[Snort-users] Snort-users Digest, Vol 133, Issue 4

yunus emre yunusemre09 at ...125...
Mon Jun 5 12:39:47 EDT 2017


Remove me from your mailing list 😡😡😡😡

Sent from my iPhone

> On 05 Jun 2017, at 18:00, "snort-users-request at lists.sourceforge.net" <snort-users-request at lists.sourceforge.net> wrote:
> 
> Send Snort-users mailing list submissions to
>    snort-users at lists.sourceforge.net
> 
> To subscribe or unsubscribe via the World Wide Web, visit
>    https://lists.sourceforge.net/lists/listinfo/snort-users
> or, via email, send a message with subject or body 'help' to
>    snort-users-request at lists.sourceforge.net
> 
> You can reach the person managing the list at
>    snort-users-owner at lists.sourceforge.net
> 
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Snort-users digest..."
> 
> 
> When responding, please don't respond with the entire Digest.  Please trim your response.
> 
> Today's Topics:
> 
>   1. Re: Barnyard2 -ERROR: Unable to allocate memory! (3737895080
>      requested) (wkitty42 at ...14940...)
>   2. Snort error (Gamze Kayg?s?z)
>   3. Re: Snort error (Gamze Kayg?s?z)
>   4. snort-floodlight (ay?en acun)
>   5. Re: Snort error (Cynthia Leonard (cyleonar))
>   6. Re: snort-floodlight (Joel Esler (jesler))
> 
> 
> ----------------------------------------------------------------------
> 
> Message: 1
> Date: Fri, 2 Jun 2017 16:16:27 -0400
> From: wkitty42 at ...14940...
> To: snort-users at lists.sourceforge.net
> Subject: Re: [Snort-users] Barnyard2 -ERROR: Unable to allocate
>    memory! (3737895080 requested)
> Message-ID: <a43f6959-c941-1a45-e73e-aeea9e658b53 at ...14940...>
> Content-Type: text/plain; charset=utf-8; format=flowed
> 
>> On 06/02/2017 12:38 AM, ?moon sun? ? wrote:
>>  I used hping3 to simulate Dos attackby  :
>> $ sudo hping3example.com -c 10000 -d 120 -S -w 64 --flood -p 80
>> And i logged it by snort to log file.
>> 
>> Then I used barnyard2 to send this log file to snort mysql , but it give me this error :
>> 
>> 
>> ERROR: Unable to allocate memory!  (3737895080 requested)
>> Fatal Error, Quitting..
>> Barnyard2 exiting
>> database: Closing connection to database "snort"
>> 
>> before simulating the dos attack and logged it , it was work fine.
>> Why this happen and how can I fix it?
> 
> it is trying to allocate 3Gig of RAM... i'd imagine that that's a pretty large 
> U2 file it is trying to deal with...
> 
> 
> FWIW: quoting from https://github.com/firnsy/barnyard2
> 
> ------------------------------------------------------------------------------
> 4. CONTACT
> ------------------------------------------------------------------------------
> 
> You can contact the barnyard2 team and user base for question/help debugging 
> issue concerning barnyard2 by using our mailing lists.
> 
> barnyard2-users at ...14071...
> AND
> barnyard2-devel at ...14071...
> 
> 
> 
> -- 
>  NOTE: No off-list assistance is given without prior approval.
>        *Please keep mailing list traffic on the list unless*
>        *a signed and pre-paid contract is in effect with us.*
> 
> 
> 
> ------------------------------
> 
> Message: 2
> Date: Mon, 5 Jun 2017 17:01:05 +0300
> From: Gamze Kayg?s?z <gamzekaygisiz47 at ...11827...>
> To: snort-users at lists.sourceforge.net
> Subject: [Snort-users] Snort error
> Message-ID:
>    <CAMwVf+CFfKTji5PKPo0y87GdV_Ggyen08vB7nj0HuYtR7UrigQ at ...11828...>
> Content-Type: text/plain; charset="UTF-8"
> 
> When I write the command "snort -Q --daq nfq --daq-mode inline --daq-var
> queue=0 -c /etc/snort/snort.conf -A Console -l /var/log/snort/" I get this
> message : "HttpInspectConfigCheck() default server configuration not
> specified Fatal Error, Quitting.." What is the problem? Could you help me??
> 
> 
> ------------------------------
> 
> Message: 3
> Date: Mon, 5 Jun 2017 17:04:04 +0300
> From: Gamze Kayg?s?z <gamzekaygisiz47 at ...11827...>
> To: snort-users at lists.sourceforge.net
> Subject: Re: [Snort-users] Snort error
> Message-ID:
>    <CAMwVf+DmhJFuSyLSYj+XXp69kenQgLvPOCYFc_m2kq7R5yK=Tg at ...11828...>
> Content-Type: text/plain; charset="UTF-8"
> 
> https://www.youtube.com/watch?v=41HLTF-8omU&t=27s
> this video
> 
> 2017-06-05 17:01 GMT+03:00 Gamze Kayg?s?z <gamzekaygisiz47 at ...11827...>:
> 
>> When I write the command "snort -Q --daq nfq --daq-mode inline --daq-var
>> queue=0 -c /etc/snort/snort.conf -A Console -l /var/log/snort/" I get this
>> message : "HttpInspectConfigCheck() default server configuration not
>> specified Fatal Error, Quitting.." What is the problem? Could you help me??
> 
> 
> ------------------------------
> 
> Message: 4
> Date: Mon, 5 Jun 2017 17:33:05 +0300
> From: ay?en acun <aysenacun at ...11827...>
> To: snort-users at lists.sourceforge.net
> Subject: [Snort-users] snort-floodlight
> Message-ID:
>    <CAEcSGmqRV7gzL8hPQ8rLQ7HshWEgQvwtJTWktz2Tec678cMwLA at ...11828...>
> Content-Type: text/plain; charset="UTF-8"
> 
> Hi All,
> 
> I have question that is related to SDN Security. We use FloodLight SDN
> Controller. So Can I integrate Snort with
> FloodLight SDN Controller for IDS?
> 
> 
> ------------------------------
> 
> Message: 5
> Date: Mon, 5 Jun 2017 14:05:56 +0000
> From: "Cynthia Leonard (cyleonar)" <cyleonar at ...589...>
> To: Gamze Kayg?s?z <gamzekaygisiz47 at ...11827...>,
>    "snort-users at lists.sourceforge.net"
>    <snort-users at lists.sourceforge.net>
> Subject: Re: [Snort-users] Snort error
> Message-ID: <53da8b6b835b4074b094a1f14952756a at ...17762...>
> Content-Type: text/plain; charset="utf-8"
> 
> Hi,
> Please share the contents of your snort.conf.
> 
> Regards
> Cynthia
> 
> -----Original Message-----
> From: Gamze Kayg?s?z [mailto:gamzekaygisiz47 at ...11827...] 
> Sent: Monday, June 5, 2017 7:31 PM
> To: snort-users at lists.sourceforge.net
> Subject: [Snort-users] Snort error
> 
> When I write the command "snort -Q --daq nfq --daq-mode inline --daq-var
> queue=0 -c /etc/snort/snort.conf -A Console -l /var/log/snort/" I get this message : "HttpInspectConfigCheck() default server configuration not specified Fatal Error, Quitting.." What is the problem? Could you help me??
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
> 
> Please visit http://blog.snort.org to stay current on all the latest Snort news!
> 
> ------------------------------
> 
> Message: 6
> Date: Mon, 5 Jun 2017 14:58:23 +0000
> From: "Joel Esler (jesler)" <jesler at ...589...>
> To: ay?en acun <aysenacun at ...11827...>
> Cc: "snort-users at lists.sourceforge.net"
>    <snort-users at lists.sourceforge.net>
> Subject: Re: [Snort-users] snort-floodlight
> Message-ID: <7F0F7EF4-D50A-493D-99D3-B6848A8105A7 at ...589...>
> Content-Type: text/plain; charset="utf-8"
> 
> While I have heard of FloodLight, I have not heard of anyone integrating Snort into it.  But it?s open source.  Seems like someone could take the task on.
> 
> --
> Joel Esler | Talos: Manager | jesler at ...589...<mailto:jesler at ...589...>
> 
> 
> 
> 
> 
> 
> On Jun 5, 2017, at 10:33 AM, ay?en acun <aysenacun at ...11827...<mailto:aysenacun at ...11827...>> wrote:
> 
> Hi All,
> 
> I have question that is related to SDN Security. We use FloodLight SDN
> Controller. So Can I integrate Snort with
> FloodLight SDN Controller for IDS?
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org<http://Slashdot.org>! http://sdm.link/slashdot
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net<mailto:Snort-users at lists.sourceforge.net>
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
> 
> Please visit http://blog.snort.org to stay current on all the latest Snort news!
> 
> 
> ------------------------------
> 
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> 
> ------------------------------
> 
> Subject: Digest Footer
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-users
> 
> 
> ------------------------------
> 
> End of Snort-users Digest, Vol 133, Issue 4
> *******************************************


More information about the Snort-users mailing list