No subject


Thu Nov 23 16:36:19 EST 2017


output from the minimized snort window.  I can't quite figure out what is
wrong.  Another set of eyes looking at this is what I am hoping someone will
do and see a problem.

TIA for your help

Rich
PS Sorry it is a long post, but I did not want to do an attachment.

[Begin config]
[************cmd line*********]
c:\snort\Snort.exe -c "c:\snort\snort.conf" -l "c:\snort\log" -h
aaa.bbb.ccc.ddd/32 -i 1 -a -b -C -d -e -O -X -I -G basic -U -y
[*NOTE, yes I blanked out my IP above.  It is a public IP*]


[***********snort.conf**************]
#--------------------------------------------------
#   http://www.activeworx.com Snort 1.8.6 Ruleset
#     IDS Policy Manager Version: 1.3 Build(31)
# Current Database Updated -- May 10, 2002 10:55 AM
#--------------------------------------------------
#
## Variables
## ---------
#var HOME_NET 10.1.1.0/24
#var HOME_NET $eth0_ADDRESS
#var HOME_NET [10.1.1.0/24,192.168.1.0/24]
var HOME_NET any
var EXTERNAL_NET any
var SMTP $HOME_NET
var HTTP_SERVERS $HOME_NET
var SQL_SERVERS $HOME_NET
var DNS_SERVERS $HOME_NET
#var RULE_PATH ./
var RULE_PATH c:\snort\rules
var SHELLCODE_PORTS !80
#var SPADEDIR .
#
## Preprocessor Support
## --------------------
preprocessor http_decode: 80 -cginull -unicode
preprocessor rpc_decode: 111 32771
preprocessor bo:
preprocessor stream4: detect_scans
preprocessor stream4_reassemble
preprocessor portscan: $HOME_NET 4 3 portscan.log
#preprocessor portscan-ignorehosts: 0.0.0.0
preprocessor frag2
preprocessor telnet_decode
#
#
## Output Modules
## --------------
#output database: log, unixodbc, dbname=snort user=snort host=localhost
password=test
output CSV: log default
output log_tcpdump: snorttcp.log
#output xml: Log, file=/var/log/snortxml
output log_unified: filename snort.log, limit 128
#
#output alert_syslog: LOG_AUTH LOG_ALERT
#output alert_unified: filename snort.alert, limit 128
#output trap_snmp: alert, 7, inform -v 3 -p 162 -l authPriv -u snortUser -x
DES -X "" -a SHA -A "" myTrapListener
#
## Custom Rules
## ------------
ruletype suspicious
{
 type log
 output log_tcpdump: suspicious.log
}
ruletype redalert
{
 type alert
 output alert_syslog: LOG_AUTH LOG_ALERT
# output database: log, mysql, user=snort dbname=snort host=localhost
}
#ruletype <New_Custom_Rules>
#{
#}
#
## Include Files
## -------------
include classification.config
#
include $RULE_PATH/bad-traffic.rules
include $RULE_PATH/exploit.rules
include $RULE_PATH/scan.rules
include $RULE_PATH/finger.rules
include $RULE_PATH/ftp.rules
include $RULE_PATH/telnet.rules
include $RULE_PATH/smtp.rules
include $RULE_PATH/rpc.rules
include $RULE_PATH/rservices.rules
include $RULE_PATH/dos.rules
include $RULE_PATH/ddos.rules
include $RULE_PATH/dns.rules
include $RULE_PATH/tftp.rules
include $RULE_PATH/web-cgi.rules
include $RULE_PATH/web-coldfusion.rules
include $RULE_PATH/web-iis.rules
include $RULE_PATH/web-frontpage.rules
include $RULE_PATH/web-misc.rules
include $RULE_PATH/web-attacks.rules
include $RULE_PATH/sql.rules
include $RULE_PATH/x11.rules
include $RULE_PATH/icmp.rules
include $RULE_PATH/netbios.rules
include $RULE_PATH/misc.rules
include $RULE_PATH/attack-responses.rules
include $RULE_PATH/backdoor.rules
include $RULE_PATH/shellcode.rules
include $RULE_PATH/policy.rules
include $RULE_PATH/porn.rules
include $RULE_PATH/info.rules
include $RULE_PATH/icmp-info.rules
include $RULE_PATH/virus.rules
#include $RULE_PATH/experimental.rules
include $RULE_PATH/local.rules


{*********Snort Screen*************}

Log directory = c:\snort\log

Initializing Network Interface \

        --== Initializing Snort ==--
Decoding Ethernet on interface \Device\Packet_NdisWanIp
Initializing Preprocessors!
Initializing Plug-ins!
Initializating Output Plugins!
Parsing Rules file c:\snort\snort.conf

+++++++++++++++++++++++++++++++++++++++++++++++++++
Initializing rule chains...
Stream4 config:
    Stateful inspection: ACTIVE
    Session statistics: INACTIVE
    Session timeout: 30 seconds
    Session memory cap: 8388608 bytes
    State alerts: INACTIVE
    Scan alerts: ACTIVE
    Log Flushed Streams: INACTIVE
No arguments to stream4_reassemble, setting defaults:
     Reassemble client: ACTIVE
     Reassemble server: INACTIVE
     Reassemble ports: 21 23 25 53 80 143 110 111 513
     Reassembly alerts: ACTIVE
     Reassembly method: FAVOR_OLD
Using GMT time
No arguments to frag2 directive, setting defaults to:
    Fragment timeout: 60 seconds
    Fragment memory cap: 4194304 bytes
ProcessFileOption: c:\snort\log/log
WARNING: command line overrides rules file logging plugin!
WARNING: command line overrides rules file logging plugin!
WARNING: command line overrides rules file logging plugin!
980 Snort rules read...
980 Option Chains linked into 100 Chain Headers
0 Dynamic rules
+++++++++++++++++++++++++++++++++++++++++++++++++++

Rule application order:
->activation->dynamic->alert->pass->log->suspicious->red
alert

        --== Initialization Complete ==--

-*> Snort! <*-
Version 1.8-WIN32 (Build 103)
By Martin Roesch (roesch at ...1935..., www.snort.org)
1.7-WIN32 Port By Michael Davis (mike at ...92...,
www.datanerds.net/~mike)
1.8-WIN32 Port By Chris Reid (chris.reid at ...3029...)
          (based on code from 1.7 port)

[End config]

------_=_NextPart_001_01C1FC1F.CA1F9E20
Content-Type: text/html; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; charset=3DISO-8859-=
1">
<META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version 5.5.2653.12">
<TITLE>SNORT newbie looking for some help with Snort on Win2k</TITLE>
</HEAD>
<BODY>

<P><FONT SIZE=3D2 FACE=3D"Arial">I set up SNORT using IDSCentre and tested =
the config using the applet.  I received no error messages, the SNORT =
window is minimized and things appear to work, yet there are no alerts, no =
log entries, nothing.  I know we are under hits all the time, my firew=
all reports blocking them.  </FONT></P>

<P><FONT SIZE=3D2 FACE=3D"Arial">Setup:</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">W2K Pro p3 733.  On a hub with route=
r and firewall external interface.  I have 64 public IP's and I'd like=
 to scan the range if possible.  I am including the following. &n=
bsp; </FONT></P>

<P><FONT SIZE=3D2 FACE=3D"Arial">From IDSCentre the command line it fires, =
the snort.conf file and the screen output from the minimized snort window.&=
nbsp; I can't quite figure out what is wrong.  Another set of eyes loo=
king at this is what I am hoping someone will do and see a problem.</FONT><=
/P>

<P><FONT SIZE=3D2 FACE=3D"Arial">TIA for your help</FONT>
</P>

<P><FONT SIZE=3D2 FACE=3D"Arial">Rich</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">PS Sorry it is a long post, but I did not=
 want to do an attachment.</FONT>
</P>

<P><FONT SIZE=3D2 FACE=3D"Arial">[Begin config]</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">[************cmd line*********]</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">c:\snort\Snort.exe -c "c:\snort\snor=
t.conf" -l "c:\snort\log" -h aaa.bbb.ccc.ddd/32 -i 1 -a -b -=
C -d -e -O -X -I -G basic -U -y</FONT></P>

<P><FONT SIZE=3D2 FACE=3D"Arial">[*NOTE, yes I blanked out my IP above.&nbs=
p; It is a public IP*]</FONT>
</P>
<BR>

<P><FONT SIZE=3D2 FACE=3D"Arial">[***********snort.conf**************]</FON=
T>
<BR><FONT SIZE=3D2 FACE=3D"Arial">#----------------------------------------=
----------</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">#   <A HREF=3D"http://www.activ=
eworx.com" TARGET=3D"_blank">http://www.activeworx.com</A> Snort 1.8.6 Rule=
set</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">#     IDS Policy Mana=
ger Version: 1.3 Build(31)</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial"># Current Database Updated -- May 10, 200=
2 10:55 AM</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">#----------------------------------------=
----------</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">#</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">## Variables</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">## ---------</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">#var HOME_NET 10.1.1.0/24</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">#var HOME_NET $eth0_ADDRESS</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">#var HOME_NET [10.1.1.0/24,192.168.1.0/24=
]</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">var HOME_NET any</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">var EXTERNAL_NET any</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">var SMTP $HOME_NET</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">var HTTP_SERVERS $HOME_NET</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">var SQL_SERVERS $HOME_NET</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">var DNS_SERVERS $HOME_NET</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">#var RULE_PATH ./</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">var RULE_PATH c:\snort\rules</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">var SHELLCODE_PORTS !80</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">#var SPADEDIR .</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">#</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">## Preprocessor Support</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">## --------------------</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">preprocessor http_decode: 80 -cginull -un=
icode</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">preprocessor rpc_decode: 111 32771</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">preprocessor bo:</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">preprocessor stream4: detect_scans</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">preprocessor stream4_reassemble</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">preprocessor portscan: $HOME_NET 4 3 port=
scan.log</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">#preprocessor portscan-ignorehosts: 0.0.0=
.0</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">preprocessor frag2</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">preprocessor telnet_decode</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">#</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">#</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">## Output Modules</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">## --------------</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">#output database: log, unixodbc, dbname=
=3Dsnort user=3Dsnort host=3Dlocalhost password=3Dtest</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">output CSV: log default</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">output log_tcpdump: snorttcp.log</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">#output xml: Log, file=3D/var/log/snortxm=
l</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">output log_unified: filename snort.log, l=
imit 128</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">#</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">#output alert_syslog: LOG_AUTH LOG_ALERT<=
/FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">#output alert_unified: filename snort.ale=
rt, limit 128</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">#output trap_snmp: alert, 7, inform -v 3 =
-p 162 -l authPriv -u snortUser -x DES -X "" -a SHA -A "&quo=
t; myTrapListener</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">#</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">## Custom Rules</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">## ------------</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">ruletype suspicious</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">{</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial"> type log</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial"> output log_tcpdump: suspicious.log<=
/FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">}</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">ruletype redalert</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">{</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial"> type alert</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial"> output alert_syslog: LOG_AUTH LOG_A=
LERT</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial"># output database: log, mysql, user=3Dsno=
rt dbname=3Dsnort host=3Dlocalhost</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">}</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">#ruletype <New_Custom_Rules></FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">#{</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">#}</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">#</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">## Include Files</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">## -------------</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">include classification.config</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">#</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">include $RULE_PATH/bad-traffic.rules</FON=
T>
<BR><FONT SIZE=3D2 FACE=3D"Arial">include $RULE_PATH/exploit.rules</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">include $RULE_PATH/scan.rules</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">include $RULE_PATH/finger.rules</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">include $RULE_PATH/ftp.rules</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">include $RULE_PATH/telnet.rules</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">include $RULE_PATH/smtp.rules</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">include $RULE_PATH/rpc.rules</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">include $RULE_PATH/rservices.rules</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">include $RULE_PATH/dos.rules</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">include $RULE_PATH/ddos.rules</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">include $RULE_PATH/dns.rules</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">include $RULE_PATH/tftp.rules</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">include $RULE_PATH/web-cgi.rules</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">include $RULE_PATH/web-coldfusion.rules</=
FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">include $RULE_PATH/web-iis.rules</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">include $RULE_PATH/web-frontpage.rules</F=
ONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">include $RULE_PATH/web-misc.rules</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">include $RULE_PATH/web-attacks.rules</FON=
T>
<BR><FONT SIZE=3D2 FACE=3D"Arial">include $RULE_PATH/sql.rules</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">include $RULE_PATH/x11.rules</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">include $RULE_PATH/icmp.rules</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">include $RULE_PATH/netbios.rules</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">include $RULE_PATH/misc.rules</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">include $RULE_PATH/attack-responses.rules=
</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">include $RULE_PATH/backdoor.rules</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">include $RULE_PATH/shellcode.rules</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">include $RULE_PATH/policy.rules</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">include $RULE_PATH/porn.rules</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">include $RULE_PATH/info.rules</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">include $RULE_PATH/icmp-info.rules</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">include $RULE_PATH/virus.rules</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">#include $RULE_PATH/experimental.rules</F=
ONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">include $RULE_PATH/local.rules</FONT>
</P>
<BR>

<P><FONT SIZE=3D2 FACE=3D"Arial">{*********Snort Screen*************}</FONT>
</P>

<P><FONT SIZE=3D2 FACE=3D"Arial">Log directory =3D c:\snort\log</FONT>
</P>

<P><FONT SIZE=3D2 FACE=3D"Arial">Initializing Network Interface \</FONT>
</P>

<P><FONT SIZE=3D2 FACE=3D"Arial">       =
 --=3D=3D Initializing Snort =3D=3D--</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">Decoding Ethernet on interface \Device\Pa=
cket_NdisWanIp</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">Initializing Preprocessors!</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">Initializing Plug-ins!</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">Initializating Output Plugins!</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">Parsing Rules file c:\snort\snort.conf</F=
ONT>
</P>

<P><FONT SIZE=3D2 FACE=3D"Arial">++++++++++++++++++++++++++++++++++++++++++=
+++++++++</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">Initializing rule chains...</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">Stream4 config:</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">    Stateful inspection: A=
CTIVE</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">    Session statistics: IN=
ACTIVE</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">    Session timeout: 30 se=
conds</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">    Session memory cap: 83=
88608 bytes</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">    State alerts: INACTIVE=
</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">    Scan alerts: ACTIVE</F=
ONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">    Log Flushed Streams: I=
NACTIVE</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">No arguments to stream4_reassemble, setti=
ng defaults:</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">     Reassemble clien=
t: ACTIVE</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">     Reassemble serve=
r: INACTIVE</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">     Reassemble ports=
: 21 23 25 53 80 143 110 111 513</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">     Reassembly alert=
s: ACTIVE</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">     Reassembly metho=
d: FAVOR_OLD</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">Using GMT time</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">No arguments to frag2 directive, setting =
defaults to:</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">    Fragment timeout: 60 s=
econds</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">    Fragment memory cap: 4=
194304 bytes</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">ProcessFileOption: c:\snort\log/log</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">WARNING: command line overrides rules fil=
e logging plugin!</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">WARNING: command line overrides rules fil=
e logging plugin!</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">WARNING: command line overrides rules fil=
e logging plugin!</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">980 Snort rules read...</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">980 Option Chains linked into 100 Chain H=
eaders</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">0 Dynamic rules</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">+++++++++++++++++++++++++++++++++++++++++=
++++++++++</FONT>
</P>

<P><FONT SIZE=3D2 FACE=3D"Arial">Rule application order: ->activation-&g=
t;dynamic->alert->pass->log->suspicious->red</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">alert</FONT>
</P>

<P><FONT SIZE=3D2 FACE=3D"Arial">       =
 --=3D=3D Initialization Complete =3D=3D--</FONT>
</P>

<P><FONT SIZE=3D2 FACE=3D"Arial">-*> Snort! <*-</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">Version 1.8-WIN32 (Build 103)</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">By Martin Roesch (roesch at ...1935..., www.=
snort.org)</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">1.7-WIN32 Port By Michael Davis (mike at ...979...=
92..., www.datanerds.net/~mike)</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">1.8-WIN32 Port By Chris Reid (chris.reid@=
...3029...)</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">      &nbsp=
;   (based on code from 1.7 port)</FONT>
</P>

<P><FONT SIZE=3D2 FACE=3D"Arial">[End config]</FONT>
</P>

</BODY>
</HTML>=

------_=_NextPart_001_01C1FC1F.CA1F9E20--




More information about the Snort-users mailing list