detection library /usr/local/lib/snort_dynamicrules/file-image.so...

Feb  1 13:20:55 vs-101 snort[3091]: done

Feb  1 13:20:55 vs-101 snort[3091]:   Loading dynamic detection library /usr/local/lib/snort_dynamicrules/file-executable.so...

Feb  1 13:20:55 vs-101 snort[3091]: done

Feb  1 13:20:55 vs-101 snort[3091]:   Loading dynamic detection library /usr/local/lib/snort_dynamicrules/file-multimedia.so...

Feb  1 13:20:55 vs-101 snort[3091]: done

Feb  1 13:20:55 vs-101 snort[3091]:   Loading dynamic detection library /usr/local/lib/snort_dynamicrules/netbios.so...

Feb  1 13:20:55 vs-101 snort[3091]: done

Feb  1 13:20:55 vs-101 snort[3091]:   Loading dynamic detection library /usr/local/lib/snort_dynamicrules/server-webapp.so...

Feb  1 13:20:55 vs-101 snort[3091]: done

Feb  1 13:20:55 vs-101 snort[3091]:   Loading dynamic detection library /usr/local/lib/snort_dynamicrules/malware-cnc.so...

Feb  1 13:20:55 vs-101 snort[3091]: done

Feb  1 13:20:55 vs-101 snort[3091]:   Loading dynamic detection library /usr/local/lib/snort_dynamicrules/browser-ie.so...

Feb  1 13:20:55 vs-101 snort[3091]: done

Feb  1 13:20:55 vs-101 snort[3091]:   Loading dynamic detection library /usr/local/lib/snort_dynamicrules/protocol-voip.so...

Feb  1 13:20:55 vs-101 snort[3091]: done

Feb  1 13:20:55 vs-101 snort[3091]:   Loading dynamic detection library /usr/local/lib/snort_dynamicrules/indicator-shellcode.so...

Feb  1 13:20:55 vs-101 snort[3091]: done

Feb  1 13:20:55 vs-101 snort[3091]:   Loading dynamic detection library /usr/local/lib/snort_dynamicrules/protocol-other.so...

Feb  1 13:20:55 vs-101 snort[3091]: done

Feb  1 13:20:55 vs-101 snort[3091]:   Loading dynamic detection library /usr/local/lib/snort_dynamicrules/server-mail.so...

Feb  1 13:20:55 vs-101 snort[3091]: done

Feb  1 13:20:55 vs-101 snort[3091]:   Loading dynamic detection library /usr/local/lib/snort_dynamicrules/server-oracle.so...

Feb  1 13:20:55 vs-101 snort[3091]: done

Feb  1 13:20:55 vs-101 snort[3091]:   Loading dynamic detection library /usr/local/lib/snort_dynamicrules/protocol-nntp.so...

Feb  1 13:20:55 vs-101 snort[3091]: done

Feb  1 13:20:55 vs-101 snort[3091]:   Loading dynamic detection library /usr/local/lib/snort_dynamicrules/server-mysql.so...

Feb  1 13:20:55 vs-101 snort[3091]: done

Feb  1 13:20:55 vs-101 snort[3091]:   Loading dynamic detection library /usr/local/lib/snort_dynamicrules/file-java.so...

Feb  1 13:20:55 vs-101 snort[3091]: done

Feb  1 13:20:55 vs-101 snort[3091]:   Loading dynamic detection library /usr/local/lib/snort_dynamicrules/protocol-snmp.so...

Feb  1 13:20:55 vs-101 snort[3091]: done

Feb  1 13:20:55 vs-101 snort[3091]:   Finished Loading all dynamic detection libs from /usr/local/lib/snort_dynamicrules

Feb  1 13:20:55 vs-101 snort[3091]: Loading all dynamic preprocessor libs from /usr/local/lib/snort_dynamicpreprocessor/...

Feb  1 13:20:55 vs-101 snort[3091]:   Loading dynamic preprocessor library /usr/local/lib/snort_dynamicpreprocessor//libsf_modbus_preproc.so...

Feb  1 13:20:55 vs-101 snort[3091]: done

Feb  1 13:20:55 vs-101 snort[3091]:   Loading dynamic preprocessor library /usr/local/lib/snort_dynamicpreprocessor//libsf_sdf_preproc.so...

Feb  1 13:20:55 vs-101 snort[3091]: done

Feb  1 13:20:55 vs-101 snort[3091]:   Loading dynamic preprocessor library /usr/local/lib/snort_dynamicpreprocessor//libsf_gtp_preproc.so...

Feb  1 13:20:55 vs-101 snort[3091]: done

Feb  1 13:20:55 vs-101 snort[3091]:   Loading dynamic preprocessor library /usr/local/lib/snort_dynamicpreprocessor//libsf_pop_preproc.so...

Feb  1 13:20:55 vs-101 snort[3091]: done

Feb  1 13:20:55 vs-101 snort[3091]:   Loading dynamic preprocessor library /usr/local/lib/snort_dynamicpreprocessor//libsf_reputation_preproc.so...

Feb  1 13:20:55 vs-101 snort[3091]: done

Feb  1 13:20:55 vs-101 snort[3091]:   Loading dynamic preprocessor library /usr/local/lib/snort_dynamicpreprocessor//libsf_ssl_preproc.so...

Feb  1 13:20:55 vs-101 snort[3091]: done

Feb  1 13:20:55 vs-101 snort[3091]:   Loading dynamic preprocessor library /usr/local/lib/snort_dynamicpreprocessor//libsf_appid_preproc.so...

Feb  1 13:20:55 vs-101 snort[3091]: done

Feb  1 13:20:55 vs-101 snort[3091]:   Loading dynamic preprocessor library /usr/local/lib/snort_dynamicpreprocessor//libsf_dnp3_preproc.so...

Feb  1 13:20:55 vs-101 snort[3091]: done

Feb  1 13:20:55 vs-101 snort[3091]:   Loading dynamic preprocessor library /usr/local/lib/snort_dynamicpreprocessor//libsf_imap_preproc.so...

Feb  1 13:20:55 vs-101 snort[3091]: done

Feb  1 13:20:55 vs-101 snort[3091]:   Loading dynamic preprocessor library /usr/local/lib/snort_dynamicpreprocessor//libsf_smtp_preproc.so...

Feb  1 13:20:55 vs-101 snort[3091]: done

Feb  1 13:20:55 vs-101 snort[3091]:   Loading dynamic preprocessor library /usr/local/lib/snort_dynamicpreprocessor//libsf_ssh_preproc.so...

Feb  1 13:20:55 vs-101 snort[3091]: done

Feb  1 13:20:55 vs-101 snort[3091]:   Loading dynamic preprocessor library /usr/local/lib/snort_dynamicpreprocessor//libsf_dns_preproc.so...

Feb  1 13:20:55 vs-101 snort[3091]: done

Feb  1 13:20:55 vs-101 snort[3091]:   Loading dynamic preprocessor library /usr/local/lib/snort_dynamicpreprocessor//libsf_dce2_preproc.so...

Feb  1 13:20:55 vs-101 snort[3091]: done

Feb  1 13:20:55 vs-101 snort[3091]:   Loading dynamic preprocessor library /usr/local/lib/snort_dynamicpreprocessor//libsf_ftptelnet_preproc.so...

Feb  1 13:20:55 vs-101 snort[3091]: done

Feb  1 13:20:55 vs-101 snort[3091]:   Loading dynamic preprocessor library /usr/local/lib/snort_dynamicpreprocessor//libsf_sip_preproc.so...

Feb  1 13:20:55 vs-101 snort[3091]: done

Feb  1 13:20:55 vs-101 snort[3091]:   Finished Loading all dynamic preprocessor libs from /usr/local/lib/snort_dynamicpreprocessor/

Feb  1 13:20:55 vs-101 snort[3091]: Log directory = /var/log/snort/Z0

Feb  1 13:20:55 vs-101 snort[3091]: Normalizer config:

Feb  1 13:20:55 vs-101 snort[3091]:          ip4: on

Feb  1 13:20:55 vs-101 snort[3091]:      ip4::df: off

Feb  1 13:20:55 vs-101 snort[3091]:      ip4::rf: off

Feb  1 13:20:55 vs-101 snort[3091]:     ip4::tos: off

Feb  1 13:20:55 vs-101 snort[3091]:    ip4::trim: off

Feb  1 13:20:55 vs-101 snort[3091]:     ip4::ttl: on (min=1, new=5)

Feb  1 13:20:55 vs-101 snort[3091]: Normalizer config:

Feb  1 13:20:55 vs-101 snort[3091]:          tcp: on

Feb  1 13:20:55 vs-101 snort[3091]:     tcp::ecn: stream

Feb  1 13:20:55 vs-101 snort[3091]:     tcp::urp: on

Feb  1 13:20:55 vs-101 snort[3091]:     tcp::opt: off

Feb  1 13:20:55 vs-101 snort[3091]:     tcp::ips: on

Feb  1 13:20:55 vs-101 snort[3091]: Normalizer config:

Feb  1 13:20:55 vs-101 snort[3091]:        icmp4: on

Feb  1 13:20:55 vs-101 snort[3091]: Normalizer config:

Feb  1 13:20:55 vs-101 snort[3091]:          ip6: on

Feb  1 13:20:55 vs-101 snort[3091]:    ip6::hops: on (min=1, new=5)

Feb  1 13:20:55 vs-101 snort[3091]: Normalizer config:

Feb  1 13:20:55 vs-101 snort[3091]:        icmp6: on

Feb  1 13:20:55 vs-101 snort[3091]: Frag3 global config:

Feb  1 13:20:55 vs-101 snort[3091]:     Max frags: 65536

Feb  1 13:20:55 vs-101 snort[3091]:     Fragment memory cap: 4194304 bytes

Feb  1 13:20:55 vs-101 snort[3091]: Frag3 engine config:

Feb  1 13:20:55 vs-101 snort[3091]:     Bound Address: default

Feb  1 13:20:55 vs-101 snort[3091]:     Target-based policy: WINDOWS

Feb  1 13:20:55 vs-101 snort[3091]:     Fragment timeout: 180 seconds

Feb  1 13:20:55 vs-101 snort[3091]:     Fragment min_ttl:   1

Feb  1 13:20:55 vs-101 snort[3091]:     Fragment Anomalies: Alert

Feb  1 13:20:55 vs-101 snort[3091]:     Overlap Limit:     10

Feb  1 13:20:55 vs-101 snort[3091]:     Min fragment Length:     100

Feb  1 13:20:55 vs-101 snort[3091]: Stream5 global config:

Feb  1 13:20:55 vs-101 snort[3091]:     Track TCP sessions: ACTIVE

Feb  1 13:20:55 vs-101 snort[3091]:     Max TCP sessions: 262144

Feb  1 13:20:55 vs-101 snort[3091]:     TCP cache pruning timeout: 30 seconds

Feb  1 13:20:55 vs-101 snort[3091]:     TCP cache nominal timeout: 3600 seconds

Feb  1 13:20:55 vs-101 snort[3091]:     Memcap (for reassembly packet storage): 8388608

Feb  1 13:20:55 vs-101 snort[3091]:     Track UDP sessions: ACTIVE

Feb  1 13:20:55 vs-101 snort[3091]:     Max UDP sessions: 131072

Feb  1 13:20:55 vs-101 snort[3091]:     UDP cache pruning timeout: 30 seconds

Feb  1 13:20:55 vs-101 snort[3091]:     UDP cache nominal timeout: 180 seconds

Feb  1 13:20:55 vs-101 snort[3091]:     Track ICMP sessions: INACTIVE

Feb  1 13:20:55 vs-101 snort[3091]:     Track IP sessions: INACTIVE

Feb  1 13:20:55 vs-101 snort[3091]:     Log info if session memory consumption exceeds 1048576

Feb  1 13:20:55 vs-101 snort[3091]:     Send up to 2 active responses

Feb  1 13:20:55 vs-101 snort[3091]:     Wait at least 5 seconds between responses

Feb  1 13:20:55 vs-101 snort[3091]:     Protocol Aware Flushing: ACTIVE

Feb  1 13:20:55 vs-101 snort[3091]:         Maximum Flush Point: 16000

Feb  1 13:20:55 vs-101 snort[3091]:       Max Expected Streams: 768

Feb  1 13:20:55 vs-101 snort[3091]: Stream5 TCP Policy config:

Feb  1 13:20:55 vs-101 snort[3091]:     Bound Address: default

Feb  1 13:20:55 vs-101 snort[3091]:     Reassembly Policy: WINDOWS

Feb  1 13:20:55 vs-101 snort[3091]:     Timeout: 180 seconds

Feb  1 13:20:55 vs-101 snort[3091]:     Limit on TCP Overlaps: 10

Feb  1 13:20:55 vs-101 snort[3091]:     Maximum number of bytes to queue per session: 1048576

Feb  1 13:20:55 vs-101 snort[3091]:     Maximum number of segs to queue per session: 2621

Feb  1 13:20:55 vs-101 snort[3091]:     Options:

Feb  1 13:20:55 vs-101 rsyslogd-2177: imuxsock begins to drop messages from pid 3091 due to rate-limiting

ERROR version 7 < 11

                                                            [FAILED]

------------------------------------------------------------------------------
Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net<mailto:Snort-users at lists.sourceforge.net>
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

------------------------------------------------------------------------------
Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net<mailto:Snort-users at lists.sourceforge.net>
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!


------------------------------------------------------------------------------
Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net<mailto:Snort-users at lists.sourceforge.net>
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!


------------------------------------------------------------------------------
Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net<mailto:Snort-users at lists.sourceforge.net>
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20150203/42b035f4/attachment.html>


More information about the Snort-users mailing list