No subject


Thu Nov 23 16:36:19 EST 2017


r rules?

What is your output method?

Sent from my iPhone

On Oct 18, 2011, at 7:24 PM, John Ives <jives at ...15416...> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>=20
> Recently, after upgrading to 2.9.1.1 (from 2.9.1.0) on several FreeBSD
> sensors, I noticed that only some of the alerts are logging the pcap
> output from the alerts that it is putting in the local logs and
> sending via syslog.
>=20
> At first I noticed it in several Emerging Threats alerts, but today I
> also found that some of the VRT rules are also missing the
> corresponding pcaps.
>=20
> The rules that are consistently missing pcaps for are:
>=20
> Emerging Threats Rules:
> 2011146
> 2011588
> 2011894
> 2012299
> 2012491
> 2012609
> 2012612
> 2012616
> 2012799
> 2012801
> 2012893
> 2013076
> 2013093
> 2013094
> 2013202
> 2013372
> 2013387
> 2013508
> 2013520
> 2013651
> 2013666
> 2013686
>=20
>=20
> VRT Rules:
> 10196
> 10197
> 16008
>=20
> Snort information:
> Installed from FreeBSD ports with support for IPV6, GRE,
> DECODERPRE,ZLIB, PERFPROFILE
> OS: FreeBSD 8.1 64bit
>=20
> The missing packets are not intermittent, but consistent since the
> upgrade.
>=20
> Thank you,
>=20
> John
>=20
>=20
> - --=20
> - -----------------------------------------------------------------------=
--
> John Ives
> System & Network Security                Phone (510) 229-8676
> University of California, Berkeley
> - -----------------------------------------------------------------------=
--
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.17 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>=20
> iQEcBAEBAgAGBQJOngqeAAoJEJkidK6qbywsQB4IAKh1MFJ9CXKu7tBHp121VAO+
> eIgujlttMCmfNZlLxSSTNDJGr8oynx5MJEYb54vgEmJ+YJMUzvHIqWzFSTqNWyjn
> WEcRLMjj0j7QgtKXpKSY873zH+p2l9xW95iX8vziFN4thfOOQZZPG3hluHMCchxm
> ztjvtV8nNdOnOIu2kynNcQmK2GJGmgYn1n4zuPFwil/6Gv86d2fMckjg1L+qxOlx
> EAQnAwYb5blnNydCNx/CScuce8IPHPMZYz2XLnweQa8uJWVCxxdTniaKflqVwKOR
> 6HFVoWFwhYzAagqlXWMOw+Liar1mBgRrzqOkzmki1mGjm4PWD4+oQ3/IHbduvBI=3D
> =3DICzU
> -----END PGP SIGNATURE-----
>=20
> -------------------------------------------------------------------------=
-----
> All the data continuously generated in your IT infrastructure contains a
> definitive record of customers, application performance, security
> threats, fraudulent activity and more. Splunk takes this data and makes
> sense of it. Business sense. IT sense. Common sense.
> http://p.sf.net/sfu/splunk-d2d-oct
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=3Dsnort-users
>=20
> Please visit http://blog.snort.org to stay current on all the latest Snor=
t news!




More information about the Snort-users mailing list