[Snort-users] 回复: snort preprocessor reputation Shared memory loadentries always 0

阔野嘹歌 85358830 at ...15456...
Tue May 9 11:46:38 EDT 2017

sorry,Message attachments are not supported.
Here is my snort.conf:

# Reputation preprocessor. For more information see README.reputation
preprocessor reputation: \
   memcap 500, \
   scan_local, \
#   priority whitelist, \
   white unblack, \
   nested_ip both, \
#   whitelist /usr/reputation/iplists/white_list.wlf, \
#   blacklist /usr/reputation/iplists/black_list.blf, \
   shared_mem /usr/reputation/iplists, \
   shared_refresh 60

Here is my black_list.blf:

------------------ 原始邮件 ------------------
发件人: "85358830";<85358830 at ...15456...>;
发送时间: 2017年5月9日(星期二) 晚上11:28
收件人: "Snort-users"<snort-users at lists.sourceforge.net>; 

主题: [Snort-users] snort preprocessor reputation Shared memory loadentries always 0

Good day to all! I'm using Snort on a Debian 8.2 virtual machine.To test reputation share memory and control-socket.I'm follow Snort manual 2.2.20 shared memory support.step by step.but it looks not work well.

My config file and whait/black list file in mail attachemnts.
The following line is my start snort command:
./snort -G 1 -Q --process-all-events -c ../etc/snort.conf

The following is the output of the snort:
Reputation config: 
    Reputation total memory usage: 0 bytes
    Reputation total entries loaded: 0, invalid: 0, re-defined: 0
    Memcap: 500 (Default) M bytes 
    Scan local network: ENABLED
    Reputation priority:  whitelist(Default) 
    Nested IP: both  
    White action: unblack (Default) 
    Shared memory supported, Update directory: /usr/reputation/iplists
    Shared memory refresh period: 60 (Default) seconds 
    Shared memory max instances: 2

Initializing rule chains...
1 Snort rules read
    0 detection rules
    0 decoder rules
    1 preprocessor rules
1 Option Chains linked into 1 Chain Headers
0 Dynamic rules


nfq DAQ configured to inline.
Reload thread starting...
Reload thread started, thread 0xa443db40 (25579)
    Reputation Preprocessor: Size of shared memory segment SFShmemMgmt.0.0 is 128
Mapped shared management region of size 128 as a reader.


It appears that the blacklist is not load into shared memory.why?
who can tell me why?

I am searching for a long time on net. But no use. Please help or try to give some ideas how to achieve this.

I'm sorry my English is not good.sorry I am a novice.


Can someone give me some help?

Can the Chinese give me some help?in Chinese.

I am a lonely self learner, if you can give me a little help , Thank you very much.
Best regards to all!------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

Please visit http://blog.snort.org to stay current on all the latest Snort news!

More information about the Snort-users mailing list