Snort mailing list archives
Re: Hogger 0.1.3 released
From: "Andy Berryman" <aberryman () Cymtec com>
Date: Tue, 23 Mar 2010 10:51:20 -0500
So, I have hogger running and it slurpped in my XML file and I see it in the syslog that it loaded it. Thanks for the help! Mar 23 15:42:07 (none) snort[4648]: Attribute Table Loaded with 34 hosts I'm assuming the below is it configuring the rules for ports and whatnot. Mar 23 15:42:26 (none) snort[4648]: Attribute Table Reload Thread Starting... Mar 23 15:42:26 (none) snort[4648]: Attribute Table Reload Thread Started, thread 3067956416 (4648) Mar 23 15:42:26 (none) snort[4648]: Checking PID path... Mar 23 15:42:26 (none) snort[4648]: PID path stat checked out ok, PID path set to /var/run/ Mar 23 15:42:26 (none) snort[4648]: Writing PID "4648" to file "/var/run//snort_eth1.pid" Mar 23 15:42:26 (none) snort[4648]: Decoding Ethernet on interface eth1 Mar 23 15:42:35 (none) snort[4648]: fpBuildServicePortGroups: adding protocol-ordinal=24 as service=x11 Mar 23 15:42:35 (none) snort[4648]: fpBuildServicePortGroups: adding protocol-ordinal=12 as service=netbios-ns Mar 23 15:42:35 (none) snort[4648]: fpBuildServicePortGroups: adding protocol-ordinal=28 as service=ldap Mar 23 15:42:35 (none) snort[4648]: fpBuildServicePortGroups: adding protocol-ordinal=74 as service=ident Mar 23 15:42:35 (none) snort[4648]: fpBuildServicePortGroups: adding protocol-ordinal=91 as service=rtsp Mar 23 15:42:35 (none) snort[4648]: fpBuildServicePortGroups: adding protocol-ordinal=13 as service=netbios-ssn Mar 23 15:42:35 (none) snort[4648]: fpBuildServicePortGroups: adding protocol-ordinal=90 as service=ssl Mar 23 15:42:35 (none) snort[4648]: fpBuildServicePortGroups: adding protocol-ordinal=7 as service=telnet Mar 23 15:42:35 (none) snort[4648]: fpBuildServicePortGroups: adding protocol-ordinal=86 as service=sunrpc Mar 23 15:42:35 (none) snort[4648]: fpBuildServicePortGroups: adding protocol-ordinal=10 as service=dcerpc Mar 23 15:42:35 (none) snort[4648]: fpBuildServicePortGroups: adding protocol-ordinal=17 as service=finger Mar 23 15:42:35 (none) snort[4648]: fpBuildServicePortGroups: adding protocol-ordinal=6 as service=ftp Mar 23 15:42:35 (none) snort[4648]: fpBuildServicePortGroups: adding protocol-ordinal=57 as service=font-service Mar 23 15:42:35 (none) snort[4648]: fpBuildServicePortGroups: adding protocol-ordinal=95 as service=ldp Mar 23 15:42:35 (none) snort[4648]: fpBuildServicePortGroups: adding protocol-ordinal=11 as service=netbios-dgm Mar 23 15:42:35 (none) snort[4648]: fpBuildServicePortGroups: adding protocol-ordinal=8 as service=smtp Mar 23 15:42:35 (none) snort[4648]: fpBuildServicePortGroups: adding protocol-ordinal=21 as service=pop3 Mar 23 15:42:35 (none) snort[4648]: fpBuildServicePortGroups: adding protocol-ordinal=14 as service=nntp Mar 23 15:42:35 (none) snort[4648]: fpBuildServicePortGroups: adding protocol-ordinal=92 as service=kerberos Mar 23 15:42:35 (none) snort[4648]: fpBuildServicePortGroups: adding protocol-ordinal=22 as service=snmp Mar 23 15:42:35 (none) snort[4648]: fpBuildServicePortGroups: adding protocol-ordinal=18 as service=imap Mar 23 15:42:35 (none) snort[4648]: fpBuildServicePortGroups: adding protocol-ordinal=15 as service=dns Mar 23 15:42:35 (none) snort[4648]: fpBuildServicePortGroups: adding protocol-ordinal=52 as service=mysql Mar 23 15:42:35 (none) snort[4648]: fpBuildServicePortGroups: adding protocol-ordinal=5 as service=http Mar 23 15:42:35 (none) snort[4648]: fpBuildServicePortGroups: adding protocol-ordinal=52 as service=mysql Mar 23 15:42:35 (none) snort[4648]: fpBuildServicePortGroups: adding protocol-ordinal=10 as service=dcerpc Mar 23 15:42:35 (none) snort[4648]: fpBuildServicePortGroups: adding protocol-ordinal=13 as service=netbios-ssn Mar 23 15:42:35 (none) snort[4648]: fpBuildServicePortGroups: adding protocol-ordinal=91 as service=rtsp Mar 23 15:42:35 (none) snort[4648]: fpBuildServicePortGroups: adding protocol-ordinal=18 as service=imap Mar 23 15:42:35 (none) snort[4648]: fpBuildServicePortGroups: adding protocol-ordinal=8 as service=smtp Mar 23 15:42:35 (none) snort[4648]: fpBuildServicePortGroups: adding protocol-ordinal=12 as service=netbios-ns Mar 23 15:42:35 (none) snort[4648]: fpBuildServicePortGroups: adding protocol-ordinal=6 as service=ftp Mar 23 15:42:35 (none) snort[4648]: fpBuildServicePortGroups: adding protocol-ordinal=15 as service=dns Mar 23 15:42:35 (none) snort[4648]: fpBuildServicePortGroups: adding protocol-ordinal=24 as service=x11 Mar 23 15:42:35 (none) snort[4648]: fpBuildServicePortGroups: adding protocol-ordinal=7 as service=telnet Mar 23 15:42:35 (none) snort[4648]: fpBuildServicePortGroups: adding protocol-ordinal=28 as service=ldap Mar 23 15:42:35 (none) snort[4648]: fpBuildServicePortGroups: adding protocol-ordinal=22 as service=snmp Mar 23 15:42:36 (none) snort[4648]: fpBuildServicePortGroups: adding protocol-ordinal=5 as service=http Mar 23 15:42:36 (none) snort[4648]: fpBuildServicePortGroups: adding protocol-ordinal=74 as service=ident Mar 23 15:42:36 (none) snort[4648]: fpBuildServicePortGroups: adding protocol-ordinal=86 as service=sunrpc Mar 23 15:42:36 (none) snort[4648]: fpBuildServicePortGroups: adding protocol-ordinal=94 as service=ircd Mar 23 15:42:36 (none) snort[4648]: fpBuildServicePortGroups: adding protocol-ordinal=90 as service=ssl Mar 23 15:42:36 (none) snort[4648]: fpBuildServicePortGroups: adding protocol-ordinal=21 as service=pop3 Mar 23 15:42:36 (none) snort[4648]: fpBuildServicePortGroups: adding protocol-ordinal=14 as service=nntp Mar 23 15:42:36 (none) snort[4648]: fpBuildServicePortGroups: adding protocol-ordinal=10 as service=dcerpc Mar 23 15:42:36 (none) snort[4648]: fpBuildServicePortGroups: adding protocol-ordinal=23 as service=tftp Mar 23 15:42:36 (none) snort[4648]: fpBuildServicePortGroups: adding protocol-ordinal=11 as service=netbios-dgm Mar 23 15:42:36 (none) snort[4648]: fpBuildServicePortGroups: adding protocol-ordinal=12 as service=netbios-ns Mar 23 15:42:36 (none) snort[4648]: fpBuildServicePortGroups: adding protocol-ordinal=15 as service=dns Mar 23 15:42:36 (none) snort[4648]: fpBuildServicePortGroups: adding protocol-ordinal=92 as service=kerberos Mar 23 15:42:36 (none) snort[4648]: fpBuildServicePortGroups: adding protocol-ordinal=22 as service=snmp Mar 23 15:42:36 (none) snort[4648]: fpBuildServicePortGroups: adding protocol-ordinal=13 as service=netbios-ssn Mar 23 15:42:36 (none) snort[4648]: fpBuildServicePortGroups: adding protocol-ordinal=96 as service=radius Mar 23 15:42:36 (none) snort[4648]: fpBuildServicePortGroups: adding protocol-ordinal=86 as service=sunrpc Mar 23 15:42:36 (none) snort[4648]: fpBuildServicePortGroups: adding protocol-ordinal=93 as service=ntp Mar 23 15:42:36 (none) snort[4648]: fpBuildServicePortGroups: adding protocol-ordinal=10 as service=dcerpc Mar 23 15:42:36 (none) snort[4648]: fpBuildServicePortGroups: adding protocol-ordinal=91 as service=rtsp Mar 23 15:42:36 (none) snort[4648]: fpBuildServicePortGroups: adding protocol-ordinal=93 as service=ntp Mar 23 15:42:36 (none) snort[4648]: fpBuildServicePortGroups: adding protocol-ordinal=11 as service=netbios-dgm Mar 23 15:42:36 (none) snort[4648]: fpBuildServicePortGroups: adding protocol-ordinal=12 as service=netbios-ns Mar 23 15:42:36 (none) snort[4648]: fpBuildServicePortGroups: adding protocol-ordinal=13 as service=netbios-ssn Mar 23 15:42:36 (none) snort[4648]: fpBuildServicePortGroups: adding protocol-ordinal=22 as service=snmp Mar 23 15:42:36 (none) snort[4648]: fpBuildServicePortGroups: adding protocol-ordinal=96 as service=radius Mar 23 15:42:36 (none) snort[4648]: fpBuildServicePortGroups: adding protocol-ordinal=15 as service=dns Mar 23 15:42:36 (none) snort[4648]: fpBuildServicePortGroups: adding protocol-ordinal=86 as service=sunrpc Thanks again for the help guys! Andy Just some keywords if someone is searching with Google for their answer to a similar problem.
From my google'ing I found that if you don't use the
--enable-targetbased you'll get the error: FATAL ERROR: /etc/snort/snort.conf(773) => Unknown rule type: attribute_table Link: https://forums.snort.org/forums/support/topics/host-attribute-file ############################################################################### This message from Cymtec Systems, Inc. contains confidential information and is solely for the use of the recipient(s) named above. If you are not the intended recipient or an agent responsible for delivering it to the intended recipient, you are hereby notified that you have received this message in error and that any review, disclosure, copying, distribution or use of the contents of this message is strictly prohibited. If you have received this message in error, please destroy it immediately and notify Cymtec Systems, Inc. by telephone at +1.314.993.8700 or by return e-mail. ###############################################################################
------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Hogger 0.1.3 released Crook, Parker (Mar 10)
- <Possible follow-ups>
- Re: Hogger 0.1.3 released Andy Berryman (Mar 22)
- Re: Hogger 0.1.3 released Crook, Parker (Mar 22)
- Re: Hogger 0.1.3 released Andy Berryman (Mar 22)
- Re: Hogger 0.1.3 released Crook, Parker (Mar 22)
- Re: Hogger 0.1.3 released Andy Berryman (Mar 23)
- Re: Hogger 0.1.3 released Joel Esler (Mar 23)
- Re: Hogger 0.1.3 released Jefferson, Shawn (Mar 23)
- Re: Hogger 0.1.3 released Crook, Parker (Mar 23)
- Re: Hogger 0.1.3 released Jefferson, Shawn (Mar 23)
- Re: Hogger 0.1.3 released Joel Esler (Mar 23)
- Re: Hogger 0.1.3 released Crook, Parker (Mar 22)
- Re: Hogger 0.1.3 released Joel Esler (Mar 23)