<html>

<head>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 11 (filtered)">
<title>Message</title>
<style>
<!--
 /* Font Definitions */
 @font-face
        {font-family:Tahoma;
        panose-1:2 11 6 4 3 5 4 4 2 4;}
 /* Style Definitions */
 p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0in;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"Times New Roman";}
a:link, span.MsoHyperlink
        {color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {color:purple;
        text-decoration:underline;}
p
        {margin-right:0in;
        margin-left:0in;
        font-size:12.0pt;
        font-family:"Times New Roman";}
span.EmailStyle18
        {font-family:Arial;
        color:navy;}
@page Section1
        {size:8.5in 11.0in;
        margin:1.0in 1.25in 1.0in 1.25in;}
div.Section1
        {page:Section1;}
-->
</style>

</head>

<body lang=EN-US link=blue vlink=purple>

<div class=Section1>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>This is what I have. </span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'> </span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'> </span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>Example of snort.conf</span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'> </span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>include $RULE_PATH
/opt/snort/rules/smtp.rules^M</span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>include $RULE_PATH
/opt/snort/rules/imap.rules^M</span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>include $RULE_PATH
/opt/snort/rules/pop2.rules^M</span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>include $RULE_PATH
/opt/snort/rules/pop3.rules^M</span></font></p>

<div>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'> </span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'> </span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'> </span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>Thanks,</span></font> <font size=2
color=navy face=Arial><span style='font-size:10.0pt;font-family:Arial;
color:navy'>opt/snort/etc</span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'># ls -l</span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>total 706</span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>-rw-r--r--   1 root     other       6004
Feb 10 08:36 Makefile</span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>-rw-r--r--   1 root     other        230
Feb 10 08:36 Makefile.am</span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>-rw-r--r--   1 root     other       5464
Feb 10 08:36 Makefile.in</span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>-rw-r--r--   1 root     other       3521
Feb 10 08:36 classification.config</span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>-rw-r--r--   1 root     other       8066
Feb 10 08:36 gen-msg.map</span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>-rw-r--r--   1 root     other       1622
Feb 10 08:36 generators</span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>-rw-r--r--   1 root     other        608
Feb 10 08:36 reference.config</span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>-rw-r--r--   1 root     other         58
Feb 10 08:36 sid</span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>-rw-r--r--   1 root     other     235477
Feb 10 08:36 sid-msg.map</span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>-rw-r--r--   1 root     other      28162
Feb 10 09:37 snort.conf</span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>-rw-r--r--   1 root     other       2319
Feb 10 08:36 threshold.conf</span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>-rw-r--r--   1 root     other      53841
Feb 10 08:36 unicode.map</span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>#</span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'> </span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>#  cd ..</span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'># ls -l</span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>total 12</span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>drwxr-xr-x   2 root     other        512
Feb 10 08:33 bin</span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>drwxr-xr-x   2 root     other        512
Feb 10 09:35 etc</span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>drwxr-xr-x   2 root     other        512
Feb 10 08:35 folder</span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>drwxr-xr-x   3 root     other        512
Feb 10 08:33 man</span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>drwxr-xr-x   2 root     other       1536
Feb 10 08:36 rules</span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'># cd rules</span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'># ls -l</span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>total 2018</span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>-rw-r--r--   1 root     other       6551
Feb 10 08:36 Makefile</span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>-rw-r--r--   1 root     other        777
Feb 10 08:36 Makefile.am</span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>-rw-r--r--   1 root     other       6009
Feb 10 08:36 Makefile.in</span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>-rw-r--r--   1 root     other       4768
Feb 10 08:36 attack-responses.rules</span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>-rw-r--r--   1 root     other      16612
Feb 10 08:36 backdoor.rules</span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>-rw-r--r--   1 root     other       3000
Feb 10 08:36 bad-traffic.rules</span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>-rw-r--r--   1 root     other       7212
Feb 10 08:36 chat.rules</span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>-rw-r--r--   1 root     other       6783
Feb 10 08:36 ddos.rules</span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>-rw-r--r--   1 root     other      63449
Feb 10 08:36 deleted.rules</span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>-rw-r--r--   1 root     other       5381
Feb 10 08:36 dns.rules</span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>-rw-r--r--   1 root     other       4831
Feb 10 08:36 dos.rules</span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>-rw-r--r--   1 root     other        471
Feb 10 08:36 experimental.rules</span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>-rw-r--r--   1 root     other      24415
Feb 10 08:36 exploit.rules</span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>-rw-r--r--   1 root     other       3112
Feb 10 08:36 finger.rules</span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>-rw-r--r--   1 root     other      20491
Feb 10 08:36 ftp.rules</span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>-rw-r--r--   1 root     other      15618
Feb 10 08:36 icmp-info.rules</span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>-rw-r--r--   1 root     other       4488
Feb 10 08:36 icmp.rules</span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>-rw-r--r--   1 root     other      12577
Feb 10 08:36 imap.rules</span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>-rw-r--r--   1 root     other       2430
Feb 10 08:36 info.rules</span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>-rw-r--r--   1 root     other        199
Feb 10 08:36 local.rules</span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>-rw-r--r--   1 root     other      16657
Feb 10 08:36 misc.rules</span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>-rw-r--r--   1 root     other       2866
Feb 10 08:36 multimedia.rules</span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>-rw-r--r--   1 root     other        816
Feb 10 08:36 mysql.rules</span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>-rw-r--r--   1 root     other     118680
Feb 10 08:36 netbios.rules</span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>-rw-r--r--   1 root     other       3895
Feb 10 08:36 nntp.rules</span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>-rw-r--r--   1 root     other     176913
Feb 10 08:36 oracle.rules</span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>-rw-r--r--   1 root     other       1383
Feb 10 08:36 other-ids.rules</span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>-rw-r--r--   1 root     other       3953
Feb 10 08:36 p2p.rules</span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>-rw-r--r--   1 root     other       5323
Feb 10 08:36 policy.rules</span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>-rw-r--r--   1 root     other       1228
Feb 10 08:36 pop2.rules</span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>-rw-r--r--   1 root     other       8578
Feb 10 08:36 pop3.rules</span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>-rw-r--r--   1 root     other       5061
Feb 10 08:36 porn.rules</span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>-rw-r--r--   1 root     other      51378
Feb 10 08:36 rpc.rules</span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>-rw-r--r--   1 root     other       2920
Feb 10 08:36 rservices.rules</span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>-rw-r--r--   1 root     other       4088
Feb 10 08:36 scan.rules</span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>-rw-r--r--   1 root     other       4727
Feb 10 08:36 shellcode.rules</span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>-rw-r--r--   1 root     other      22090
Feb 10 08:36 smtp.rules</span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>-rw-r--r--   1 root     other       4915
Feb 10 08:36 snmp.rules</span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>-rw-r--r--   1 root     other      14409
Feb 10 08:36 sql.rules</span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>-rw-r--r--   1 root     other       3572
Feb 10 08:36 telnet.rules</span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>-rw-r--r--   1 root     other       2560
Feb 10 08:36 tftp.rules</span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>-rw-r--r--   1 root     other       1211
Feb 10 08:36 virus.rules</span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>-rw-r--r--   1 root     other      10229
Feb 10 08:36 web-attacks.rules</span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>-rw-r--r--   1 root     other     100668
Feb 10 08:36 web-cgi.rules</span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>-rw-r--r--   1 root     other       7419
Feb 10 08:36 web-client.rules</span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>-rw-r--r--   1 root     other       9166
Feb 10 08:36 web-coldfusion.rules</span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>-rw-r--r--   1 root     other       9484
Feb 10 08:36 web-frontpage.rules</span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>-rw-r--r--   1 root     other      37230
Feb 10 08:36 web-iis.rules</span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>-rw-r--r--   1 root     other      94963
Feb 10 08:36 web-misc.rules</span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>-rw-r--r--   1 root     other      35801
Feb 10 08:36 web-php.rules</span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>-rw-r--r--   1 root     other        573
Feb 10 08:36 x11.rules</span></font></p>

<p class=MsoNormal><font size=3 color=navy face="Times New Roman"><span
style='font-size:12.0pt;color:navy'> </span></font></p>

<p class=MsoNormal><font size=3 color=navy face="Times New Roman"><span
style='font-size:12.0pt;color:navy'> </span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>Spencer</span></font></p>

</div>

<div>

<div class=MsoNormal align=center style='text-align:center'><font size=3
face="Times New Roman"><span style='font-size:12.0pt'>

<hr size=2 width="100%" align=center tabindex=-1>

</span></font></div>

<p class=MsoNormal><b><font size=2 face=Tahoma><span style='font-size:10.0pt;
font-family:Tahoma;font-weight:bold'>From:</span></font></b><font size=2
face=Tahoma><span style='font-size:10.0pt;font-family:Tahoma'> William
Fitzgerald [mailto:wfitzgerald@...9307...] <br>
<b><span style='font-weight:bold'>Sent:</span></b> Thursday, February 10, 2005
9:23 AM<br>
<b><span style='font-weight:bold'>To:</span></b> Plantier, Spencer;
snort-users@lists.sourceforge.net<br>
<b><span style='font-weight:bold'>Subject:</span></b> RE: [Snort-users] start
snort in IDS mode</span></font></p>

</div>

<p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size:
12.0pt'> </span></font></p>

<div>

<p class=MsoNormal><font size=2 color=blue face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:blue'>I wonder if you have the rules directory
in the correct place.</span></font></p>

</div>

<div>

<p class=MsoNormal><font size=2 color=blue face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:blue'>you should have:</span></font></p>

</div>

<div>

<p class=MsoNormal><font size=2 color=blue face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:blue'>/opt/snort/etc</span></font></p>

</div>

<div>

<p class=MsoNormal><font size=2 color=blue face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:blue'>/opt/snort/rules</span></font></p>

</div>

<div>

<p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size:
12.0pt'> </span></font></p>

</div>

<div>

<p class=MsoNormal><font size=2 color=blue face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:blue'>in the snort.conf file:</span></font><font
size=1 color=black><span style='font-size:7.5pt;color:black'> </span></font></p>

</div>

<div>

<p class=MsoNormal><font size=2 color=blue face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:blue'># Path to your rules files (this can be a
relative path)</span></font></p>

</div>

<p><font size=2 color=blue face=Arial><span style='font-size:10.0pt;font-family:
Arial;color:blue'>var RULE_PATH ../rules</span></font></p>

<p><font size=2 color=blue face=Arial><span style='font-size:10.0pt;font-family:
Arial;color:blue'>this goes up one directory from etc to rules. if you copied
the rules to the etc directory then change the RULES_PATH to reflect this.</span></font></p>

<p><font size=3 face="Times New Roman"><span style='font-size:12.0pt'> </span></font></p>

<div>

<p><font size=1 face="Times New Roman"><span style='font-size:7.5pt'> </span></font></p>

</div>

<blockquote style='margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt'>

<p class=MsoNormal style='margin-bottom:12.0pt'><font size=2 face=Tahoma><span
style='font-size:10.0pt;font-family:Tahoma'>-----Original Message-----<br>
<b><span style='font-weight:bold'>From:</span></b>
snort-users-admin@lists.sourceforge.net
[mailto:snort-users-admin@lists.sourceforge.net] <b><span style='font-weight:
bold'>On Behalf Of </span></b>Plantier, Spencer<br>
<b><span style='font-weight:bold'>Sent:</span></b> 10 February 2005 14:17<br>
<b><span style='font-weight:bold'>To:</span></b>
snort-users@lists.sourceforge.net<br>
<b><span style='font-weight:bold'>Subject:</span></b> [Snort-users] start snort
in IDS mode</span></font></p>

<p><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'><!-- Converted from text/rtf format -->I
got IDS to start but I got the following output:</span></font></p>

<p><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>opt/snort/bin/snort
-c /opt/snort/etc/snort.conf -i hme0</span></font></p>

<p><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>Running
in IDS mode</span></font></p>

<p><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>Initializing
Network Interface hme0</span></font></p>

<p><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>       
--== Initializing Snort ==--</span></font></p>

<p><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>Initializing
Output Plugins!</span></font></p>

<p><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>Decoding
Ethernet on interface hme0</span></font></p>

<p><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>Initializing
Preprocessors!</span></font></p>

<p><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>Initializing
Plug-ins!</span></font></p>

<p><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>Parsing
Rules file /opt/snort/etc/snort.conf</span></font></p>

<p><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>+++++++++++++++++++++++++++++++++++++++++++++++++++</span></font></p>

<p><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>Initializing
rule chains...</span></font></p>

<p><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>,-----------[Flow
Config]----------------------</span></font></p>

<p><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>|
Stats Interval:  0</span></font></p>

<p><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>|
Hash Method:     2</span></font></p>

<p><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>|
Memcap:          10485760</span></font></p>

<p><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>|
Rows  :          4099</span></font></p>

<p><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>|
Overhead Bytes:  16400(%0.16)</span></font></p>

<p><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>`----------------------------------------------</span></font></p>

<p><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>No
arguments to frag2 directive, setting defaults to:</span></font></p>

<p><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>   
Fragment timeout: 60 seconds</span></font></p>

<p><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>   
Fragment memory cap: 4194304 bytes</span></font></p>

<p><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>   
Fragment min_ttl:   0</span></font></p>

<p><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>   
Fragment ttl_limit: 5</span></font></p>

<p><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>   
Fragment Problems: 0</span></font></p>

<p><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>   
Self preservation threshold: 500</span></font></p>

<p><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>   
Self preservation period: 90</span></font></p>

<p><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>   
Suspend threshold: 1000</span></font></p>

<p><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>   
Suspend period: 30</span></font></p>

<p><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>Stream4
config:</span></font></p>

<p><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>   
Stateful inspection: ACTIVE</span></font></p>

<p><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>   
Session statistics: INACTIVE</span></font></p>

<p><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>   
Session timeout: 30 seconds</span></font></p>

<p><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>   
Session memory cap: 8388608 bytes</span></font></p>

<p><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>   
State alerts: INACTIVE</span></font></p>

<p><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>   
Evasion alerts: INACTIVE</span></font></p>

<p><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>   
Scan alerts: INACTIVE</span></font></p>

<p><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>   
Log Flushed Streams: INACTIVE</span></font></p>

<p><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>   
MinTTL: 1</span></font></p>

<p><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>   
TTL Limit: 5</span></font></p>

<p><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>   
Async Link: 0</span></font></p>

<p><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>   
State Protection: 0</span></font></p>

<p><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>   
Self preservation threshold: 50</span></font></p>

<p><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>   
Self preservation period: 90</span></font></p>

<p><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>   
Suspend threshold: 200</span></font></p>

<p><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>   
Suspend period: 30</span></font></p>

<p><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>   
Enforce TCP State: INACTIVE</span></font></p>

<p><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>   
Midstream Drop Alerts: INACTIVE</span></font></p>

<p><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>Stream4_reassemble
config:</span></font></p>

<p><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>   
Server reassembly: INACTIVE</span></font></p>

<p><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>   
Client reassembly: ACTIVE</span></font></p>

<p><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>   
Reassembler alerts: ACTIVE</span></font></p>

<p><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>   
Zero out flushed packets: INACTIVE</span></font></p>

<p><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>   
flush_data_diff_size: 500</span></font></p>

<p><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>   
Ports: 21 23 25 53 80 110 111 143 513 1433 </span></font></p>

<p><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>   
Emergency Ports: 21 23 25 53 80 110 111 143 513 1433 </span></font></p>

<p><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>HttpInspect
Config:</span></font></p>

<p><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>   
GLOBAL CONFIG</span></font></p>

<p><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>     
Max Pipeline Requests:    0</span></font></p>

<p><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>     
Inspection Type:         
STATELESS</span></font></p>

<p><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>     
Detect Proxy Usage:       NO</span></font></p>

<p><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>     
IIS Unicode Map Filename: /opt/snort/etc/unicode.map</span></font></p>

<p><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>     
IIS Unicode Map Codepage: 1252</span></font></p>

<p><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>   
DEFAULT SERVER CONFIG:</span></font></p>

<p><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>     
Ports: 80 8080 8180 </span></font></p>

<p><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>     
Flow Depth: 300</span></font></p>

<p><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>     
Max Chunk Length: 500000</span></font></p>

<p><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>     
Inspect Pipeline Requests: YES</span></font></p>

<p><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>     
URI Discovery Strict Mode: NO</span></font></p>

<p><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>     
Allow Proxy Usage: NO</span></font></p>

<p><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>     
Disable Alerting: NO</span></font></p>

<p><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>     
Oversize Dir Length: 500</span></font></p>

<p><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>     
Only inspect URI: NO</span></font></p>

<p><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>     
Ascii: YES alert: NO</span></font></p>

<p><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>     
Double Decoding: YES alert: YES</span></font></p>

<p><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>     
%U Encoding: YES alert: YES</span></font></p>

<p><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>     
Bare Byte: YES alert: YES</span></font></p>

<p><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>     
Base36: OFF</span></font></p>

<p><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>     
UTF 8: OFF</span></font></p>

<p><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>     
IIS Unicode: YES alert: YES</span></font></p>

<p><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>     
Multiple Slash: YES alert: NO</span></font></p>

<p><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>     
IIS Backslash: YES alert: NO</span></font></p>

<p><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>     
Directory Traversal: YES alert: NO</span></font></p>

<p><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>     
Web Root Traversal: YES alert: YES</span></font></p>

<p><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>     
Apache WhiteSpace: YES alert: NO</span></font></p>

<p><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>     
IIS Delimiter: YES alert: NO</span></font></p>

<p><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>     
IIS Unicode Map: GLOBAL IIS UNICODE MAP CONFIG</span></font></p>

<p><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>     
Non-RFC Compliant Characters: NONE</span></font></p>

<p><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>rpc_decode
arguments:</span></font></p>

<p><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>   
Ports to decode RPC on: 111 32771 </span></font></p>

<p><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>   
alert_fragments: INACTIVE</span></font></p>

<p><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>   
alert_large_fragments: ACTIVE</span></font></p>

<p><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>   
alert_incomplete: ACTIVE</span></font></p>

<p><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>   
alert_multiple_requests: ACTIVE</span></font></p>

<p><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>telnet_decode
arguments:</span></font></p>

<p><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>   
Ports to decode telnet on: 21 23 25 119 </span></font></p>

<p><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>Portscan
Detection Config:</span></font></p>

<p><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>   
Detect Protocols:  TCP UDP ICMP IP</span></font></p>

<p><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>   
Detect Scan Type:  portscan portsweep decoy_portscan distributed_portscan</span></font></p>

<p><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>   
Sensitivity Level: Low</span></font></p>

<p><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>   
Memcap (in bytes): 10000000</span></font></p>

<p><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>   
Number of Nodes:   36900</span></font></p>

<p><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>ERROR:
/opt/snort/etc/../rules(1) => NULL rule type</span></font></p>

<p><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>Fatal
Error, Quitting..</span></font></p>

<p><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>#</span></font></p>

</blockquote>

</div>

</body>

</html>