Snort mailing list archives
Re: [RGSPAM] RE: Snort Beta v2.6
From: Jason Brvenik <jasonb () sourcefire com>
Date: Mon, 20 Mar 2006 21:01:34 -0500
response inline. Ron Jenkins wrote:
I got it to load with the following; thanks Jason:
Good to hear. Happy to help.
/usr/local/bin/snort -e -i eth1 -d -c /etc/snort/snort.conf -l /var/log/snort --dynamic-preprocessor-lib /usr/local/lib/snort_dynamicpreprocessor/libsf_ftptelnet_preproc.so --dynamic-preprocessor-lib /usr/local/lib/snort_dynamicpreprocessor/libsf_smtp_preproc.so Does anyone know what these messages refer too? /Warning: flowbits key 'http.jpeg' is checked but not ever set./ /Warning: flowbits key 'ms_sql_seen_dns' is checked but not ever set./ /Warning: flowbits key 'dce.bind.veritas' is set but not ever checked./ /Warning: flowbits key 'netbios.lsass.bind.attempt' is checked but not ever set./ /Warning: flowbits key 'dce.isystemactivator.bind.call.attempt' is set but not ever checked./ /Warning: flowbits key 'trojan' is set but not ever checked./ /Warning: flowbits key 'realplayer.playlist' is checked but not ever set./
These indicate that some rules set or check flowbits but there are no rules which set or check them. This is normal from time to time as bits are often set for future checks, for rule chains that may be disabled, or for rules that have been moved out. If these are never checked the rules that set them are _usually_ safe to disable as well.
// /Not Using PCAP_FRAMES/
You are not using a setting that can help with performance. http://www.snort.org/docs/snort_htmanuals/htmanual_2.4/rc1/node27.html ------------------------------------------------------- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort Beta v2.6 Ron Jenkins (Mar 20)
- Re: Snort Beta v2.6 Will Metcalf (Mar 20)
- Re: Snort Beta v2.6 Jason Brvenik (Mar 20)
- <Possible follow-ups>
- RE: Snort Beta v2.6 Ron Jenkins (Mar 20)
- Re: [RGSPAM] RE: Snort Beta v2.6 Jason Brvenik (Mar 20)