Snort mailing list archives
Ubuntu16.04 dynamic preprocess reputation didn't alert
From: cha shao via Snort-users <snort-users () lists snort org>
Date: Wed, 13 Jun 2018 16:15:25 +0800
I has edited snort.conf and added such preprocessor reputation: \ scan_local, \ blacklist black.lists, \ whitelist white.lists and in the snort.conf I add a preprocess.rules which has two alert rules include $RULE_PATH/preprocessor.rules these are two rules about reputation alert ( msg: "REPUTATION_EVENT_BLACKLIST"; sid: 1; gid: 136; rev: 1; metadata: rule-type preproc ; classtype:bad-unknown; ) alert ( msg: "REPUTATION_EVENT_WHITELIST"; sid: 2; gid: 136; rev: 1; metadata: rule-type preproc ; classtype:bad-unknown; ) and I start the snort like this sudo snort -c /home/ss/Downloads/snort_conf/snort.conf but nothing was in the snort.alert -------------------------------------------------------------------------------------------------------------------------------------------------------------------- Initializing Output Plugins! Initializing Preprocessors! Initializing Plug-ins! Parsing Rules file "/home/ss/Downloads/snort_conf/snort.conf" Tagged Packet Limit: 256 Loading dynamic engine /usr/local/lib/snort_dynamicengine/libsf_engine.so... done Loading all dynamic preprocessor libs from /usr/local/lib/snort_dynamicpreprocessor/... Loading dynamic preprocessor library /usr/local/lib/snort_dynamicpreprocessor//libsf_sdf_preproc.so... done Loading dynamic preprocessor library /usr/local/lib/snort_dynamicpreprocessor//libsf_imap_preproc.so... done Loading dynamic preprocessor library /usr/local/lib/snort_dynamicpreprocessor//libsf_gtp_preproc.so... done Loading dynamic preprocessor library /usr/local/lib/snort_dynamicpreprocessor//libsf_ssl_preproc.so... done Loading dynamic preprocessor library /usr/local/lib/snort_dynamicpreprocessor//libsf_smtp_preproc.so... done Loading dynamic preprocessor library /usr/local/lib/snort_dynamicpreprocessor//libsf_pop_preproc.so... done Loading dynamic preprocessor library /usr/local/lib/snort_dynamicpreprocessor//libsf_ftptelnet_preproc.so... done Loading dynamic preprocessor library /usr/local/lib/snort_dynamicpreprocessor//libsf_sip_preproc.so... done Loading dynamic preprocessor library /usr/local/lib/snort_dynamicpreprocessor//libsf_dns_preproc.so... done Loading dynamic preprocessor library /usr/local/lib/snort_dynamicpreprocessor//libsf_modbus_preproc.so... done Loading dynamic preprocessor library /usr/local/lib/snort_dynamicpreprocessor//libsf_ssh_preproc.so... done Loading dynamic preprocessor library /usr/local/lib/snort_dynamicpreprocessor//libsf_dnp3_preproc.so... done Loading dynamic preprocessor library /usr/local/lib/snort_dynamicpreprocessor//libsf_reputation_preproc.so... done Loading dynamic preprocessor library /usr/local/lib/snort_dynamicpreprocessor//libsf_dce2_preproc.so... done Finished Loading all dynamic preprocessor libs from /usr/local/lib/snort_dynamicpreprocessor/ Log directory = /home/ss/Downloads/snort_conf/log *Reputation config: * * Processing blacklist file /home/ss/Downloads/snort_conf/black.lists* * Reputation entries loaded: 1, invalid: 0, re-defined: 0 (from file /home/ss/Downloads/snort_conf/black.lists)* * Processing whitelist file /home/ss/Downloads/snort_conf/white.lists* * Reputation entries loaded: 0, invalid: 0, re-defined: 0 (from file /home/ss/Downloads/snort_conf/white.lists)* * Reputation total memory usage: 329508 bytes* * Reputation total entries loaded: 1, invalid: 0, re-defined: 0* * Memcap: 500 (Default) M bytes * * Scan local network: ENABLED* * Reputation priority: whitelist(Default) * * Nested IP: inner (Default) * * White action: unblack (Default) * * Shared memory is Not supported.* --------------------------------------------------------------------- --------------------------------------------------------------------- ---------------------------------------------- how can i solve this problem?Thanks 😁
_______________________________________________ Snort-users mailing list Snort-users () lists snort org Go to this URL to change user options or unsubscribe: https://lists.snort.org/mailman/listinfo/snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette
Current thread:
- Ubuntu16.04 dynamic preprocess reputation didn't alert cha shao via Snort-users (Jun 13)