Snort mailing list archives
Re: Contents of Snort-users digest...
From: Daniel Castellano <daniel.castellano () NAV-INTERNATIONAL com br>
Date: Tue, 26 Aug 2003 18:22:22 -0300
-----Mensaje original----- De: snort-users-request () lists sourceforge net [mailto:snort-users-request () lists sourceforge net] Enviado el: Martes, 26 de Agosto de 2003 16:21 Para: snort-users () lists sourceforge net Asunto: Snort-users digest, Vol 1 #3497 - 13 msgs Send Snort-users mailing list submissions to snort-users () lists sourceforge net To subscribe or unsubscribe via the World Wide Web, visit https://lists.sourceforge.net/lists/listinfo/snort-users or, via email, send a message with subject or body 'help' to snort-users-request () lists sourceforge net You can reach the person managing the list at snort-users-admin () lists sourceforge net When replying, please edit your Subject line so it is more specific than "Re: Contents of Snort-users digest..." Today's Topics: 1. Re: snort ?> mysql (Erek Adams) 2. Re: RPMS (Daniel Wittenberg) 3. Re: [Snort-devel] Available for download? (Roland Turner) 4. RE: Anyone using "Enterprise implementation"? (Tom Van Overbeke) 5. RE: Anyone using "Enterprise implementation"? (Kreimendahl, Chad J) 6. AW: [Snort-users] Snort x Dragon Integration? (Poppi, Sandro) 7. Re: Help!!! (Edin Dizdarevic) 8. Snort on Windows 2003 Server (Tiberiu Tajts) 9. RE: Snort on Windows 2003 Server (Jeff Dell) 10. RE: Snort on Windows 2003 Server (Randy M. Nash) 11. Barnyard CSV output (David) 12. Re: No Alerts (Matt Kettler) 13. Snort (Edward Marshall) --__--__-- Message: 1 Date: Tue, 26 Aug 2003 05:58:15 -0400 (EDT) From: Erek Adams <erek () snort org> To: Roger Brown <roger.brown () intervoice com> cc: edin.dizdarevic () interActive-Systems de, snort-users () lists sourceforge net Subject: Re: [Snort-users] snort ?> mysql On Mon, 25 Aug 2003, Roger Brown wrote:
I'm connecting to a remote; thanks for the -T switch; here's what I
came up with. It looks like I have a problem with the mysql build - I
tried the ./configure and didn't get any errors but I still get the
message below:
telnet_decode arguments:
Ports to decode telnet on: 21 23 25 119
database: compiled support for ( )
database: configured to use mysql
database: 'mysql' support is not compiled into this build of snort
ERROR: If this build of snort was obtained as a binary distribution
(e.g., rpm, or Windows), then check for alternate builds that contains
the necessary 'mysql' support.
If this build of snort was compiled by you, then re-run the the
./configure script using the '--with-mysql' switch. For non-standard
installations of a database, the '--with-mysql=DIR' syntax may need to
be used to specify the base directory of the DB install.
See the database documentation for cursory details
(doc/README.database). and the URL to the most recent database plugin
documentation. Fatal Error, Quitting..
Fairly self explanatory. :) The Snort binary that you are using wasn't compiled with the --with-mysql switch. Rebuild it with that enabled, and all should be well. Cheers! ----- Erek Adams "When things get weird, the weird turn pro." H.S. Thompson --__--__-- Message: 2 Subject: Re: [Snort-users] RPMS From: Daniel Wittenberg <daniel-wittenberg () starken com> To: Snort Users List <snort-users () lists sourceforge net> Organization: The Starken Group Date: Mon, 25 Aug 2003 20:31:35 -0500 If you have the oracle libraries installed, you can even build the snort-oracle rpm too... Dan On Mon, 2003-08-25 at 18:40, JP Vossen wrote:
Snort.org will provide binary packages for snort itself (including docs and contrib), MySQL and PostgreSQL (all three with statically compiled flexresp). If you don't like those it will be trivially easy to build your own (assuming your system meets the dependencies). Later, JP
-- ============================= Daniel Wittenberg RHCE+AS/IBM Certified Specialist President/CTO The Starken Group http://www.starken.com --__--__-- Message: 3 Date: Tue, 26 Aug 2003 10:49:51 +0100 From: Roland Turner <raz () countersnipe com> To: snort-users () lists sourceforge net Subject: [Snort-users] Re: [Snort-devel] Available for download? Brian wrote:
As far as I know, Countersnipe is just snort-inline, which is already available on snort.org.
Our engine is snort with a handful of patches, notably including the snort-inline patch. Note that the snort-inline patch at http://sourceforge.net/projects/snort-inline appears to be somewhat more recent than that at http://www.snort.org/dl/contrib/patches/inline/ - Raz --__--__-- Message: 4 Date: Tue, 26 Aug 2003 17:26:57 +0200 From: Tom Van Overbeke <tvanoverbeke () ccncsi net> Subject: RE: [Snort-users] Anyone using "Enterprise implementation"? To: 'Emre Bastuz' <info () emre de>, snort-users () lists sourceforge net If you're getting that much of info in only 8 hours, i suggest you finetu= ne your snort config first. there can't possibly be that much of interesting information in such a short timeframe. Tom.
-----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net]On Behalf Of Emre Bastuz Sent: 26 August 2003 11:04 To: snort-users () lists sourceforge net Subject: [Snort-users] Anyone using "Enterprise implementation"? Hi, I=B4ve been planning to deploy Acid+Snort+Snortcenter in an "enterprise=
"
scenario with about 10 sensors with GigE Interfaces and one managment machine with mysql,apache, etc.. During my initial test Snort wrote about 6 Gig of information from sensor to managment machine within 8 hours. Not that I did not expect this but the mysql queries on the Acid console take forever thus leaving the system completely useless. I read the FAQ and also did some serious Googling to learn how to improve performance but creating indexes and tuning buffers did not really help. Is anyone out there using Acid+Snort+Snortcenter in an environment like I=B4m planning to do? How do you guys handle the huge data that is being written to the db? Just wondering: just one sensor with GigE, sniffing on 3x100mbit is generating that much data, how does Acid+Snort scale when using with more sensors? I could live with doing daily archives of the database but I=B4m afraid with multiple sensorts I would have to switch to archiving every 12 or 6 hours. Any solution or suggestion? Even links, faq=B4s and docs I might have missed are very welcome :) Emre -- info () emre de http://www.emre.de UIN: 561260 PGP Key ID: 0xAFAC77FD I don't see why some people even HAVE cars. -- Calvin ------------------------------------------------------- This SF.net email is sponsored by: VM Ware With VMware you can run multiple operating systems on a single machine. WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=3Dsnort-users
*************************************************************************= *** Disclaimer:=20 This electronic transmission and any files attached to it are strictly=20 confidential and intended solely for the addressee. If you are not=20 the intended addressee, you must not disclose, copy or take any action in reliance of this transmission. If you have received this=20 transmission in error, please notify the sender by return and delete the transmission. Although the sender endeavors to maintain a computer virus free network, the sender does not warrant that this transmission is virus-free and will not be liable for any damages=20 resulting from any virus transmitted.=20 Thank You. *************************************************************************= *** --__--__-- Message: 5 Subject: RE: [Snort-users] Anyone using "Enterprise implementation"? Date: Tue, 26 Aug 2003 10:34:35 -0500 From: "Kreimendahl, Chad J" <Chad.Kreimendahl () umb com> To: "Emre Bastuz" <info () emre de>, <snort-users () lists sourceforge net> I wouldn't recommend using mysql in an 'Enterprise' environment for = anything that matters to you. If your company already pays for oracle, = you'll be better off using that. If not, postgres is a step in the = right direction. -----Original Message----- From: Emre Bastuz [mailto:info () emre de]=20 Sent: Tuesday, August 26, 2003 4:04 AM To: snort-users () lists sourceforge net Subject: [Snort-users] Anyone using "Enterprise implementation"? Hi, I=B4ve been planning to deploy Acid+Snort+Snortcenter in an "enterprise" scenario with about 10 sensors with GigE Interfaces and one managment machine with mysql,apache, etc.. During my initial test Snort wrote about 6 Gig of information from sensor to managment machine within 8 hours. Not that I did not expect this but the mysql queries on the Acid console take forever thus leaving the system completely useless. I read the FAQ and also did some serious Googling to learn how to = improve performance but creating indexes and tuning buffers did not really help. Is anyone out there using Acid+Snort+Snortcenter in an environment like = I=B4m planning to do? How do you guys handle the huge data that is being written to the db? Just wondering: just one sensor with GigE, sniffing on 3x100mbit is = generating that much data, how does Acid+Snort scale when using with more sensors? I could live with doing daily archives of the database but I=B4m afraid = with multiple sensorts I would have to switch to archiving every 12 or 6 = hours. Any solution or suggestion? Even links, faq=B4s and docs I might have = missed are very welcome :) Emre --=20 info () emre de http://www.emre.de =20 UIN: 561260 PGP Key ID: 0xAFAC77FD I don't see why some people even HAVE cars. -- Calvin ------------------------------------------------------- This SF.net email is sponsored by: VM Ware With VMware you can run multiple operating systems on a single machine. WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the same time. Free trial click = here:http://www.vmware.com/wl/offer/358/0 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=3Dsnort-users --__--__-- Message: 6 From: "Poppi, Sandro" <Sandro.Poppi () wacker com> To: Bernardo Santos Wernesback <bernardo () ish com br>, snort-users () lists sourceforge net Subject: AW: [Snort-users] Snort x Dragon Integration? Date: Mon, 25 Aug 2003 10:13:20 +0200 I tried it sometime ago with Dragon 5 and Snort snmp plugin, but the results were not what I expected. AFAIR there where problems to differentiate the OIDs in Dragon to have Dragon report on each specific Snort rule. If you plan to work on it I could send you a small script to convert Snort rules (pre 2.0) to Dragon rules if I can find it again ;) As of Dragon 6 I think it should be possible to write an own Dragon plugin for Snort (using the newly introduced Dragon API for development) but never tried it though. So long, Sandro
Hello Everyone, Has anyone tried to integrate Dragon and Snort? What I mean by integration is having Snort detect events, send them to Dragon (SNMP?) and have Dragon take action? I thought about that possibility and I wondered if anyone had tried. Thanks for any opinions, Bernardo Santos Wernesback bernardo -= at =- ish.com.br ------------------------------------------------------- This SF.net email is sponsored by: VM Ware With VMware you can run multiple operating systems on a single machine. WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/sn>ort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
--__--__-- Message: 7 Date: Mon, 25 Aug 2003 17:28:19 +0200 From: Edin Dizdarevic <edin.dizdarevic () interActive-Systems de> Reply-To: edin.dizdarevic () interActive-Systems de Organization: interActive Systems To: henrique de lima arabe - PDBL/uoi <hlima () pbh gov br> Cc: snort-users () lists sourceforge net Subject: Re: [Snort-users] Help!!! henrique de lima arabe - PDBL/uoi wrote:
Anyone could help me using Snort? What rules and config files have to be changed to reflect a network? How do they interact? Any help would be greatly appreciated. Thanks Hank.
All the information you need is in the FAQ and the documentation shipped
with Snort. A decent book may also help, try Stephen Northcutts IDS
books.
Regards,
Edin
--
Edin Dizdarevic
--__--__--
Message: 8
Date: Tue, 26 Aug 2003 12:54:04 -0400
From: "Tiberiu Tajts" <ttajts () dot state ny us>
To: <snort-users () lists sourceforge net>
Subject: [Snort-users] Snort on Windows 2003 Server
I receive the message: ERROR unable to open rules file;
classification.config or./classification.config
fatal error.Quiting...
Any suggestions??
Tibi Tajts
--__--__--
Message: 9
From: "Jeff Dell" <jdell () activeworx com>
To: "'Tiberiu Tajts'" <ttajts () dot state ny us>,
<snort-users () lists sourceforge net>
Subject: RE: [Snort-users] Snort on Windows 2003 Server
Date: Tue, 26 Aug 2003 13:29:01 -0400
Check the location of the file classification.config. It looks like
snort.conf can't find it. If you find it, any easy fix is to just put it
in the same directory as snort.conf.
Jeff
-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of Tiberiu
Tajts
Sent: Tuesday, August 26, 2003 12:54 PM
To: snort-users () lists sourceforge net
Subject: [Snort-users] Snort on Windows 2003 Server
I receive the message: ERROR unable to open rules file;
classification.config or./classification.config
fatal error.Quiting...
Any suggestions??
Tibi Tajts
-------------------------------------------------------
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines
at the same time. Free trial click
here:http://www.vmware.com/wl/offer/358/0
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
--__--__--
Message: 10
Date: Tue, 26 Aug 2003 11:25:07 -0700 (PDT)
From: "Randy M. Nash" <atriskforum () yahoo com>
Reply-To: nashr () atriskonline com
Subject: RE: [Snort-users] Snort on Windows 2003 Server
To: Jeff Dell <jdell () activeworx com>,
'Tiberiu Tajts' <ttajts () dot state ny us>,
snort-users () lists sourceforge net
Jeff,
You should review your snort.conf file. You can use
the full path pointing to the classification.config
file as follows (Windows example):
#
# Include classification & priority settings
#
include c:\snort\etc\classification.config
Hope this helps!
Randy
--- Jeff Dell <jdell () activeworx com> wrote:
Check the location of the file classification.config. It looks like snort.conf can't find it. If you find it, any easy fix is to just put it in the same directory as snort.conf. Jeff -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of Tiberiu Tajts Sent: Tuesday, August 26, 2003 12:54 PM To: snort-users () lists sourceforge net Subject: [Snort-users] Snort on Windows 2003 Server I receive the message: ERROR unable to open rules file; classification.config or./classification.config fatal error.Quiting... Any suggestions?? Tibi Tajts
-------------------------------------------------------
This SF.net email is sponsored by: VM Ware With VMware you can run multiple operating systems on a single machine. WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
-------------------------------------------------------
This SF.net email is sponsored by: VM Ware With VMware you can run multiple operating systems on a single machine. WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users ===== Randy M. Nash @RISK Online http://www.atriskonline.com __________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com --__--__-- Message: 11 To: snort-users () lists sourceforge net Reply-To: dwad24 () excite com From: "David" <dwad24 () excite com> Cc: Date: Tue, 26 Aug 2003 13:55:52 -0400 (EDT) Subject: [Snort-users] Barnyard CSV output Hello snorters, quick question... I am trying to use barnyard to produce some nice csv output. In my barnyard config file I have the line: output alert_csv: /foo/bar/csvalerts timestamp,srcip,sport, etc. so my quick question is...(drumroll please) :P what are possible values to have barnyard output into my csv file? For example, above I have timestamp, srcip and sport going into the csvalert file. So what are all the other values I can have. I know there is dstip, dport, msg, protoname and a few others, but is there a definitive list anywhere? Also, are there any detailed docs for barnyard? I have the docs that come with the barnyard package, but I would love to find a really nice thick and juicy barnyard man page :D Thanks everyone! Dave _______________________________________________ Join Excite! - http://www.excite.com The most personalized portal on the Web! --__--__-- Message: 12 Date: Tue, 26 Aug 2003 14:56:12 -0400 To: russ () 411russ com, snort-users () lists sourceforge net From: Matt Kettler <mkettler () evi-inc com> Subject: Re: [Snort-users] No Alerts At 07:08 PM 8/25/2003 -0700, russ () 411russ com wrote:
Hi, I've configured SNORT with ACID and everything seems ok. But when I run port scans the scans report all the correct information but ACID never shows any alerts.
Are you using one of the portscan preprocessors in a way which would cause
your scan to trigger an alert?
Have you verified using tcpdump that the snort sensor is even seeing the
traffic in the first place?
--__--__--
Message: 13
From: "Edward Marshall" <edtech () tstt net tt>
To: <snort-users () lists sourceforge net>
Date: Tue, 26 Aug 2003 15:10:08 -0400
Subject: [Snort-users] Snort
This is a multi-part message in MIME format.
------=_NextPart_000_0001_01C36BE4.24369BE0
Content-Type: text/plain;
charset="US-ASCII"
Content-Transfer-Encoding: 7bit
Hello, can anyone suggest a good log analyzer for snort 2.0 /2.0.1???
Thanks
Edward Marshall
edtech () tstt net tt
------=_NextPart_000_0001_01C36BE4.24369BE0
Content-Type: text/html;
charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable
<html xmlns:o=3D"urn:schemas-microsoft-com:office:office" =
xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns=3D"http://www.w3.org/TR/REC-html40";>
<head>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Dus-ascii">
<meta name=3DProgId content=3DWord.Document>
<meta name=3DGenerator content=3D"Microsoft Word 10">
<meta name=3DOriginator content=3D"Microsoft Word 10">
<link rel=3DFile-List href=3D"cid:filelist.xml@01C36BE4.230EE4C0">
<!--[if gte mso 9]><xml>
<o:OfficeDocumentSettings>
<o:DoNotRelyOnCSS/>
</o:OfficeDocumentSettings>
</xml><![endif]--><!--[if gte mso 9]><xml>
<w:WordDocument>
<w:SpellingState>Clean</w:SpellingState>
<w:GrammarState>Clean</w:GrammarState>
<w:DocumentKind>DocumentEmail</w:DocumentKind>
<w:EnvelopeVis/>
<w:Compatibility>
<w:BreakWrappedTables/>
<w:SnapToGridInCell/>
<w:WrapTextWithPunct/>
<w:UseAsianBreakRules/>
</w:Compatibility>
<w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel>
</w:WordDocument>
</xml><![endif]-->
<style>
<!--
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{mso-style-parent:"";
margin:0in;
margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:12.0pt;
font-family:"Times New Roman";
mso-fareast-font-family:"Times New Roman";}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline;
text-underline:single;}
a:visited, span.MsoHyperlinkFollowed
{color:purple;
text-decoration:underline;
text-underline:single;}
span.EmailStyle17
{mso-style-type:personal-compose;
mso-style-noshow:yes;
mso-ansi-font-size:10.0pt;
mso-bidi-font-size:10.0pt;
font-family:Arial;
mso-ascii-font-family:Arial;
mso-hansi-font-family:Arial;
mso-bidi-font-family:Arial;
color:windowtext;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.25in 1.0in 1.25in;
mso-header-margin:.5in;
mso-footer-margin:.5in;
mso-paper-source:0;}
div.Section1
{page:Section1;}
-->
</style>
<!--[if gte mso 10]>
<style>
/* Style Definitions */=20
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-parent:"";
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin:0in;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:"Times New Roman";}
</style>
<![endif]-->
</head>
<body lang=3DEN-US link=3Dblue vlink=3Dpurple =
style=3D'tab-interval:.5in'>
<div class=3DSection1>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>Hello, can anyone suggest a good log analyzer for =
snort 2.0
/2.0.1???<o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>Thanks<o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>Edward Marshall<o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>edtech () tstt net tt<o:p></o:p></span></font></p>
</div>
</body>
</html>
------=_NextPart_000_0001_01C36BE4.24369BE0--
--__--__--
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-users
End of Snort-users Digest
-------------------------------------------------------
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines
at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: Contents of Snort-users digest... Daniel Castellano (Aug 26)