unable to stat snort_dynamicrules directory [OPEN]

All about Snort integration in Artica

Re: unable to stat snort_dynamicrules directory [CLOSED]

New postby admin » Fri Aug 12, 2011 12:07 pm

do an extract of

Code: Select all
cat /var/log/syslog|grep snort|tail -n 1500
User avatar
admin
Site Admin
 
Posts: 11943
Joined: Wed Oct 17, 2007 7:59 am
Location: France

Re: unable to stat snort_dynamicrules directory [OPEN]

New postby Friend7 » Fri Aug 12, 2011 2:40 pm

I had to split it because of the error message: Your message contains 105836 characters. The maximum number of allowed characters is 60000.

Aug 12 08:29:32 ns1 snort[23900]: IIS Unicode Map Filename: /etc/snort/unicode.map
Aug 12 08:29:32 ns1 snort[23900]: IIS Unicode Map Codepage: 1252
Aug 12 08:29:32 ns1 snort[23900]: FATAL ERROR: /etc/snort/snort.conf(195) => Invalid keyword 'inspect_gzip' for server configuration.

Code: Select all
root@ns1:~# cat /var/log/syslog|grep snort|tail -n 1500
Aug 12 06:09:33 ns1 snort[12278]:     Max frags: 65536
Aug 12 06:09:33 ns1 snort[12278]:     Fragment memory cap: 4194304 bytes
Aug 12 06:09:33 ns1 snort[12278]: Frag3 engine config:
Aug 12 06:09:33 ns1 snort[12278]:     Target-based policy: WINDOWS
Aug 12 06:09:33 ns1 snort[12278]:     Fragment timeout: 180 seconds
Aug 12 06:09:33 ns1 snort[12278]:     Fragment min_ttl:   1
Aug 12 06:09:33 ns1 snort[12278]:     Fragment Problems: 1
Aug 12 06:09:33 ns1 snort[12278]:     Overlap Limit:     10
Aug 12 06:09:33 ns1 snort[12278]:     Min fragment Length:     100
Aug 12 06:09:33 ns1 snort[12278]: Stream5 global config:
Aug 12 06:09:33 ns1 snort[12278]:     Track TCP sessions: ACTIVE
Aug 12 06:09:33 ns1 snort[12278]:     Max TCP sessions: 8192
Aug 12 06:09:33 ns1 snort[12278]:     Memcap (for reassembly packet storage): 8388608
Aug 12 06:09:33 ns1 snort[12278]:     Track UDP sessions: ACTIVE
Aug 12 06:09:33 ns1 snort[12278]:     Max UDP sessions: 131072
Aug 12 06:09:33 ns1 snort[12278]:     Track ICMP sessions: INACTIVE
Aug 12 06:09:33 ns1 snort[12278]:     Log info if session memory consumption exceeds 1048576
Aug 12 06:09:33 ns1 snort[12278]: Stream5 TCP Policy config:
Aug 12 06:09:33 ns1 snort[12278]:     Reassembly Policy: WINDOWS
Aug 12 06:09:33 ns1 snort[12278]:     Timeout: 180 seconds
Aug 12 06:09:33 ns1 snort[12278]:     Limit on TCP Overlaps: 10
Aug 12 06:09:33 ns1 snort[12278]:     Maximum number of bytes to queue per session: 1048576
Aug 12 06:09:33 ns1 snort[12278]:     Maximum number of segs to queue per session: 2621
Aug 12 06:09:33 ns1 snort[12278]:     Options:
Aug 12 06:09:33 ns1 snort[12278]:         Require 3-Way Handshake: YES
Aug 12 06:09:33 ns1 snort[12278]:         3-Way Handshake Timeout: 180
Aug 12 06:09:33 ns1 snort[12278]:         Detect Anomalies: YES
Aug 12 06:09:33 ns1 snort[12278]:     Reassembly Ports:
Aug 12 06:09:33 ns1 snort[12278]:       21 client (Footprint) 
Aug 12 06:09:33 ns1 snort[12278]:       22 client (Footprint) 
Aug 12 06:09:33 ns1 snort[12278]:       23 client (Footprint) 
Aug 12 06:09:33 ns1 snort[12278]:       25 client (Footprint) 
Aug 12 06:09:33 ns1 snort[12278]:       42 client (Footprint) 
Aug 12 06:09:33 ns1 snort[12278]:       53 client (Footprint) 
Aug 12 06:09:33 ns1 snort[12278]:       79 client (Footprint) 
Aug 12 06:09:33 ns1 snort[12278]:       80 client (Footprint) server (Footprint)
Aug 12 06:09:33 ns1 snort[12278]:       109 client (Footprint) 
Aug 12 06:09:33 ns1 snort[12278]:       110 client (Footprint) 
Aug 12 06:09:33 ns1 snort[12278]:       111 client (Footprint) 
Aug 12 06:09:33 ns1 snort[12278]:       113 client (Footprint) 
Aug 12 06:09:33 ns1 snort[12278]:       119 client (Footprint) 
Aug 12 06:09:33 ns1 snort[12278]:       135 client (Footprint) 
Aug 12 06:09:33 ns1 snort[12278]:       136 client (Footprint) 
Aug 12 06:09:33 ns1 snort[12278]:       137 client (Footprint) 
Aug 12 06:09:33 ns1 snort[12278]:       139 client (Footprint) 
Aug 12 06:09:33 ns1 snort[12278]:       143 client (Footprint) 
Aug 12 06:09:33 ns1 snort[12278]:       161 client (Footprint) 
Aug 12 06:09:33 ns1 snort[12278]:       311 client (Footprint) server (Footprint)
Aug 12 06:09:33 ns1 snort[12278]: Stream5 UDP Policy config:
Aug 12 06:09:33 ns1 snort[12278]:     Timeout: 180 seconds
Aug 12 06:09:33 ns1 snort[12278]: HttpInspect Config:
Aug 12 06:09:33 ns1 snort[12278]:     GLOBAL CONFIG
Aug 12 06:09:33 ns1 snort[12278]:       Max Pipeline Requests:    0
Aug 12 06:09:33 ns1 snort[12278]:       Inspection Type:          STATELESS
Aug 12 06:09:33 ns1 snort[12278]:       Detect Proxy Usage:       NO
Aug 12 06:09:33 ns1 snort[12278]:       IIS Unicode Map Filename: /etc/snort/unicode.map
Aug 12 06:09:33 ns1 snort[12278]:       IIS Unicode Map Codepage: 1252
Aug 12 06:09:33 ns1 snort[12278]: FATAL ERROR: /etc/snort/snort.conf(195) => Invalid keyword 'inspect_gzip' for server configuration.
Aug 12 06:19:30 ns1 snort[3690]: Found pid path directive (/var/run/snort_venet0.pid)
Aug 12 06:19:30 ns1 snort[3690]: Running in IDS mode
Aug 12 06:19:30 ns1 snort[3690]: 
Aug 12 06:19:30 ns1 snort[3690]:         --== Initializing Snort ==--
Aug 12 06:19:30 ns1 snort[3690]: Initializing Output Plugins!
Aug 12 06:19:30 ns1 snort[3690]: Initializing Preprocessors!
Aug 12 06:19:30 ns1 snort[3690]: Initializing Plug-ins!
Aug 12 06:19:30 ns1 snort[3690]: Parsing Rules file "/etc/snort/snort.conf"
Aug 12 06:19:30 ns1 snort[3690]: PortVar 'HTTP_PORTS' defined :
Aug 12 06:19:30 ns1 snort[3690]:  [ 80 311 591 593 901 1220 1414 1830 2301 2381 2809 3128 3702 5250 7001 7777 7779 8000 8008 8028 8080 8088 8118 8123 8180 8243 8280 8888 9090:9091 9443 9999 11371 ]
Aug 12 06:19:30 ns1 snort[3690]: 
Aug 12 06:19:30 ns1 snort[3690]: PortVar 'SHELLCODE_PORTS' defined :
Aug 12 06:19:30 ns1 snort[3690]:  [ 0:79 81:65535 ]
Aug 12 06:19:30 ns1 snort[3690]: 
Aug 12 06:19:30 ns1 snort[3690]: PortVar 'ORACLE_PORTS' defined :
Aug 12 06:19:30 ns1 snort[3690]:  [ 1024:65535 ]
Aug 12 06:19:30 ns1 snort[3690]: 
Aug 12 06:19:30 ns1 snort[3690]: PortVar 'SSH_PORTS' defined :
Aug 12 06:19:30 ns1 snort[3690]:  [ 22 ]
Aug 12 06:19:30 ns1 snort[3690]: 
Aug 12 06:19:30 ns1 snort[3690]: Detection:
Aug 12 06:19:30 ns1 snort[3690]:    Search-Method = Low-Mem-Q
Aug 12 06:19:30 ns1 snort[3690]:     Search-Method-Optimizations = enabled
Aug 12 06:19:30 ns1 snort[3690]: Found pid path directive (/var/run/snort_venet0.pid)
Aug 12 06:19:30 ns1 snort[3690]: Tagged Packet Limit: 256
Aug 12 06:19:30 ns1 snort[3690]: Loading dynamic engine /usr/lib/snort_dynamicengine/libsf_engine.so...
Aug 12 06:19:30 ns1 snort[3690]: done
Aug 12 06:19:30 ns1 snort[3690]: Loading all dynamic preprocessor libs from /usr/lib/snort_dynamicpreprocessor/...
Aug 12 06:19:30 ns1 snort[3690]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_smtp_preproc.so...
Aug 12 06:19:30 ns1 snort[3690]: done
Aug 12 06:19:30 ns1 snort[3690]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_ftptelnet_preproc.so...
Aug 12 06:19:30 ns1 snort[3690]: done
Aug 12 06:19:30 ns1 snort[3690]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_dns_preproc.so...
Aug 12 06:19:30 ns1 snort[3690]: done
Aug 12 06:19:30 ns1 snort[3690]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_sdf_preproc.so...
Aug 12 06:19:30 ns1 snort[3690]: done
Aug 12 06:19:30 ns1 snort[3690]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_dce2_preproc.so...
Aug 12 06:19:30 ns1 snort[3690]: done
Aug 12 06:19:30 ns1 snort[3690]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_ssl_preproc.so...
Aug 12 06:19:30 ns1 snort[3690]: done
Aug 12 06:19:30 ns1 snort[3690]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_ssh_preproc.so...
Aug 12 06:19:30 ns1 snort[3690]: done
Aug 12 06:19:30 ns1 snort[3690]:   Finished Loading all dynamic preprocessor libs from /usr/lib/snort_dynamicpreprocessor/
Aug 12 06:19:30 ns1 snort[3690]: Log directory = /var/log/snort
Aug 12 06:19:30 ns1 snort[3690]: Frag3 global config:
Aug 12 06:19:30 ns1 snort[3690]:     Max frags: 65536
Aug 12 06:19:30 ns1 snort[3690]:     Fragment memory cap: 4194304 bytes
Aug 12 06:19:30 ns1 snort[3690]: Frag3 engine config:
Aug 12 06:19:30 ns1 snort[3690]:     Target-based policy: WINDOWS
Aug 12 06:19:30 ns1 snort[3690]:     Fragment timeout: 180 seconds
Aug 12 06:19:30 ns1 snort[3690]:     Fragment min_ttl:   1
Aug 12 06:19:30 ns1 snort[3690]:     Fragment Problems: 1
Aug 12 06:19:30 ns1 snort[3690]:     Overlap Limit:     10
Aug 12 06:19:30 ns1 snort[3690]:     Min fragment Length:     100
Aug 12 06:19:30 ns1 snort[3690]: Stream5 global config:
Aug 12 06:19:30 ns1 snort[3690]:     Track TCP sessions: ACTIVE
Aug 12 06:19:30 ns1 snort[3690]:     Max TCP sessions: 8192
Aug 12 06:19:30 ns1 snort[3690]:     Memcap (for reassembly packet storage): 8388608
Aug 12 06:19:30 ns1 snort[3690]:     Track UDP sessions: ACTIVE
Aug 12 06:19:30 ns1 snort[3690]:     Max UDP sessions: 131072
Aug 12 06:19:30 ns1 snort[3690]:     Track ICMP sessions: INACTIVE
Aug 12 06:19:30 ns1 snort[3690]:     Log info if session memory consumption exceeds 1048576
Aug 12 06:19:30 ns1 snort[3690]: Stream5 TCP Policy config:
Aug 12 06:19:30 ns1 snort[3690]:     Reassembly Policy: WINDOWS
Aug 12 06:19:30 ns1 snort[3690]:     Timeout: 180 seconds
Aug 12 06:19:30 ns1 snort[3690]:     Limit on TCP Overlaps: 10
Aug 12 06:19:30 ns1 snort[3690]:     Maximum number of bytes to queue per session: 1048576
Aug 12 06:19:30 ns1 snort[3690]:     Maximum number of segs to queue per session: 2621
Aug 12 06:19:30 ns1 snort[3690]:     Options:
Aug 12 06:19:30 ns1 snort[3690]:         Require 3-Way Handshake: YES
Aug 12 06:19:30 ns1 snort[3690]:         3-Way Handshake Timeout: 180
Aug 12 06:19:30 ns1 snort[3690]:         Detect Anomalies: YES
Aug 12 06:19:30 ns1 snort[3690]:     Reassembly Ports:
Aug 12 06:19:30 ns1 snort[3690]:       21 client (Footprint) 
Aug 12 06:19:30 ns1 snort[3690]:       22 client (Footprint) 
Aug 12 06:19:30 ns1 snort[3690]:       23 client (Footprint) 
Aug 12 06:19:30 ns1 snort[3690]:       25 client (Footprint) 
Aug 12 06:19:30 ns1 snort[3690]:       42 client (Footprint) 
Aug 12 06:19:30 ns1 snort[3690]:       53 client (Footprint) 
Aug 12 06:19:30 ns1 snort[3690]:       79 client (Footprint) 
Aug 12 06:19:30 ns1 snort[3690]:       80 client (Footprint) server (Footprint)
Aug 12 06:19:30 ns1 snort[3690]:       109 client (Footprint) 
Aug 12 06:19:30 ns1 snort[3690]:       110 client (Footprint) 
Aug 12 06:19:30 ns1 snort[3690]:       111 client (Footprint) 
Aug 12 06:19:30 ns1 snort[3690]:       113 client (Footprint) 
Aug 12 06:19:30 ns1 snort[3690]:       119 client (Footprint) 
Aug 12 06:19:30 ns1 snort[3690]:       135 client (Footprint) 
Aug 12 06:19:30 ns1 snort[3690]:       136 client (Footprint) 
Aug 12 06:19:30 ns1 snort[3690]:       137 client (Footprint) 
Aug 12 06:19:30 ns1 snort[3690]:       139 client (Footprint) 
Aug 12 06:19:30 ns1 snort[3690]:       143 client (Footprint) 
Aug 12 06:19:30 ns1 snort[3690]:       161 client (Footprint) 
Aug 12 06:19:30 ns1 snort[3690]:       311 client (Footprint) server (Footprint)
Aug 12 06:19:30 ns1 snort[3690]: Stream5 UDP Policy config:
Aug 12 06:19:30 ns1 snort[3690]:     Timeout: 180 seconds
Aug 12 06:19:30 ns1 snort[3690]: HttpInspect Config:
Aug 12 06:19:30 ns1 snort[3690]:     GLOBAL CONFIG
Aug 12 06:19:30 ns1 snort[3690]:       Max Pipeline Requests:    0
Aug 12 06:19:30 ns1 snort[3690]:       Inspection Type:          STATELESS
Aug 12 06:19:30 ns1 snort[3690]:       Detect Proxy Usage:       NO
Aug 12 06:19:30 ns1 snort[3690]:       IIS Unicode Map Filename: /etc/snort/unicode.map
Aug 12 06:19:30 ns1 snort[3690]:       IIS Unicode Map Codepage: 1252
Aug 12 06:19:30 ns1 snort[3690]: FATAL ERROR: /etc/snort/snort.conf(195) => Invalid keyword 'inspect_gzip' for server configuration.
Aug 12 06:29:32 ns1 snort[30605]: Found pid path directive (/var/run/snort_venet0.pid)
Aug 12 06:29:32 ns1 snort[30605]: Running in IDS mode
Aug 12 06:29:32 ns1 snort[30605]: 
Aug 12 06:29:32 ns1 snort[30605]:         --== Initializing Snort ==--
Aug 12 06:29:32 ns1 snort[30605]: Initializing Output Plugins!
Aug 12 06:29:32 ns1 snort[30605]: Initializing Preprocessors!
Aug 12 06:29:32 ns1 snort[30605]: Initializing Plug-ins!
Aug 12 06:29:32 ns1 snort[30605]: Parsing Rules file "/etc/snort/snort.conf"
Aug 12 06:29:32 ns1 snort[30605]: PortVar 'HTTP_PORTS' defined :
Aug 12 06:29:32 ns1 snort[30605]:  [ 80 311 591 593 901 1220 1414 1830 2301 2381 2809 3128 3702 5250 7001 7777 7779 8000 8008 8028 8080 8088 8118 8123 8180 8243 8280 8888 9090:9091 9443 9999 11371 ]
Aug 12 06:29:32 ns1 snort[30605]: 
Aug 12 06:29:32 ns1 snort[30605]: PortVar 'SHELLCODE_PORTS' defined :
Aug 12 06:29:32 ns1 snort[30605]:  [ 0:79 81:65535 ]
Aug 12 06:29:32 ns1 snort[30605]: 
Aug 12 06:29:32 ns1 snort[30605]: PortVar 'ORACLE_PORTS' defined :
Aug 12 06:29:32 ns1 snort[30605]:  [ 1024:65535 ]
Aug 12 06:29:32 ns1 snort[30605]: 
Aug 12 06:29:32 ns1 snort[30605]: PortVar 'SSH_PORTS' defined :
Aug 12 06:29:32 ns1 snort[30605]:  [ 22 ]
Aug 12 06:29:32 ns1 snort[30605]: 
Aug 12 06:29:32 ns1 snort[30605]: Detection:
Aug 12 06:29:32 ns1 snort[30605]:    Search-Method = Low-Mem-Q
Aug 12 06:29:32 ns1 snort[30605]:     Search-Method-Optimizations = enabled
Aug 12 06:29:32 ns1 snort[30605]: Found pid path directive (/var/run/snort_venet0.pid)
Aug 12 06:29:32 ns1 snort[30605]: Tagged Packet Limit: 256
Aug 12 06:29:32 ns1 snort[30605]: Loading dynamic engine /usr/lib/snort_dynamicengine/libsf_engine.so...
Aug 12 06:29:32 ns1 snort[30605]: done
Aug 12 06:29:32 ns1 snort[30605]: Loading all dynamic preprocessor libs from /usr/lib/snort_dynamicpreprocessor/...
Aug 12 06:29:32 ns1 snort[30605]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_smtp_preproc.so...
Aug 12 06:29:32 ns1 snort[30605]: done
Aug 12 06:29:32 ns1 snort[30605]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_ftptelnet_preproc.so...
Aug 12 06:29:32 ns1 snort[30605]: done
Aug 12 06:29:32 ns1 snort[30605]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_dns_preproc.so...
Aug 12 06:29:32 ns1 snort[30605]: done
Aug 12 06:29:32 ns1 snort[30605]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_sdf_preproc.so...
Aug 12 06:29:32 ns1 snort[30605]: done
Aug 12 06:29:32 ns1 snort[30605]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_dce2_preproc.so...
Aug 12 06:29:32 ns1 snort[30605]: done
Aug 12 06:29:32 ns1 snort[30605]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_ssl_preproc.so...
Aug 12 06:29:32 ns1 snort[30605]: done
Aug 12 06:29:32 ns1 snort[30605]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_ssh_preproc.so...
Aug 12 06:29:32 ns1 snort[30605]: done
Aug 12 06:29:32 ns1 snort[30605]:   Finished Loading all dynamic preprocessor libs from /usr/lib/snort_dynamicpreprocessor/
Aug 12 06:29:32 ns1 snort[30605]: Log directory = /var/log/snort
Aug 12 06:29:32 ns1 snort[30605]: Frag3 global config:
Aug 12 06:29:32 ns1 snort[30605]:     Max frags: 65536
Aug 12 06:29:32 ns1 snort[30605]:     Fragment memory cap: 4194304 bytes
Aug 12 06:29:32 ns1 snort[30605]: Frag3 engine config:
Aug 12 06:29:32 ns1 snort[30605]:     Target-based policy: WINDOWS
Aug 12 06:29:32 ns1 snort[30605]:     Fragment timeout: 180 seconds
Aug 12 06:29:32 ns1 snort[30605]:     Fragment min_ttl:   1
Aug 12 06:29:32 ns1 snort[30605]:     Fragment Problems: 1
Aug 12 06:29:32 ns1 snort[30605]:     Overlap Limit:     10
Aug 12 06:29:32 ns1 snort[30605]:     Min fragment Length:     100
Aug 12 06:29:32 ns1 snort[30605]: Stream5 global config:
Aug 12 06:29:32 ns1 snort[30605]:     Track TCP sessions: ACTIVE
Aug 12 06:29:32 ns1 snort[30605]:     Max TCP sessions: 8192
Aug 12 06:29:32 ns1 snort[30605]:     Memcap (for reassembly packet storage): 8388608
Aug 12 06:29:32 ns1 snort[30605]:     Track UDP sessions: ACTIVE
Aug 12 06:29:32 ns1 snort[30605]:     Max UDP sessions: 131072
Aug 12 06:29:32 ns1 snort[30605]:     Track ICMP sessions: INACTIVE
Aug 12 06:29:32 ns1 snort[30605]:     Log info if session memory consumption exceeds 1048576
Aug 12 06:29:32 ns1 snort[30605]: Stream5 TCP Policy config:
Aug 12 06:29:32 ns1 snort[30605]:     Reassembly Policy: WINDOWS
Aug 12 06:29:32 ns1 snort[30605]:     Timeout: 180 seconds
Aug 12 06:29:32 ns1 snort[30605]:     Limit on TCP Overlaps: 10
Aug 12 06:29:32 ns1 snort[30605]:     Maximum number of bytes to queue per session: 1048576
Aug 12 06:29:32 ns1 snort[30605]:     Maximum number of segs to queue per session: 2621
Aug 12 06:29:32 ns1 snort[30605]:     Options:
Aug 12 06:29:32 ns1 snort[30605]:         Require 3-Way Handshake: YES
Aug 12 06:29:32 ns1 snort[30605]:         3-Way Handshake Timeout: 180
Aug 12 06:29:32 ns1 snort[30605]:         Detect Anomalies: YES
Aug 12 06:29:32 ns1 snort[30605]:     Reassembly Ports:
Aug 12 06:29:32 ns1 snort[30605]:       21 client (Footprint) 
Aug 12 06:29:32 ns1 snort[30605]:       22 client (Footprint) 
Aug 12 06:29:32 ns1 snort[30605]:       23 client (Footprint) 
Aug 12 06:29:32 ns1 snort[30605]:       25 client (Footprint) 
Aug 12 06:29:32 ns1 snort[30605]:       42 client (Footprint) 
Aug 12 06:29:32 ns1 snort[30605]:       53 client (Footprint) 
Aug 12 06:29:32 ns1 snort[30605]:       79 client (Footprint) 
Aug 12 06:29:32 ns1 snort[30605]:       80 client (Footprint) server (Footprint)
Aug 12 06:29:32 ns1 snort[30605]:       109 client (Footprint) 
Aug 12 06:29:32 ns1 snort[30605]:       110 client (Footprint) 
Aug 12 06:29:32 ns1 snort[30605]:       111 client (Footprint) 
Aug 12 06:29:32 ns1 snort[30605]:       113 client (Footprint) 
Aug 12 06:29:32 ns1 snort[30605]:       119 client (Footprint) 
Aug 12 06:29:32 ns1 snort[30605]:       135 client (Footprint) 
Aug 12 06:29:32 ns1 snort[30605]:       136 client (Footprint) 
Aug 12 06:29:32 ns1 snort[30605]:       137 client (Footprint) 
Aug 12 06:29:32 ns1 snort[30605]:       139 client (Footprint) 
Aug 12 06:29:32 ns1 snort[30605]:       143 client (Footprint) 
Aug 12 06:29:32 ns1 snort[30605]:       161 client (Footprint) 
Aug 12 06:29:32 ns1 snort[30605]:       311 client (Footprint) server (Footprint)
Aug 12 06:29:32 ns1 snort[30605]: Stream5 UDP Policy config:
Aug 12 06:29:32 ns1 snort[30605]:     Timeout: 180 seconds
Aug 12 06:29:32 ns1 snort[30605]: HttpInspect Config:
Aug 12 06:29:32 ns1 snort[30605]:     GLOBAL CONFIG
Aug 12 06:29:32 ns1 snort[30605]:       Max Pipeline Requests:    0
Aug 12 06:29:32 ns1 snort[30605]:       Inspection Type:          STATELESS
Aug 12 06:29:32 ns1 snort[30605]:       Detect Proxy Usage:       NO
Aug 12 06:29:32 ns1 snort[30605]:       IIS Unicode Map Filename: /etc/snort/unicode.map
Aug 12 06:29:32 ns1 snort[30605]:       IIS Unicode Map Codepage: 1252
Aug 12 06:29:32 ns1 snort[30605]: FATAL ERROR: /etc/snort/snort.conf(195) => Invalid keyword 'inspect_gzip' for server configuration.
Aug 12 06:39:30 ns1 snort[22438]: Found pid path directive (/var/run/snort_venet0.pid)
Aug 12 06:39:30 ns1 snort[22438]: Running in IDS mode
Aug 12 06:39:30 ns1 snort[22438]: 
Aug 12 06:39:30 ns1 snort[22438]:         --== Initializing Snort ==--
Aug 12 06:39:30 ns1 snort[22438]: Initializing Output Plugins!
Aug 12 06:39:30 ns1 snort[22438]: Initializing Preprocessors!
Aug 12 06:39:30 ns1 snort[22438]: Initializing Plug-ins!
Aug 12 06:39:30 ns1 snort[22438]: Parsing Rules file "/etc/snort/snort.conf"
Aug 12 06:39:30 ns1 snort[22438]: PortVar 'HTTP_PORTS' defined :
Aug 12 06:39:30 ns1 snort[22438]:  [ 80 311 591 593 901 1220 1414 1830 2301 2381 2809 3128 3702 5250 7001 7777 7779 8000 8008 8028 8080 8088 8118 8123 8180 8243 8280 8888 9090:9091 9443 9999 11371 ]
Aug 12 06:39:30 ns1 snort[22438]: 
Aug 12 06:39:30 ns1 snort[22438]: PortVar 'SHELLCODE_PORTS' defined :
Aug 12 06:39:30 ns1 snort[22438]:  [ 0:79 81:65535 ]
Aug 12 06:39:30 ns1 snort[22438]: 
Aug 12 06:39:30 ns1 snort[22438]: PortVar 'ORACLE_PORTS' defined :
Aug 12 06:39:30 ns1 snort[22438]:  [ 1024:65535 ]
Aug 12 06:39:30 ns1 snort[22438]: 
Aug 12 06:39:30 ns1 snort[22438]: PortVar 'SSH_PORTS' defined :
Aug 12 06:39:30 ns1 snort[22438]:  [ 22 ]
Aug 12 06:39:30 ns1 snort[22438]: 
Aug 12 06:39:30 ns1 snort[22438]: Detection:
Aug 12 06:39:30 ns1 snort[22438]:    Search-Method = Low-Mem-Q
Aug 12 06:39:30 ns1 snort[22438]:     Search-Method-Optimizations = enabled
Aug 12 06:39:30 ns1 snort[22438]: Found pid path directive (/var/run/snort_venet0.pid)
Aug 12 06:39:30 ns1 snort[22438]: Tagged Packet Limit: 256
Aug 12 06:39:30 ns1 snort[22438]: Loading dynamic engine /usr/lib/snort_dynamicengine/libsf_engine.so...
Aug 12 06:39:30 ns1 snort[22438]: done
Aug 12 06:39:30 ns1 snort[22438]: Loading all dynamic preprocessor libs from /usr/lib/snort_dynamicpreprocessor/...
Aug 12 06:39:30 ns1 snort[22438]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_smtp_preproc.so...
Aug 12 06:39:30 ns1 snort[22438]: done
Aug 12 06:39:30 ns1 snort[22438]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_ftptelnet_preproc.so...
Aug 12 06:39:30 ns1 snort[22438]: done
Aug 12 06:39:30 ns1 snort[22438]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_dns_preproc.so...
Aug 12 06:39:30 ns1 snort[22438]: done
Aug 12 06:39:30 ns1 snort[22438]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_sdf_preproc.so...
Aug 12 06:39:30 ns1 snort[22438]: done
Aug 12 06:39:30 ns1 snort[22438]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_dce2_preproc.so...
Aug 12 06:39:30 ns1 snort[22438]: done
Aug 12 06:39:30 ns1 snort[22438]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_ssl_preproc.so...
Aug 12 06:39:30 ns1 snort[22438]: done
Aug 12 06:39:30 ns1 snort[22438]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_ssh_preproc.so...
Aug 12 06:39:30 ns1 snort[22438]: done
Aug 12 06:39:30 ns1 snort[22438]:   Finished Loading all dynamic preprocessor libs from /usr/lib/snort_dynamicpreprocessor/
Aug 12 06:39:30 ns1 snort[22438]: Log directory = /var/log/snort
Aug 12 06:39:30 ns1 snort[22438]: Frag3 global config:
Aug 12 06:39:30 ns1 snort[22438]:     Max frags: 65536
Aug 12 06:39:30 ns1 snort[22438]:     Fragment memory cap: 4194304 bytes
Aug 12 06:39:30 ns1 snort[22438]: Frag3 engine config:
Aug 12 06:39:30 ns1 snort[22438]:     Target-based policy: WINDOWS
Aug 12 06:39:30 ns1 snort[22438]:     Fragment timeout: 180 seconds
Aug 12 06:39:30 ns1 snort[22438]:     Fragment min_ttl:   1
Aug 12 06:39:30 ns1 snort[22438]:     Fragment Problems: 1
Aug 12 06:39:30 ns1 snort[22438]:     Overlap Limit:     10
Aug 12 06:39:30 ns1 snort[22438]:     Min fragment Length:     100
Aug 12 06:39:30 ns1 snort[22438]: Stream5 global config:
Aug 12 06:39:30 ns1 snort[22438]:     Track TCP sessions: ACTIVE
Aug 12 06:39:30 ns1 snort[22438]:     Max TCP sessions: 8192
Aug 12 06:39:30 ns1 snort[22438]:     Memcap (for reassembly packet storage): 8388608
Aug 12 06:39:30 ns1 snort[22438]:     Track UDP sessions: ACTIVE
Aug 12 06:39:30 ns1 snort[22438]:     Max UDP sessions: 131072
Aug 12 06:39:30 ns1 snort[22438]:     Track ICMP sessions: INACTIVE
Aug 12 06:39:30 ns1 snort[22438]:     Log info if session memory consumption exceeds 1048576
Aug 12 06:39:30 ns1 snort[22438]: Stream5 TCP Policy config:
Aug 12 06:39:30 ns1 snort[22438]:     Reassembly Policy: WINDOWS
Aug 12 06:39:30 ns1 snort[22438]:     Timeout: 180 seconds
Aug 12 06:39:30 ns1 snort[22438]:     Limit on TCP Overlaps: 10
Aug 12 06:39:30 ns1 snort[22438]:     Maximum number of bytes to queue per session: 1048576
Aug 12 06:39:30 ns1 snort[22438]:     Maximum number of segs to queue per session: 2621
Aug 12 06:39:30 ns1 snort[22438]:     Options:
Aug 12 06:39:30 ns1 snort[22438]:         Require 3-Way Handshake: YES
Aug 12 06:39:30 ns1 snort[22438]:         3-Way Handshake Timeout: 180
Aug 12 06:39:30 ns1 snort[22438]:         Detect Anomalies: YES
Aug 12 06:39:30 ns1 snort[22438]:     Reassembly Ports:
Aug 12 06:39:30 ns1 snort[22438]:       21 client (Footprint) 
Aug 12 06:39:30 ns1 snort[22438]:       22 client (Footprint) 
Aug 12 06:39:30 ns1 snort[22438]:       23 client (Footprint) 
Aug 12 06:39:30 ns1 snort[22438]:       25 client (Footprint) 
Aug 12 06:39:30 ns1 snort[22438]:       42 client (Footprint) 
Aug 12 06:39:30 ns1 snort[22438]:       53 client (Footprint) 
Aug 12 06:39:30 ns1 snort[22438]:       79 client (Footprint) 
Aug 12 06:39:30 ns1 snort[22438]:       80 client (Footprint) server (Footprint)
Aug 12 06:39:30 ns1 snort[22438]:       109 client (Footprint) 
Aug 12 06:39:30 ns1 snort[22438]:       110 client (Footprint) 
Aug 12 06:39:30 ns1 snort[22438]:       111 client (Footprint) 
Aug 12 06:39:30 ns1 snort[22438]:       113 client (Footprint) 
Aug 12 06:39:30 ns1 snort[22438]:       119 client (Footprint) 
Aug 12 06:39:30 ns1 snort[22438]:       135 client (Footprint) 
Aug 12 06:39:30 ns1 snort[22438]:       136 client (Footprint) 
Aug 12 06:39:30 ns1 snort[22438]:       137 client (Footprint) 
Aug 12 06:39:30 ns1 snort[22438]:       139 client (Footprint) 
Aug 12 06:39:30 ns1 snort[22438]:       143 client (Footprint) 
Aug 12 06:39:30 ns1 snort[22438]:       161 client (Footprint) 
Aug 12 06:39:30 ns1 snort[22438]:       311 client (Footprint) server (Footprint)
Aug 12 06:39:30 ns1 snort[22438]: Stream5 UDP Policy config:
Aug 12 06:39:30 ns1 snort[22438]:     Timeout: 180 seconds
Aug 12 06:39:30 ns1 snort[22438]: HttpInspect Config:
Aug 12 06:39:30 ns1 snort[22438]:     GLOBAL CONFIG
Aug 12 06:39:30 ns1 snort[22438]:       Max Pipeline Requests:    0
Aug 12 06:39:30 ns1 snort[22438]:       Inspection Type:          STATELESS
Aug 12 06:39:30 ns1 snort[22438]:       Detect Proxy Usage:       NO
Aug 12 06:39:30 ns1 snort[22438]:       IIS Unicode Map Filename: /etc/snort/unicode.map
Aug 12 06:39:30 ns1 snort[22438]:       IIS Unicode Map Codepage: 1252
Aug 12 06:39:30 ns1 snort[22438]: FATAL ERROR: /etc/snort/snort.conf(195) => Invalid keyword 'inspect_gzip' for server configuration.
Aug 12 06:49:33 ns1 snort[15775]: Found pid path directive (/var/run/snort_venet0.pid)
Aug 12 06:49:33 ns1 snort[15775]: Running in IDS mode
Aug 12 06:49:33 ns1 snort[15775]: 
Aug 12 06:49:33 ns1 snort[15775]:         --== Initializing Snort ==--
Aug 12 06:49:33 ns1 snort[15775]: Initializing Output Plugins!
Aug 12 06:49:33 ns1 snort[15775]: Initializing Preprocessors!
Aug 12 06:49:33 ns1 snort[15775]: Initializing Plug-ins!
Aug 12 06:49:33 ns1 snort[15775]: Parsing Rules file "/etc/snort/snort.conf"
Aug 12 06:49:33 ns1 snort[15775]: PortVar 'HTTP_PORTS' defined :
Aug 12 06:49:33 ns1 snort[15775]:  [ 80 311 591 593 901 1220 1414 1830 2301 2381 2809 3128 3702 5250 7001 7777 7779 8000 8008 8028 8080 8088 8118 8123 8180 8243 8280 8888 9090:9091 9443 9999 11371 ]
Aug 12 06:49:33 ns1 snort[15775]: 
Aug 12 06:49:33 ns1 snort[15775]: PortVar 'SHELLCODE_PORTS' defined :
Aug 12 06:49:33 ns1 snort[15775]:  [ 0:79 81:65535 ]
Aug 12 06:49:33 ns1 snort[15775]: 
Aug 12 06:49:33 ns1 snort[15775]: PortVar 'ORACLE_PORTS' defined :
Aug 12 06:49:33 ns1 snort[15775]:  [ 1024:65535 ]
Aug 12 06:49:33 ns1 snort[15775]: 
Aug 12 06:49:33 ns1 snort[15775]: PortVar 'SSH_PORTS' defined :
Aug 12 06:49:33 ns1 snort[15775]:  [ 22 ]
Aug 12 06:49:33 ns1 snort[15775]: 
Aug 12 06:49:33 ns1 snort[15775]: Detection:
Aug 12 06:49:33 ns1 snort[15775]:    Search-Method = Low-Mem-Q
Aug 12 06:49:33 ns1 snort[15775]:     Search-Method-Optimizations = enabled
Aug 12 06:49:33 ns1 snort[15775]: Found pid path directive (/var/run/snort_venet0.pid)
Aug 12 06:49:33 ns1 snort[15775]: Tagged Packet Limit: 256
Aug 12 06:49:33 ns1 snort[15775]: Loading dynamic engine /usr/lib/snort_dynamicengine/libsf_engine.so...
Aug 12 06:49:33 ns1 snort[15775]: done
Aug 12 06:49:33 ns1 snort[15775]: Loading all dynamic preprocessor libs from /usr/lib/snort_dynamicpreprocessor/...
Aug 12 06:49:33 ns1 snort[15775]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_smtp_preproc.so...
Aug 12 06:49:33 ns1 snort[15775]: done
Aug 12 06:49:33 ns1 snort[15775]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_ftptelnet_preproc.so...
Aug 12 06:49:33 ns1 snort[15775]: done
Aug 12 06:49:33 ns1 snort[15775]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_dns_preproc.so...
Aug 12 06:49:33 ns1 snort[15775]: done
Aug 12 06:49:33 ns1 snort[15775]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_sdf_preproc.so...
Aug 12 06:49:33 ns1 snort[15775]: done
Aug 12 06:49:33 ns1 snort[15775]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_dce2_preproc.so...
Aug 12 06:49:33 ns1 snort[15775]: done
Aug 12 06:49:33 ns1 snort[15775]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_ssl_preproc.so...
Aug 12 06:49:33 ns1 snort[15775]: done
Aug 12 06:49:33 ns1 snort[15775]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_ssh_preproc.so...
Aug 12 06:49:33 ns1 snort[15775]: done
Aug 12 06:49:33 ns1 snort[15775]:   Finished Loading all dynamic preprocessor libs from /usr/lib/snort_dynamicpreprocessor/
Aug 12 06:49:33 ns1 snort[15775]: Log directory = /var/log/snort
Aug 12 06:49:33 ns1 snort[15775]: Frag3 global config:
Aug 12 06:49:33 ns1 snort[15775]:     Max frags: 65536
Aug 12 06:49:33 ns1 snort[15775]:     Fragment memory cap: 4194304 bytes
Aug 12 06:49:33 ns1 snort[15775]: Frag3 engine config:
Aug 12 06:49:33 ns1 snort[15775]:     Target-based policy: WINDOWS
Aug 12 06:49:33 ns1 snort[15775]:     Fragment timeout: 180 seconds
Aug 12 06:49:33 ns1 snort[15775]:     Fragment min_ttl:   1
Aug 12 06:49:33 ns1 snort[15775]:     Fragment Problems: 1
Aug 12 06:49:33 ns1 snort[15775]:     Overlap Limit:     10
Aug 12 06:49:33 ns1 snort[15775]:     Min fragment Length:     100
Aug 12 06:49:33 ns1 snort[15775]: Stream5 global config:
Aug 12 06:49:33 ns1 snort[15775]:     Track TCP sessions: ACTIVE
Aug 12 06:49:33 ns1 snort[15775]:     Max TCP sessions: 8192
Aug 12 06:49:33 ns1 snort[15775]:     Memcap (for reassembly packet storage): 8388608
Aug 12 06:49:33 ns1 snort[15775]:     Track UDP sessions: ACTIVE
Aug 12 06:49:33 ns1 snort[15775]:     Max UDP sessions: 131072
Aug 12 06:49:33 ns1 snort[15775]:     Track ICMP sessions: INACTIVE
Aug 12 06:49:33 ns1 snort[15775]:     Log info if session memory consumption exceeds 1048576
Aug 12 06:49:33 ns1 snort[15775]: Stream5 TCP Policy config:
Aug 12 06:49:33 ns1 snort[15775]:     Reassembly Policy: WINDOWS
Aug 12 06:49:33 ns1 snort[15775]:     Timeout: 180 seconds
Aug 12 06:49:33 ns1 snort[15775]:     Limit on TCP Overlaps: 10
Aug 12 06:49:33 ns1 snort[15775]:     Maximum number of bytes to queue per session: 1048576
Aug 12 06:49:33 ns1 snort[15775]:     Maximum number of segs to queue per session: 2621
Aug 12 06:49:33 ns1 snort[15775]:     Options:
Aug 12 06:49:33 ns1 snort[15775]:         Require 3-Way Handshake: YES
Aug 12 06:49:33 ns1 snort[15775]:         3-Way Handshake Timeout: 180
Aug 12 06:49:33 ns1 snort[15775]:         Detect Anomalies: YES
Aug 12 06:49:33 ns1 snort[15775]:     Reassembly Ports:
Aug 12 06:49:33 ns1 snort[15775]:       21 client (Footprint) 
Aug 12 06:49:33 ns1 snort[15775]:       22 client (Footprint) 
Aug 12 06:49:33 ns1 snort[15775]:       23 client (Footprint) 
Aug 12 06:49:33 ns1 snort[15775]:       25 client (Footprint) 
Aug 12 06:49:33 ns1 snort[15775]:       42 client (Footprint) 
Aug 12 06:49:33 ns1 snort[15775]:       53 client (Footprint) 
Aug 12 06:49:33 ns1 snort[15775]:       79 client (Footprint) 
Aug 12 06:49:33 ns1 snort[15775]:       80 client (Footprint) server (Footprint)
Aug 12 06:49:33 ns1 snort[15775]:       109 client (Footprint) 
Aug 12 06:49:33 ns1 snort[15775]:       110 client (Footprint) 
Aug 12 06:49:33 ns1 snort[15775]:       111 client (Footprint) 
Aug 12 06:49:33 ns1 snort[15775]:       113 client (Footprint) 
Aug 12 06:49:33 ns1 snort[15775]:       119 client (Footprint) 
Aug 12 06:49:33 ns1 snort[15775]:       135 client (Footprint) 
Aug 12 06:49:33 ns1 snort[15775]:       136 client (Footprint) 
Aug 12 06:49:33 ns1 snort[15775]:       137 client (Footprint) 
Aug 12 06:49:33 ns1 snort[15775]:       139 client (Footprint) 
Aug 12 06:49:33 ns1 snort[15775]:       143 client (Footprint) 
Aug 12 06:49:33 ns1 snort[15775]:       161 client (Footprint) 
Aug 12 06:49:33 ns1 snort[15775]:       311 client (Footprint) server (Footprint)
Aug 12 06:49:33 ns1 snort[15775]: Stream5 UDP Policy config:
Aug 12 06:49:33 ns1 snort[15775]:     Timeout: 180 seconds
Aug 12 06:49:33 ns1 snort[15775]: HttpInspect Config:
Aug 12 06:49:33 ns1 snort[15775]:     GLOBAL CONFIG
Aug 12 06:49:33 ns1 snort[15775]:       Max Pipeline Requests:    0
Aug 12 06:49:33 ns1 snort[15775]:       Inspection Type:          STATELESS
Aug 12 06:49:33 ns1 snort[15775]:       Detect Proxy Usage:       NO
Aug 12 06:49:33 ns1 snort[15775]:       IIS Unicode Map Filename: /etc/snort/unicode.map
Aug 12 06:49:33 ns1 snort[15775]:       IIS Unicode Map Codepage: 1252
Aug 12 06:49:33 ns1 snort[15775]: FATAL ERROR: /etc/snort/snort.conf(195) => Invalid keyword 'inspect_gzip' for server configuration.
Aug 12 06:59:30 ns1 snort[9258]: Found pid path directive (/var/run/snort_venet0.pid)
Aug 12 06:59:30 ns1 snort[9258]: Running in IDS mode
Aug 12 06:59:30 ns1 snort[9258]: 
Aug 12 06:59:30 ns1 snort[9258]:         --== Initializing Snort ==--
Aug 12 06:59:30 ns1 snort[9258]: Initializing Output Plugins!
Aug 12 06:59:30 ns1 snort[9258]: Initializing Preprocessors!
Aug 12 06:59:30 ns1 snort[9258]: Initializing Plug-ins!
Aug 12 06:59:30 ns1 snort[9258]: Parsing Rules file "/etc/snort/snort.conf"
Aug 12 06:59:31 ns1 snort[9258]: PortVar 'HTTP_PORTS' defined :
Aug 12 06:59:31 ns1 snort[9258]:  [ 80 311 591 593 901 1220 1414 1830 2301 2381 2809 3128 3702 5250 7001 7777 7779 8000 8008 8028 8080 8088 8118 8123 8180 8243 8280 8888 9090:9091 9443 9999 11371 ]
Aug 12 06:59:31 ns1 snort[9258]: 
Aug 12 06:59:31 ns1 snort[9258]: PortVar 'SHELLCODE_PORTS' defined :
Aug 12 06:59:31 ns1 snort[9258]:  [ 0:79 81:65535 ]
Aug 12 06:59:31 ns1 snort[9258]: 
Aug 12 06:59:31 ns1 snort[9258]: PortVar 'ORACLE_PORTS' defined :
Aug 12 06:59:31 ns1 snort[9258]:  [ 1024:65535 ]
Aug 12 06:59:31 ns1 snort[9258]: 
Aug 12 06:59:31 ns1 snort[9258]: PortVar 'SSH_PORTS' defined :
Aug 12 06:59:31 ns1 snort[9258]:  [ 22 ]
Aug 12 06:59:31 ns1 snort[9258]: 
Aug 12 06:59:31 ns1 snort[9258]: Detection:
Aug 12 06:59:31 ns1 snort[9258]:    Search-Method = Low-Mem-Q
Aug 12 06:59:31 ns1 snort[9258]:     Search-Method-Optimizations = enabled
Aug 12 06:59:31 ns1 snort[9258]: Found pid path directive (/var/run/snort_venet0.pid)
Aug 12 06:59:31 ns1 snort[9258]: Tagged Packet Limit: 256
Aug 12 06:59:31 ns1 snort[9258]: Loading dynamic engine /usr/lib/snort_dynamicengine/libsf_engine.so...
Aug 12 06:59:31 ns1 snort[9258]: done
Aug 12 06:59:31 ns1 snort[9258]: Loading all dynamic preprocessor libs from /usr/lib/snort_dynamicpreprocessor/...
Aug 12 06:59:31 ns1 snort[9258]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_smtp_preproc.so...
Aug 12 06:59:31 ns1 snort[9258]: done
Aug 12 06:59:31 ns1 snort[9258]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_ftptelnet_preproc.so...
Aug 12 06:59:31 ns1 snort[9258]: done
Aug 12 06:59:31 ns1 snort[9258]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_dns_preproc.so...
Aug 12 06:59:31 ns1 snort[9258]: done
Aug 12 06:59:31 ns1 snort[9258]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_sdf_preproc.so...
Aug 12 06:59:31 ns1 snort[9258]: done
Aug 12 06:59:31 ns1 snort[9258]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_dce2_preproc.so...
Aug 12 06:59:31 ns1 snort[9258]: done
Aug 12 06:59:31 ns1 snort[9258]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_ssl_preproc.so...
Aug 12 06:59:31 ns1 snort[9258]: done
Aug 12 06:59:31 ns1 snort[9258]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_ssh_preproc.so...
Aug 12 06:59:31 ns1 snort[9258]: done
Aug 12 06:59:31 ns1 snort[9258]:   Finished Loading all dynamic preprocessor libs from /usr/lib/snort_dynamicpreprocessor/
Aug 12 06:59:31 ns1 snort[9258]: Log directory = /var/log/snort
Aug 12 06:59:31 ns1 snort[9258]: Frag3 global config:
Aug 12 06:59:31 ns1 snort[9258]:     Max frags: 65536
Aug 12 06:59:31 ns1 snort[9258]:     Fragment memory cap: 4194304 bytes
Aug 12 06:59:31 ns1 snort[9258]: Frag3 engine config:
Aug 12 06:59:31 ns1 snort[9258]:     Target-based policy: WINDOWS
Aug 12 06:59:31 ns1 snort[9258]:     Fragment timeout: 180 seconds
Aug 12 06:59:31 ns1 snort[9258]:     Fragment min_ttl:   1
Aug 12 06:59:31 ns1 snort[9258]:     Fragment Problems: 1
Aug 12 06:59:31 ns1 snort[9258]:     Overlap Limit:     10
Aug 12 06:59:31 ns1 snort[9258]:     Min fragment Length:     100
Aug 12 06:59:31 ns1 snort[9258]: Stream5 global config:
Aug 12 06:59:31 ns1 snort[9258]:     Track TCP sessions: ACTIVE
Aug 12 06:59:31 ns1 snort[9258]:     Max TCP sessions: 8192
Aug 12 06:59:31 ns1 snort[9258]:     Memcap (for reassembly packet storage): 8388608
Aug 12 06:59:31 ns1 snort[9258]:     Track UDP sessions: ACTIVE
Aug 12 06:59:31 ns1 snort[9258]:     Max UDP sessions: 131072
Aug 12 06:59:31 ns1 snort[9258]:     Track ICMP sessions: INACTIVE
Aug 12 06:59:31 ns1 snort[9258]:     Log info if session memory consumption exceeds 1048576
Aug 12 06:59:31 ns1 snort[9258]: Stream5 TCP Policy config:
Aug 12 06:59:31 ns1 snort[9258]:     Reassembly Policy: WINDOWS
Aug 12 06:59:31 ns1 snort[9258]:     Timeout: 180 seconds
Aug 12 06:59:31 ns1 snort[9258]:     Limit on TCP Overlaps: 10
Aug 12 06:59:31 ns1 snort[9258]:     Maximum number of bytes to queue per session: 1048576
Aug 12 06:59:31 ns1 snort[9258]:     Maximum number of segs to queue per session: 2621
Aug 12 06:59:31 ns1 snort[9258]:     Options:
Aug 12 06:59:31 ns1 snort[9258]:         Require 3-Way Handshake: YES
Aug 12 06:59:31 ns1 snort[9258]:         3-Way Handshake Timeout: 180
Aug 12 06:59:31 ns1 snort[9258]:         Detect Anomalies: YES
Aug 12 06:59:31 ns1 snort[9258]:     Reassembly Ports:
Aug 12 06:59:31 ns1 snort[9258]:       21 client (Footprint) 
Aug 12 06:59:31 ns1 snort[9258]:       22 client (Footprint) 
Aug 12 06:59:31 ns1 snort[9258]:       23 client (Footprint) 
Aug 12 06:59:31 ns1 snort[9258]:       25 client (Footprint) 
Aug 12 06:59:31 ns1 snort[9258]:       42 client (Footprint) 
Aug 12 06:59:31 ns1 snort[9258]:       53 client (Footprint) 
Aug 12 06:59:31 ns1 snort[9258]:       79 client (Footprint) 
Aug 12 06:59:31 ns1 snort[9258]:       80 client (Footprint) server (Footprint)
Aug 12 06:59:31 ns1 snort[9258]:       109 client (Footprint) 
Aug 12 06:59:31 ns1 snort[9258]:       110 client (Footprint) 
Aug 12 06:59:31 ns1 snort[9258]:       111 client (Footprint) 
Aug 12 06:59:31 ns1 snort[9258]:       113 client (Footprint) 
Aug 12 06:59:31 ns1 snort[9258]:       119 client (Footprint) 
Aug 12 06:59:31 ns1 snort[9258]:       135 client (Footprint) 
Aug 12 06:59:31 ns1 snort[9258]:       136 client (Footprint) 
Aug 12 06:59:31 ns1 snort[9258]:       137 client (Footprint) 
Aug 12 06:59:31 ns1 snort[9258]:       139 client (Footprint) 
Aug 12 06:59:31 ns1 snort[9258]:       143 client (Footprint) 
Aug 12 06:59:31 ns1 snort[9258]:       161 client (Footprint) 
Aug 12 06:59:31 ns1 snort[9258]:       311 client (Footprint) server (Footprint)
Aug 12 06:59:31 ns1 snort[9258]: Stream5 UDP Policy config:
Aug 12 06:59:31 ns1 snort[9258]:     Timeout: 180 seconds
Aug 12 06:59:31 ns1 snort[9258]: HttpInspect Config:
Aug 12 06:59:31 ns1 snort[9258]:     GLOBAL CONFIG
Aug 12 06:59:31 ns1 snort[9258]:       Max Pipeline Requests:    0
Aug 12 06:59:31 ns1 snort[9258]:       Inspection Type:          STATELESS
Aug 12 06:59:31 ns1 snort[9258]:       Detect Proxy Usage:       NO
Aug 12 06:59:31 ns1 snort[9258]:       IIS Unicode Map Filename: /etc/snort/unicode.map
Aug 12 06:59:31 ns1 snort[9258]:       IIS Unicode Map Codepage: 1252
Aug 12 06:59:31 ns1 snort[9258]: FATAL ERROR: /etc/snort/snort.conf(195) => Invalid keyword 'inspect_gzip' for server configuration.
Aug 12 07:09:33 ns1 snort[3295]: Found pid path directive (/var/run/snort_venet0.pid)
Aug 12 07:09:33 ns1 snort[3295]: Running in IDS mode
Aug 12 07:09:33 ns1 snort[3295]: 
Aug 12 07:09:33 ns1 snort[3295]:         --== Initializing Snort ==--
Aug 12 07:09:33 ns1 snort[3295]: Initializing Output Plugins!
Aug 12 07:09:33 ns1 snort[3295]: Initializing Preprocessors!
Aug 12 07:09:33 ns1 snort[3295]: Initializing Plug-ins!
Aug 12 07:09:33 ns1 snort[3295]: Parsing Rules file "/etc/snort/snort.conf"
Aug 12 07:09:33 ns1 snort[3295]: PortVar 'HTTP_PORTS' defined :
Aug 12 07:09:33 ns1 snort[3295]:  [ 80 311 591 593 901 1220 1414 1830 2301 2381 2809 3128 3702 5250 7001 7777 7779 8000 8008 8028 8080 8088 8118 8123 8180 8243 8280 8888 9090:9091 9443 9999 11371 ]
Aug 12 07:09:33 ns1 snort[3295]: 
Aug 12 07:09:33 ns1 snort[3295]: PortVar 'SHELLCODE_PORTS' defined :
Aug 12 07:09:33 ns1 snort[3295]:  [ 0:79 81:65535 ]
Aug 12 07:09:33 ns1 snort[3295]: 
Aug 12 07:09:33 ns1 snort[3295]: PortVar 'ORACLE_PORTS' defined :
Aug 12 07:09:33 ns1 snort[3295]:  [ 1024:65535 ]
Aug 12 07:09:33 ns1 snort[3295]: 
Aug 12 07:09:33 ns1 snort[3295]: PortVar 'SSH_PORTS' defined :
Aug 12 07:09:33 ns1 snort[3295]:  [ 22 ]
Aug 12 07:09:33 ns1 snort[3295]: 
Aug 12 07:09:33 ns1 snort[3295]: Detection:
Aug 12 07:09:33 ns1 snort[3295]:    Search-Method = Low-Mem-Q
Aug 12 07:09:33 ns1 snort[3295]:     Search-Method-Optimizations = enabled
Aug 12 07:09:33 ns1 snort[3295]: Found pid path directive (/var/run/snort_venet0.pid)
Aug 12 07:09:33 ns1 snort[3295]: Tagged Packet Limit: 256
Aug 12 07:09:33 ns1 snort[3295]: Loading dynamic engine /usr/lib/snort_dynamicengine/libsf_engine.so...
Aug 12 07:09:33 ns1 snort[3295]: done
Aug 12 07:09:33 ns1 snort[3295]: Loading all dynamic preprocessor libs from /usr/lib/snort_dynamicpreprocessor/...
Aug 12 07:09:33 ns1 snort[3295]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_smtp_preproc.so...
Aug 12 07:09:33 ns1 snort[3295]: done
Aug 12 07:09:33 ns1 snort[3295]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_ftptelnet_preproc.so...
Aug 12 07:09:33 ns1 snort[3295]: done
Aug 12 07:09:33 ns1 snort[3295]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_dns_preproc.so...
Aug 12 07:09:33 ns1 snort[3295]: done
Aug 12 07:09:33 ns1 snort[3295]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_sdf_preproc.so...
Aug 12 07:09:33 ns1 snort[3295]: done
Aug 12 07:09:33 ns1 snort[3295]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_dce2_preproc.so...
Aug 12 07:09:33 ns1 snort[3295]: done
Aug 12 07:09:33 ns1 snort[3295]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_ssl_preproc.so...
Aug 12 07:09:33 ns1 snort[3295]: done
Aug 12 07:09:33 ns1 snort[3295]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_ssh_preproc.so...
Aug 12 07:09:33 ns1 snort[3295]: done
Aug 12 07:09:33 ns1 snort[3295]:   Finished Loading all dynamic preprocessor libs from /usr/lib/snort_dynamicpreprocessor/
Aug 12 07:09:33 ns1 snort[3295]: Log directory = /var/log/snort
Aug 12 07:09:33 ns1 snort[3295]: Frag3 global config:
Aug 12 07:09:33 ns1 snort[3295]:     Max frags: 65536
Aug 12 07:09:33 ns1 snort[3295]:     Fragment memory cap: 4194304 bytes
Aug 12 07:09:33 ns1 snort[3295]: Frag3 engine config:
Aug 12 07:09:33 ns1 snort[3295]:     Target-based policy: WINDOWS
Aug 12 07:09:33 ns1 snort[3295]:     Fragment timeout: 180 seconds
Aug 12 07:09:33 ns1 snort[3295]:     Fragment min_ttl:   1
Aug 12 07:09:33 ns1 snort[3295]:     Fragment Problems: 1
Aug 12 07:09:33 ns1 snort[3295]:     Overlap Limit:     10
Aug 12 07:09:33 ns1 snort[3295]:     Min fragment Length:     100
Aug 12 07:09:33 ns1 snort[3295]: Stream5 global config:
Aug 12 07:09:33 ns1 snort[3295]:     Track TCP sessions: ACTIVE
Aug 12 07:09:33 ns1 snort[3295]:     Max TCP sessions: 8192
Aug 12 07:09:33 ns1 snort[3295]:     Memcap (for reassembly packet storage): 8388608
Aug 12 07:09:33 ns1 snort[3295]:     Track UDP sessions: ACTIVE
Aug 12 07:09:33 ns1 snort[3295]:     Max UDP sessions: 131072
Aug 12 07:09:33 ns1 snort[3295]:     Track ICMP sessions: INACTIVE
Aug 12 07:09:33 ns1 snort[3295]:     Log info if session memory consumption exceeds 1048576
Aug 12 07:09:33 ns1 snort[3295]: Stream5 TCP Policy config:
Aug 12 07:09:33 ns1 snort[3295]:     Reassembly Policy: WINDOWS
Aug 12 07:09:33 ns1 snort[3295]:     Timeout: 180 seconds
Aug 12 07:09:33 ns1 snort[3295]:     Limit on TCP Overlaps: 10
Aug 12 07:09:33 ns1 snort[3295]:     Maximum number of bytes to queue per session: 1048576
Aug 12 07:09:33 ns1 snort[3295]:     Maximum number of segs to queue per session: 2621
Aug 12 07:09:33 ns1 snort[3295]:     Options:
Aug 12 07:09:33 ns1 snort[3295]:         Require 3-Way Handshake: YES
Aug 12 07:09:33 ns1 snort[3295]:         3-Way Handshake Timeout: 180
Aug 12 07:09:33 ns1 snort[3295]:         Detect Anomalies: YES
Aug 12 07:09:33 ns1 snort[3295]:     Reassembly Ports:
Aug 12 07:09:33 ns1 snort[3295]:       21 client (Footprint) 
Aug 12 07:09:33 ns1 snort[3295]:       22 client (Footprint) 
Aug 12 07:09:33 ns1 snort[3295]:       23 client (Footprint) 
Aug 12 07:09:33 ns1 snort[3295]:       25 client (Footprint) 
Aug 12 07:09:33 ns1 snort[3295]:       42 client (Footprint) 
Aug 12 07:09:33 ns1 snort[3295]:       53 client (Footprint) 
Aug 12 07:09:33 ns1 snort[3295]:       79 client (Footprint) 
Aug 12 07:09:33 ns1 snort[3295]:       80 client (Footprint) server (Footprint)
Aug 12 07:09:33 ns1 snort[3295]:       109 client (Footprint) 
Aug 12 07:09:33 ns1 snort[3295]:       110 client (Footprint) 
Aug 12 07:09:33 ns1 snort[3295]:       111 client (Footprint) 
Aug 12 07:09:33 ns1 snort[3295]:       113 client (Footprint) 
Aug 12 07:09:33 ns1 snort[3295]:       119 client (Footprint) 
Aug 12 07:09:33 ns1 snort[3295]:       135 client (Footprint) 
Aug 12 07:09:33 ns1 snort[3295]:       136 client (Footprint) 
Aug 12 07:09:33 ns1 snort[3295]:       137 client (Footprint) 
Aug 12 07:09:33 ns1 snort[3295]:       139 client (Footprint) 
Aug 12 07:09:33 ns1 snort[3295]:       143 client (Footprint) 
Aug 12 07:09:33 ns1 snort[3295]:       161 client (Footprint) 
Aug 12 07:09:33 ns1 snort[3295]:       311 client (Footprint) server (Footprint)
Aug 12 07:09:33 ns1 snort[3295]: Stream5 UDP Policy config:
Aug 12 07:09:33 ns1 snort[3295]:     Timeout: 180 seconds
Aug 12 07:09:33 ns1 snort[3295]: HttpInspect Config:
Aug 12 07:09:33 ns1 snort[3295]:     GLOBAL CONFIG
Aug 12 07:09:33 ns1 snort[3295]:       Max Pipeline Requests:    0
Aug 12 07:09:33 ns1 snort[3295]:       Inspection Type:          STATELESS
Aug 12 07:09:33 ns1 snort[3295]:       Detect Proxy Usage:       NO
Aug 12 07:09:33 ns1 snort[3295]:       IIS Unicode Map Filename: /etc/snort/unicode.map
Aug 12 07:09:33 ns1 snort[3295]:       IIS Unicode Map Codepage: 1252
Aug 12 07:09:33 ns1 snort[3295]: FATAL ERROR: /etc/snort/snort.conf(195) => Invalid keyword 'inspect_gzip' for server configuration.
Aug 12 07:19:30 ns1 snort[27904]: Found pid path directive (/var/run/snort_venet0.pid)
Aug 12 07:19:30 ns1 snort[27904]: Running in IDS mode
Aug 12 07:19:30 ns1 snort[27904]: 
Aug 12 07:19:30 ns1 snort[27904]:         --== Initializing Snort ==--
Aug 12 07:19:30 ns1 snort[27904]: Initializing Output Plugins!
Aug 12 07:19:30 ns1 snort[27904]: Initializing Preprocessors!
Aug 12 07:19:30 ns1 snort[27904]: Initializing Plug-ins!
Aug 12 07:19:30 ns1 snort[27904]: Parsing Rules file "/etc/snort/snort.conf"
Aug 12 07:19:31 ns1 snort[27904]: PortVar 'HTTP_PORTS' defined :
Aug 12 07:19:31 ns1 snort[27904]:  [ 80 311 591 593 901 1220 1414 1830 2301 2381 2809 3128 3702 5250 7001 7777 7779 8000 8008 8028 8080 8088 8118 8123 8180 8243 8280 8888 9090:9091 9443 9999 11371 ]
Aug 12 07:19:31 ns1 snort[27904]: 
Aug 12 07:19:31 ns1 snort[27904]: PortVar 'SHELLCODE_PORTS' defined :
Aug 12 07:19:31 ns1 snort[27904]:  [ 0:79 81:65535 ]
Aug 12 07:19:31 ns1 snort[27904]: 
Aug 12 07:19:31 ns1 snort[27904]: PortVar 'ORACLE_PORTS' defined :
Aug 12 07:19:31 ns1 snort[27904]:  [ 1024:65535 ]
Aug 12 07:19:31 ns1 snort[27904]: 
Aug 12 07:19:31 ns1 snort[27904]: PortVar 'SSH_PORTS' defined :
Aug 12 07:19:31 ns1 snort[27904]:  [ 22 ]
Aug 12 07:19:31 ns1 snort[27904]: 
Aug 12 07:19:31 ns1 snort[27904]: Detection:
Aug 12 07:19:31 ns1 snort[27904]:    Search-Method = Low-Mem-Q
Aug 12 07:19:31 ns1 snort[27904]:     Search-Method-Optimizations = enabled
Aug 12 07:19:31 ns1 snort[27904]: Found pid path directive (/var/run/snort_venet0.pid)
Aug 12 07:19:31 ns1 snort[27904]: Tagged Packet Limit: 256
Aug 12 07:19:31 ns1 snort[27904]: Loading dynamic engine /usr/lib/snort_dynamicengine/libsf_engine.so...
Aug 12 07:19:31 ns1 snort[27904]: done
Aug 12 07:19:31 ns1 snort[27904]: Loading all dynamic preprocessor libs from /usr/lib/snort_dynamicpreprocessor/...
Aug 12 07:19:31 ns1 snort[27904]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_smtp_preproc.so...
Aug 12 07:19:31 ns1 snort[27904]: done
Aug 12 07:19:31 ns1 snort[27904]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_ftptelnet_preproc.so...
Aug 12 07:19:31 ns1 snort[27904]: done
Aug 12 07:19:31 ns1 snort[27904]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_dns_preproc.so...
Aug 12 07:19:31 ns1 snort[27904]: done
Aug 12 07:19:31 ns1 snort[27904]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_sdf_preproc.so...
Aug 12 07:19:31 ns1 snort[27904]: done
Aug 12 07:19:31 ns1 snort[27904]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_dce2_preproc.so...
Aug 12 07:19:31 ns1 snort[27904]: done
Aug 12 07:19:31 ns1 snort[27904]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_ssl_preproc.so...
Aug 12 07:19:31 ns1 snort[27904]: done
Aug 12 07:19:31 ns1 snort[27904]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_ssh_preproc.so...
Aug 12 07:19:31 ns1 snort[27904]: done
Aug 12 07:19:31 ns1 snort[27904]:   Finished Loading all dynamic preprocessor libs from /usr/lib/snort_dynamicpreprocessor/
Aug 12 07:19:31 ns1 snort[27904]: Log directory = /var/log/snort
Aug 12 07:19:31 ns1 snort[27904]: Frag3 global config:
Aug 12 07:19:31 ns1 snort[27904]:     Max frags: 65536
Aug 12 07:19:31 ns1 snort[27904]:     Fragment memory cap: 4194304 bytes
Aug 12 07:19:31 ns1 snort[27904]: Frag3 engine config:
Aug 12 07:19:31 ns1 snort[27904]:     Target-based policy: WINDOWS
Aug 12 07:19:31 ns1 snort[27904]:     Fragment timeout: 180 seconds
Aug 12 07:19:31 ns1 snort[27904]:     Fragment min_ttl:   1
Aug 12 07:19:31 ns1 snort[27904]:     Fragment Problems: 1
Aug 12 07:19:31 ns1 snort[27904]:     Overlap Limit:     10
Aug 12 07:19:31 ns1 snort[27904]:     Min fragment Length:     100
Aug 12 07:19:31 ns1 snort[27904]: Stream5 global config:
Aug 12 07:19:31 ns1 snort[27904]:     Track TCP sessions: ACTIVE
Aug 12 07:19:31 ns1 snort[27904]:     Max TCP sessions: 8192
Aug 12 07:19:31 ns1 snort[27904]:     Memcap (for reassembly packet storage): 8388608
Aug 12 07:19:31 ns1 snort[27904]:     Track UDP sessions: ACTIVE
Aug 12 07:19:31 ns1 snort[27904]:     Max UDP sessions: 131072
Aug 12 07:19:31 ns1 snort[27904]:     Track ICMP sessions: INACTIVE
Aug 12 07:19:31 ns1 snort[27904]:     Log info if session memory consumption exceeds 1048576
Aug 12 07:19:31 ns1 snort[27904]: Stream5 TCP Policy config:
Aug 12 07:19:31 ns1 snort[27904]:     Reassembly Policy: WINDOWS
Aug 12 07:19:31 ns1 snort[27904]:     Timeout: 180 seconds
Aug 12 07:19:31 ns1 snort[27904]:     Limit on TCP Overlaps: 10
Aug 12 07:19:31 ns1 snort[27904]:     Maximum number of bytes to queue per session: 1048576
Aug 12 07:19:31 ns1 snort[27904]:     Maximum number of segs to queue per session: 2621
Aug 12 07:19:31 ns1 snort[27904]:     Options:
Aug 12 07:19:31 ns1 snort[27904]:         Require 3-Way Handshake: YES
Aug 12 07:19:31 ns1 snort[27904]:         3-Way Handshake Timeout: 180
Aug 12 07:19:31 ns1 snort[27904]:         Detect Anomalies: YES
Aug 12 07:19:31 ns1 snort[27904]:     Reassembly Ports:

Last edited by Friend7 on Fri Aug 12, 2011 2:42 pm, edited 1 time in total.
Best Regards,
Friend7
 
Posts: 2373
Joined: Sun Feb 06, 2011 3:41 pm
Artica servers number: 1
Linux System: Debian
Technical skills: A newbee

Re: unable to stat snort_dynamicrules directory [OPEN]

New postby Friend7 » Fri Aug 12, 2011 2:40 pm

Code: Select all
Aug 12 07:19:31 ns1 snort[27904]:       21 client (Footprint) 
Aug 12 07:19:31 ns1 snort[27904]:       22 client (Footprint) 
Aug 12 07:19:31 ns1 snort[27904]:       23 client (Footprint) 
Aug 12 07:19:31 ns1 snort[27904]:       25 client (Footprint) 
Aug 12 07:19:31 ns1 snort[27904]:       42 client (Footprint) 
Aug 12 07:19:31 ns1 snort[27904]:       53 client (Footprint) 
Aug 12 07:19:31 ns1 snort[27904]:       79 client (Footprint) 
Aug 12 07:19:31 ns1 snort[27904]:       80 client (Footprint) server (Footprint)
Aug 12 07:19:31 ns1 snort[27904]:       109 client (Footprint) 
Aug 12 07:19:31 ns1 snort[27904]:       110 client (Footprint) 
Aug 12 07:19:31 ns1 snort[27904]:       111 client (Footprint) 
Aug 12 07:19:31 ns1 snort[27904]:       113 client (Footprint) 
Aug 12 07:19:31 ns1 snort[27904]:       119 client (Footprint) 
Aug 12 07:19:31 ns1 snort[27904]:       135 client (Footprint) 
Aug 12 07:19:31 ns1 snort[27904]:       136 client (Footprint) 
Aug 12 07:19:31 ns1 snort[27904]:       137 client (Footprint) 
Aug 12 07:19:31 ns1 snort[27904]:       139 client (Footprint) 
Aug 12 07:19:31 ns1 snort[27904]:       143 client (Footprint) 
Aug 12 07:19:31 ns1 snort[27904]:       161 client (Footprint) 
Aug 12 07:19:31 ns1 snort[27904]:       311 client (Footprint) server (Footprint)
Aug 12 07:19:31 ns1 snort[27904]: Stream5 UDP Policy config:
Aug 12 07:19:31 ns1 snort[27904]:     Timeout: 180 seconds
Aug 12 07:19:31 ns1 snort[27904]: HttpInspect Config:
Aug 12 07:19:31 ns1 snort[27904]:     GLOBAL CONFIG
Aug 12 07:19:31 ns1 snort[27904]:       Max Pipeline Requests:    0
Aug 12 07:19:31 ns1 snort[27904]:       Inspection Type:          STATELESS
Aug 12 07:19:31 ns1 snort[27904]:       Detect Proxy Usage:       NO
Aug 12 07:19:31 ns1 snort[27904]:       IIS Unicode Map Filename: /etc/snort/unicode.map
Aug 12 07:19:31 ns1 snort[27904]:       IIS Unicode Map Codepage: 1252
Aug 12 07:19:31 ns1 snort[27904]: FATAL ERROR: /etc/snort/snort.conf(195) => Invalid keyword 'inspect_gzip' for server configuration.
Aug 12 07:29:32 ns1 snort[21933]: Found pid path directive (/var/run/snort_venet0.pid)
Aug 12 07:29:32 ns1 snort[21933]: Running in IDS mode
Aug 12 07:29:32 ns1 snort[21933]: 
Aug 12 07:29:32 ns1 snort[21933]:         --== Initializing Snort ==--
Aug 12 07:29:32 ns1 snort[21933]: Initializing Output Plugins!
Aug 12 07:29:32 ns1 snort[21933]: Initializing Preprocessors!
Aug 12 07:29:32 ns1 snort[21933]: Initializing Plug-ins!
Aug 12 07:29:32 ns1 snort[21933]: Parsing Rules file "/etc/snort/snort.conf"
Aug 12 07:29:32 ns1 snort[21933]: PortVar 'HTTP_PORTS' defined :
Aug 12 07:29:32 ns1 snort[21933]:  [ 80 311 591 593 901 1220 1414 1830 2301 2381 2809 3128 3702 5250 7001 7777 7779 8000 8008 8028 8080 8088 8118 8123 8180 8243 8280 8888 9090:9091 9443 9999 11371 ]
Aug 12 07:29:32 ns1 snort[21933]: 
Aug 12 07:29:32 ns1 snort[21933]: PortVar 'SHELLCODE_PORTS' defined :
Aug 12 07:29:32 ns1 snort[21933]:  [ 0:79 81:65535 ]
Aug 12 07:29:32 ns1 snort[21933]: 
Aug 12 07:29:32 ns1 snort[21933]: PortVar 'ORACLE_PORTS' defined :
Aug 12 07:29:32 ns1 snort[21933]:  [ 1024:65535 ]
Aug 12 07:29:32 ns1 snort[21933]: 
Aug 12 07:29:32 ns1 snort[21933]: PortVar 'SSH_PORTS' defined :
Aug 12 07:29:32 ns1 snort[21933]:  [ 22 ]
Aug 12 07:29:32 ns1 snort[21933]: 
Aug 12 07:29:32 ns1 snort[21933]: Detection:
Aug 12 07:29:32 ns1 snort[21933]:    Search-Method = Low-Mem-Q
Aug 12 07:29:32 ns1 snort[21933]:     Search-Method-Optimizations = enabled
Aug 12 07:29:32 ns1 snort[21933]: Found pid path directive (/var/run/snort_venet0.pid)
Aug 12 07:29:32 ns1 snort[21933]: Tagged Packet Limit: 256
Aug 12 07:29:32 ns1 snort[21933]: Loading dynamic engine /usr/lib/snort_dynamicengine/libsf_engine.so...
Aug 12 07:29:32 ns1 snort[21933]: done
Aug 12 07:29:32 ns1 snort[21933]: Loading all dynamic preprocessor libs from /usr/lib/snort_dynamicpreprocessor/...
Aug 12 07:29:32 ns1 snort[21933]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_smtp_preproc.so...
Aug 12 07:29:32 ns1 snort[21933]: done
Aug 12 07:29:32 ns1 snort[21933]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_ftptelnet_preproc.so...
Aug 12 07:29:32 ns1 snort[21933]: done
Aug 12 07:29:32 ns1 snort[21933]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_dns_preproc.so...
Aug 12 07:29:32 ns1 snort[21933]: done
Aug 12 07:29:32 ns1 snort[21933]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_sdf_preproc.so...
Aug 12 07:29:32 ns1 snort[21933]: done
Aug 12 07:29:32 ns1 snort[21933]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_dce2_preproc.so...
Aug 12 07:29:32 ns1 snort[21933]: done
Aug 12 07:29:32 ns1 snort[21933]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_ssl_preproc.so...
Aug 12 07:29:32 ns1 snort[21933]: done
Aug 12 07:29:32 ns1 snort[21933]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_ssh_preproc.so...
Aug 12 07:29:32 ns1 snort[21933]: done
Aug 12 07:29:32 ns1 snort[21933]:   Finished Loading all dynamic preprocessor libs from /usr/lib/snort_dynamicpreprocessor/
Aug 12 07:29:32 ns1 snort[21933]: Log directory = /var/log/snort
Aug 12 07:29:32 ns1 snort[21933]: Frag3 global config:
Aug 12 07:29:32 ns1 snort[21933]:     Max frags: 65536
Aug 12 07:29:32 ns1 snort[21933]:     Fragment memory cap: 4194304 bytes
Aug 12 07:29:32 ns1 snort[21933]: Frag3 engine config:
Aug 12 07:29:32 ns1 snort[21933]:     Target-based policy: WINDOWS
Aug 12 07:29:32 ns1 snort[21933]:     Fragment timeout: 180 seconds
Aug 12 07:29:32 ns1 snort[21933]:     Fragment min_ttl:   1
Aug 12 07:29:32 ns1 snort[21933]:     Fragment Problems: 1
Aug 12 07:29:32 ns1 snort[21933]:     Overlap Limit:     10
Aug 12 07:29:32 ns1 snort[21933]:     Min fragment Length:     100
Aug 12 07:29:32 ns1 snort[21933]: Stream5 global config:
Aug 12 07:29:32 ns1 snort[21933]:     Track TCP sessions: ACTIVE
Aug 12 07:29:32 ns1 snort[21933]:     Max TCP sessions: 8192
Aug 12 07:29:32 ns1 snort[21933]:     Memcap (for reassembly packet storage): 8388608
Aug 12 07:29:32 ns1 snort[21933]:     Track UDP sessions: ACTIVE
Aug 12 07:29:32 ns1 snort[21933]:     Max UDP sessions: 131072
Aug 12 07:29:32 ns1 snort[21933]:     Track ICMP sessions: INACTIVE
Aug 12 07:29:32 ns1 snort[21933]:     Log info if session memory consumption exceeds 1048576
Aug 12 07:29:32 ns1 snort[21933]: Stream5 TCP Policy config:
Aug 12 07:29:32 ns1 snort[21933]:     Reassembly Policy: WINDOWS
Aug 12 07:29:32 ns1 snort[21933]:     Timeout: 180 seconds
Aug 12 07:29:32 ns1 snort[21933]:     Limit on TCP Overlaps: 10
Aug 12 07:29:32 ns1 snort[21933]:     Maximum number of bytes to queue per session: 1048576
Aug 12 07:29:32 ns1 snort[21933]:     Maximum number of segs to queue per session: 2621
Aug 12 07:29:32 ns1 snort[21933]:     Options:
Aug 12 07:29:32 ns1 snort[21933]:         Require 3-Way Handshake: YES
Aug 12 07:29:32 ns1 snort[21933]:         3-Way Handshake Timeout: 180
Aug 12 07:29:32 ns1 snort[21933]:         Detect Anomalies: YES
Aug 12 07:29:32 ns1 snort[21933]:     Reassembly Ports:
Aug 12 07:29:32 ns1 snort[21933]:       21 client (Footprint) 
Aug 12 07:29:32 ns1 snort[21933]:       22 client (Footprint) 
Aug 12 07:29:32 ns1 snort[21933]:       23 client (Footprint) 
Aug 12 07:29:32 ns1 snort[21933]:       25 client (Footprint) 
Aug 12 07:29:32 ns1 snort[21933]:       42 client (Footprint) 
Aug 12 07:29:32 ns1 snort[21933]:       53 client (Footprint) 
Aug 12 07:29:32 ns1 snort[21933]:       79 client (Footprint) 
Aug 12 07:29:32 ns1 snort[21933]:       80 client (Footprint) server (Footprint)
Aug 12 07:29:32 ns1 snort[21933]:       109 client (Footprint) 
Aug 12 07:29:32 ns1 snort[21933]:       110 client (Footprint) 
Aug 12 07:29:32 ns1 snort[21933]:       111 client (Footprint) 
Aug 12 07:29:32 ns1 snort[21933]:       113 client (Footprint) 
Aug 12 07:29:32 ns1 snort[21933]:       119 client (Footprint) 
Aug 12 07:29:32 ns1 snort[21933]:       135 client (Footprint) 
Aug 12 07:29:32 ns1 snort[21933]:       136 client (Footprint) 
Aug 12 07:29:32 ns1 snort[21933]:       137 client (Footprint) 
Aug 12 07:29:32 ns1 snort[21933]:       139 client (Footprint) 
Aug 12 07:29:32 ns1 snort[21933]:       143 client (Footprint) 
Aug 12 07:29:32 ns1 snort[21933]:       161 client (Footprint) 
Aug 12 07:29:32 ns1 snort[21933]:       311 client (Footprint) server (Footprint)
Aug 12 07:29:33 ns1 snort[21933]: Stream5 UDP Policy config:
Aug 12 07:29:33 ns1 snort[21933]:     Timeout: 180 seconds
Aug 12 07:29:33 ns1 snort[21933]: HttpInspect Config:
Aug 12 07:29:33 ns1 snort[21933]:     GLOBAL CONFIG
Aug 12 07:29:33 ns1 snort[21933]:       Max Pipeline Requests:    0
Aug 12 07:29:33 ns1 snort[21933]:       Inspection Type:          STATELESS
Aug 12 07:29:33 ns1 snort[21933]:       Detect Proxy Usage:       NO
Aug 12 07:29:33 ns1 snort[21933]:       IIS Unicode Map Filename: /etc/snort/unicode.map
Aug 12 07:29:33 ns1 snort[21933]:       IIS Unicode Map Codepage: 1252
Aug 12 07:29:33 ns1 snort[21933]: FATAL ERROR: /etc/snort/snort.conf(195) => Invalid keyword 'inspect_gzip' for server configuration.
Aug 12 07:39:30 ns1 snort[13408]: Found pid path directive (/var/run/snort_venet0.pid)
Aug 12 07:39:30 ns1 snort[13408]: Running in IDS mode
Aug 12 07:39:30 ns1 snort[13408]: 
Aug 12 07:39:30 ns1 snort[13408]:         --== Initializing Snort ==--
Aug 12 07:39:30 ns1 snort[13408]: Initializing Output Plugins!
Aug 12 07:39:30 ns1 snort[13408]: Initializing Preprocessors!
Aug 12 07:39:30 ns1 snort[13408]: Initializing Plug-ins!
Aug 12 07:39:30 ns1 snort[13408]: Parsing Rules file "/etc/snort/snort.conf"
Aug 12 07:39:31 ns1 snort[13408]: PortVar 'HTTP_PORTS' defined :
Aug 12 07:39:31 ns1 snort[13408]:  [ 80 311 591 593 901 1220 1414 1830 2301 2381 2809 3128 3702 5250 7001 7777 7779 8000 8008 8028 8080 8088 8118 8123 8180 8243 8280 8888 9090:9091 9443 9999 11371 ]
Aug 12 07:39:31 ns1 snort[13408]: 
Aug 12 07:39:31 ns1 snort[13408]: PortVar 'SHELLCODE_PORTS' defined :
Aug 12 07:39:31 ns1 snort[13408]:  [ 0:79 81:65535 ]
Aug 12 07:39:31 ns1 snort[13408]: 
Aug 12 07:39:31 ns1 snort[13408]: PortVar 'ORACLE_PORTS' defined :
Aug 12 07:39:31 ns1 snort[13408]:  [ 1024:65535 ]
Aug 12 07:39:31 ns1 snort[13408]: 
Aug 12 07:39:31 ns1 snort[13408]: PortVar 'SSH_PORTS' defined :
Aug 12 07:39:31 ns1 snort[13408]:  [ 22 ]
Aug 12 07:39:31 ns1 snort[13408]: 
Aug 12 07:39:31 ns1 snort[13408]: Detection:
Aug 12 07:39:31 ns1 snort[13408]:    Search-Method = Low-Mem-Q
Aug 12 07:39:31 ns1 snort[13408]:     Search-Method-Optimizations = enabled
Aug 12 07:39:31 ns1 snort[13408]: Found pid path directive (/var/run/snort_venet0.pid)
Aug 12 07:39:31 ns1 snort[13408]: Tagged Packet Limit: 256
Aug 12 07:39:31 ns1 snort[13408]: Loading dynamic engine /usr/lib/snort_dynamicengine/libsf_engine.so...
Aug 12 07:39:31 ns1 snort[13408]: done
Aug 12 07:39:31 ns1 snort[13408]: Loading all dynamic preprocessor libs from /usr/lib/snort_dynamicpreprocessor/...
Aug 12 07:39:31 ns1 snort[13408]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_smtp_preproc.so...
Aug 12 07:39:31 ns1 snort[13408]: done
Aug 12 07:39:31 ns1 snort[13408]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_ftptelnet_preproc.so...
Aug 12 07:39:31 ns1 snort[13408]: done
Aug 12 07:39:31 ns1 snort[13408]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_dns_preproc.so...
Aug 12 07:39:31 ns1 snort[13408]: done
Aug 12 07:39:31 ns1 snort[13408]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_sdf_preproc.so...
Aug 12 07:39:31 ns1 snort[13408]: done
Aug 12 07:39:31 ns1 snort[13408]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_dce2_preproc.so...
Aug 12 07:39:31 ns1 snort[13408]: done
Aug 12 07:39:31 ns1 snort[13408]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_ssl_preproc.so...
Aug 12 07:39:31 ns1 snort[13408]: done
Aug 12 07:39:31 ns1 snort[13408]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_ssh_preproc.so...
Aug 12 07:39:31 ns1 snort[13408]: done
Aug 12 07:39:31 ns1 snort[13408]:   Finished Loading all dynamic preprocessor libs from /usr/lib/snort_dynamicpreprocessor/
Aug 12 07:39:31 ns1 snort[13408]: Log directory = /var/log/snort
Aug 12 07:39:31 ns1 snort[13408]: Frag3 global config:
Aug 12 07:39:31 ns1 snort[13408]:     Max frags: 65536
Aug 12 07:39:31 ns1 snort[13408]:     Fragment memory cap: 4194304 bytes
Aug 12 07:39:31 ns1 snort[13408]: Frag3 engine config:
Aug 12 07:39:31 ns1 snort[13408]:     Target-based policy: WINDOWS
Aug 12 07:39:31 ns1 snort[13408]:     Fragment timeout: 180 seconds
Aug 12 07:39:31 ns1 snort[13408]:     Fragment min_ttl:   1
Aug 12 07:39:31 ns1 snort[13408]:     Fragment Problems: 1
Aug 12 07:39:31 ns1 snort[13408]:     Overlap Limit:     10
Aug 12 07:39:31 ns1 snort[13408]:     Min fragment Length:     100
Aug 12 07:39:31 ns1 snort[13408]: Stream5 global config:
Aug 12 07:39:31 ns1 snort[13408]:     Track TCP sessions: ACTIVE
Aug 12 07:39:31 ns1 snort[13408]:     Max TCP sessions: 8192
Aug 12 07:39:31 ns1 snort[13408]:     Memcap (for reassembly packet storage): 8388608
Aug 12 07:39:31 ns1 snort[13408]:     Track UDP sessions: ACTIVE
Aug 12 07:39:31 ns1 snort[13408]:     Max UDP sessions: 131072
Aug 12 07:39:31 ns1 snort[13408]:     Track ICMP sessions: INACTIVE
Aug 12 07:39:31 ns1 snort[13408]:     Log info if session memory consumption exceeds 1048576
Aug 12 07:39:31 ns1 snort[13408]: Stream5 TCP Policy config:
Aug 12 07:39:31 ns1 snort[13408]:     Reassembly Policy: WINDOWS
Aug 12 07:39:31 ns1 snort[13408]:     Timeout: 180 seconds
Aug 12 07:39:31 ns1 snort[13408]:     Limit on TCP Overlaps: 10
Aug 12 07:39:31 ns1 snort[13408]:     Maximum number of bytes to queue per session: 1048576
Aug 12 07:39:31 ns1 snort[13408]:     Maximum number of segs to queue per session: 2621
Aug 12 07:39:31 ns1 snort[13408]:     Options:
Aug 12 07:39:31 ns1 snort[13408]:         Require 3-Way Handshake: YES
Aug 12 07:39:31 ns1 snort[13408]:         3-Way Handshake Timeout: 180
Aug 12 07:39:31 ns1 snort[13408]:         Detect Anomalies: YES
Aug 12 07:39:31 ns1 snort[13408]:     Reassembly Ports:
Aug 12 07:39:31 ns1 snort[13408]:       21 client (Footprint) 
Aug 12 07:39:31 ns1 snort[13408]:       22 client (Footprint) 
Aug 12 07:39:31 ns1 snort[13408]:       23 client (Footprint) 
Aug 12 07:39:31 ns1 snort[13408]:       25 client (Footprint) 
Aug 12 07:39:31 ns1 snort[13408]:       42 client (Footprint) 
Aug 12 07:39:31 ns1 snort[13408]:       53 client (Footprint) 
Aug 12 07:39:31 ns1 snort[13408]:       79 client (Footprint) 
Aug 12 07:39:31 ns1 snort[13408]:       80 client (Footprint) server (Footprint)
Aug 12 07:39:31 ns1 snort[13408]:       109 client (Footprint) 
Aug 12 07:39:31 ns1 snort[13408]:       110 client (Footprint) 
Aug 12 07:39:31 ns1 snort[13408]:       111 client (Footprint) 
Aug 12 07:39:31 ns1 snort[13408]:       113 client (Footprint) 
Aug 12 07:39:31 ns1 snort[13408]:       119 client (Footprint) 
Aug 12 07:39:31 ns1 snort[13408]:       135 client (Footprint) 
Aug 12 07:39:31 ns1 snort[13408]:       136 client (Footprint) 
Aug 12 07:39:31 ns1 snort[13408]:       137 client (Footprint) 
Aug 12 07:39:31 ns1 snort[13408]:       139 client (Footprint) 
Aug 12 07:39:31 ns1 snort[13408]:       143 client (Footprint) 
Aug 12 07:39:31 ns1 snort[13408]:       161 client (Footprint) 
Aug 12 07:39:31 ns1 snort[13408]:       311 client (Footprint) server (Footprint)
Aug 12 07:39:31 ns1 snort[13408]: Stream5 UDP Policy config:
Aug 12 07:39:31 ns1 snort[13408]:     Timeout: 180 seconds
Aug 12 07:39:31 ns1 snort[13408]: HttpInspect Config:
Aug 12 07:39:31 ns1 snort[13408]:     GLOBAL CONFIG
Aug 12 07:39:31 ns1 snort[13408]:       Max Pipeline Requests:    0
Aug 12 07:39:31 ns1 snort[13408]:       Inspection Type:          STATELESS
Aug 12 07:39:31 ns1 snort[13408]:       Detect Proxy Usage:       NO
Aug 12 07:39:31 ns1 snort[13408]:       IIS Unicode Map Filename: /etc/snort/unicode.map
Aug 12 07:39:31 ns1 snort[13408]:       IIS Unicode Map Codepage: 1252
Aug 12 07:39:31 ns1 snort[13408]: FATAL ERROR: /etc/snort/snort.conf(195) => Invalid keyword 'inspect_gzip' for server configuration.
Aug 12 07:49:32 ns1 snort[7721]: Found pid path directive (/var/run/snort_venet0.pid)
Aug 12 07:49:32 ns1 snort[7721]: Running in IDS mode
Aug 12 07:49:32 ns1 snort[7721]: 
Aug 12 07:49:32 ns1 snort[7721]:         --== Initializing Snort ==--
Aug 12 07:49:32 ns1 snort[7721]: Initializing Output Plugins!
Aug 12 07:49:32 ns1 snort[7721]: Initializing Preprocessors!
Aug 12 07:49:32 ns1 snort[7721]: Initializing Plug-ins!
Aug 12 07:49:32 ns1 snort[7721]: Parsing Rules file "/etc/snort/snort.conf"
Aug 12 07:49:33 ns1 snort[7721]: PortVar 'HTTP_PORTS' defined :
Aug 12 07:49:33 ns1 snort[7721]:  [ 80 311 591 593 901 1220 1414 1830 2301 2381 2809 3128 3702 5250 7001 7777 7779 8000 8008 8028 8080 8088 8118 8123 8180 8243 8280 8888 9090:9091 9443 9999 11371 ]
Aug 12 07:49:33 ns1 snort[7721]: 
Aug 12 07:49:33 ns1 snort[7721]: PortVar 'SHELLCODE_PORTS' defined :
Aug 12 07:49:33 ns1 snort[7721]:  [ 0:79 81:65535 ]
Aug 12 07:49:33 ns1 snort[7721]: 
Aug 12 07:49:33 ns1 snort[7721]: PortVar 'ORACLE_PORTS' defined :
Aug 12 07:49:33 ns1 snort[7721]:  [ 1024:65535 ]
Aug 12 07:49:33 ns1 snort[7721]: 
Aug 12 07:49:33 ns1 snort[7721]: PortVar 'SSH_PORTS' defined :
Aug 12 07:49:33 ns1 snort[7721]:  [ 22 ]
Aug 12 07:49:33 ns1 snort[7721]: 
Aug 12 07:49:33 ns1 snort[7721]: Detection:
Aug 12 07:49:33 ns1 snort[7721]:    Search-Method = Low-Mem-Q
Aug 12 07:49:33 ns1 snort[7721]:     Search-Method-Optimizations = enabled
Aug 12 07:49:33 ns1 snort[7721]: Found pid path directive (/var/run/snort_venet0.pid)
Aug 12 07:49:33 ns1 snort[7721]: Tagged Packet Limit: 256
Aug 12 07:49:33 ns1 snort[7721]: Loading dynamic engine /usr/lib/snort_dynamicengine/libsf_engine.so...
Aug 12 07:49:33 ns1 snort[7721]: done
Aug 12 07:49:33 ns1 snort[7721]: Loading all dynamic preprocessor libs from /usr/lib/snort_dynamicpreprocessor/...
Aug 12 07:49:33 ns1 snort[7721]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_smtp_preproc.so...
Aug 12 07:49:33 ns1 snort[7721]: done
Aug 12 07:49:33 ns1 snort[7721]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_ftptelnet_preproc.so...
Aug 12 07:49:33 ns1 snort[7721]: done
Aug 12 07:49:33 ns1 snort[7721]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_dns_preproc.so...
Aug 12 07:49:33 ns1 snort[7721]: done
Aug 12 07:49:33 ns1 snort[7721]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_sdf_preproc.so...
Aug 12 07:49:33 ns1 snort[7721]: done
Aug 12 07:49:33 ns1 snort[7721]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_dce2_preproc.so...
Aug 12 07:49:33 ns1 snort[7721]: done
Aug 12 07:49:33 ns1 snort[7721]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_ssl_preproc.so...
Aug 12 07:49:33 ns1 snort[7721]: done
Aug 12 07:49:33 ns1 snort[7721]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_ssh_preproc.so...
Aug 12 07:49:33 ns1 snort[7721]: done
Aug 12 07:49:33 ns1 snort[7721]:   Finished Loading all dynamic preprocessor libs from /usr/lib/snort_dynamicpreprocessor/
Aug 12 07:49:33 ns1 snort[7721]: Log directory = /var/log/snort
Aug 12 07:49:33 ns1 snort[7721]: Frag3 global config:
Aug 12 07:49:33 ns1 snort[7721]:     Max frags: 65536
Aug 12 07:49:33 ns1 snort[7721]:     Fragment memory cap: 4194304 bytes
Aug 12 07:49:33 ns1 snort[7721]: Frag3 engine config:
Aug 12 07:49:33 ns1 snort[7721]:     Target-based policy: WINDOWS
Aug 12 07:49:33 ns1 snort[7721]:     Fragment timeout: 180 seconds
Aug 12 07:49:33 ns1 snort[7721]:     Fragment min_ttl:   1
Aug 12 07:49:33 ns1 snort[7721]:     Fragment Problems: 1
Aug 12 07:49:33 ns1 snort[7721]:     Overlap Limit:     10
Aug 12 07:49:33 ns1 snort[7721]:     Min fragment Length:     100
Aug 12 07:49:33 ns1 snort[7721]: Stream5 global config:
Aug 12 07:49:33 ns1 snort[7721]:     Track TCP sessions: ACTIVE
Aug 12 07:49:33 ns1 snort[7721]:     Max TCP sessions: 8192
Aug 12 07:49:33 ns1 snort[7721]:     Memcap (for reassembly packet storage): 8388608
Aug 12 07:49:33 ns1 snort[7721]:     Track UDP sessions: ACTIVE
Aug 12 07:49:33 ns1 snort[7721]:     Max UDP sessions: 131072
Aug 12 07:49:33 ns1 snort[7721]:     Track ICMP sessions: INACTIVE
Aug 12 07:49:33 ns1 snort[7721]:     Log info if session memory consumption exceeds 1048576
Aug 12 07:49:33 ns1 snort[7721]: Stream5 TCP Policy config:
Aug 12 07:49:33 ns1 snort[7721]:     Reassembly Policy: WINDOWS
Aug 12 07:49:33 ns1 snort[7721]:     Timeout: 180 seconds
Aug 12 07:49:33 ns1 snort[7721]:     Limit on TCP Overlaps: 10
Aug 12 07:49:33 ns1 snort[7721]:     Maximum number of bytes to queue per session: 1048576
Aug 12 07:49:33 ns1 snort[7721]:     Maximum number of segs to queue per session: 2621
Aug 12 07:49:33 ns1 snort[7721]:     Options:
Aug 12 07:49:33 ns1 snort[7721]:         Require 3-Way Handshake: YES
Aug 12 07:49:33 ns1 snort[7721]:         3-Way Handshake Timeout: 180
Aug 12 07:49:33 ns1 snort[7721]:         Detect Anomalies: YES
Aug 12 07:49:33 ns1 snort[7721]:     Reassembly Ports:
Aug 12 07:49:33 ns1 snort[7721]:       21 client (Footprint) 
Aug 12 07:49:33 ns1 snort[7721]:       22 client (Footprint) 
Aug 12 07:49:33 ns1 snort[7721]:       23 client (Footprint) 
Aug 12 07:49:33 ns1 snort[7721]:       25 client (Footprint) 
Aug 12 07:49:33 ns1 snort[7721]:       42 client (Footprint) 
Aug 12 07:49:33 ns1 snort[7721]:       53 client (Footprint) 
Aug 12 07:49:33 ns1 snort[7721]:       79 client (Footprint) 
Aug 12 07:49:33 ns1 snort[7721]:       80 client (Footprint) server (Footprint)
Aug 12 07:49:33 ns1 snort[7721]:       109 client (Footprint) 
Aug 12 07:49:33 ns1 snort[7721]:       110 client (Footprint) 
Aug 12 07:49:33 ns1 snort[7721]:       111 client (Footprint) 
Aug 12 07:49:33 ns1 snort[7721]:       113 client (Footprint) 
Aug 12 07:49:33 ns1 snort[7721]:       119 client (Footprint) 
Aug 12 07:49:33 ns1 snort[7721]:       135 client (Footprint) 
Aug 12 07:49:33 ns1 snort[7721]:       136 client (Footprint) 
Aug 12 07:49:33 ns1 snort[7721]:       137 client (Footprint) 
Aug 12 07:49:33 ns1 snort[7721]:       139 client (Footprint) 
Aug 12 07:49:33 ns1 snort[7721]:       143 client (Footprint) 
Aug 12 07:49:33 ns1 snort[7721]:       161 client (Footprint) 
Aug 12 07:49:33 ns1 snort[7721]:       311 client (Footprint) server (Footprint)
Aug 12 07:49:33 ns1 snort[7721]: Stream5 UDP Policy config:
Aug 12 07:49:33 ns1 snort[7721]:     Timeout: 180 seconds
Aug 12 07:49:33 ns1 snort[7721]: HttpInspect Config:
Aug 12 07:49:33 ns1 snort[7721]:     GLOBAL CONFIG
Aug 12 07:49:33 ns1 snort[7721]:       Max Pipeline Requests:    0
Aug 12 07:49:33 ns1 snort[7721]:       Inspection Type:          STATELESS
Aug 12 07:49:33 ns1 snort[7721]:       Detect Proxy Usage:       NO
Aug 12 07:49:33 ns1 snort[7721]:       IIS Unicode Map Filename: /etc/snort/unicode.map
Aug 12 07:49:33 ns1 snort[7721]:       IIS Unicode Map Codepage: 1252
Aug 12 07:49:33 ns1 snort[7721]: FATAL ERROR: /etc/snort/snort.conf(195) => Invalid keyword 'inspect_gzip' for server configuration.
Aug 12 07:59:30 ns1 snort[8135]: Found pid path directive (/var/run/snort_venet0.pid)
Aug 12 07:59:30 ns1 snort[8135]: Running in IDS mode
Aug 12 07:59:30 ns1 snort[8135]: 
Aug 12 07:59:30 ns1 snort[8135]:         --== Initializing Snort ==--
Aug 12 07:59:30 ns1 snort[8135]: Initializing Output Plugins!
Aug 12 07:59:30 ns1 snort[8135]: Initializing Preprocessors!
Aug 12 07:59:30 ns1 snort[8135]: Initializing Plug-ins!
Aug 12 07:59:30 ns1 snort[8135]: Parsing Rules file "/etc/snort/snort.conf"
Aug 12 07:59:31 ns1 snort[8135]: PortVar 'HTTP_PORTS' defined :
Aug 12 07:59:31 ns1 snort[8135]:  [ 80 311 591 593 901 1220 1414 1830 2301 2381 2809 3128 3702 5250 7001 7777 7779 8000 8008 8028 8080 8088 8118 8123 8180 8243 8280 8888 9090:9091 9443 9999 11371 ]
Aug 12 07:59:31 ns1 snort[8135]: 
Aug 12 07:59:31 ns1 snort[8135]: PortVar 'SHELLCODE_PORTS' defined :
Aug 12 07:59:31 ns1 snort[8135]:  [ 0:79 81:65535 ]
Aug 12 07:59:31 ns1 snort[8135]: 
Aug 12 07:59:31 ns1 snort[8135]: PortVar 'ORACLE_PORTS' defined :
Aug 12 07:59:31 ns1 snort[8135]:  [ 1024:65535 ]
Aug 12 07:59:31 ns1 snort[8135]: 
Aug 12 07:59:31 ns1 snort[8135]: PortVar 'SSH_PORTS' defined :
Aug 12 07:59:31 ns1 snort[8135]:  [ 22 ]
Aug 12 07:59:31 ns1 snort[8135]: 
Aug 12 07:59:31 ns1 snort[8135]: Detection:
Aug 12 07:59:31 ns1 snort[8135]:    Search-Method = Low-Mem-Q
Aug 12 07:59:31 ns1 snort[8135]:     Search-Method-Optimizations = enabled
Aug 12 07:59:31 ns1 snort[8135]: Found pid path directive (/var/run/snort_venet0.pid)
Aug 12 07:59:31 ns1 snort[8135]: Tagged Packet Limit: 256
Aug 12 07:59:31 ns1 snort[8135]: Loading dynamic engine /usr/lib/snort_dynamicengine/libsf_engine.so...
Aug 12 07:59:31 ns1 snort[8135]: done
Aug 12 07:59:31 ns1 snort[8135]: Loading all dynamic preprocessor libs from /usr/lib/snort_dynamicpreprocessor/...
Aug 12 07:59:31 ns1 snort[8135]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_smtp_preproc.so...
Aug 12 07:59:31 ns1 snort[8135]: done
Aug 12 07:59:31 ns1 snort[8135]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_ftptelnet_preproc.so...
Aug 12 07:59:31 ns1 snort[8135]: done
Aug 12 07:59:31 ns1 snort[8135]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_dns_preproc.so...
Aug 12 07:59:31 ns1 snort[8135]: done
Aug 12 07:59:31 ns1 snort[8135]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_sdf_preproc.so...
Aug 12 07:59:31 ns1 snort[8135]: done
Aug 12 07:59:31 ns1 snort[8135]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_dce2_preproc.so...
Aug 12 07:59:31 ns1 snort[8135]: done
Aug 12 07:59:31 ns1 snort[8135]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_ssl_preproc.so...
Aug 12 07:59:31 ns1 snort[8135]: done
Aug 12 07:59:31 ns1 snort[8135]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_ssh_preproc.so...
Aug 12 07:59:31 ns1 snort[8135]: done
Aug 12 07:59:31 ns1 snort[8135]:   Finished Loading all dynamic preprocessor libs from /usr/lib/snort_dynamicpreprocessor/
Aug 12 07:59:31 ns1 snort[8135]: Log directory = /var/log/snort
Aug 12 07:59:31 ns1 snort[8135]: Frag3 global config:
Aug 12 07:59:31 ns1 snort[8135]:     Max frags: 65536
Aug 12 07:59:31 ns1 snort[8135]:     Fragment memory cap: 4194304 bytes
Aug 12 07:59:31 ns1 snort[8135]: Frag3 engine config:
Aug 12 07:59:31 ns1 snort[8135]:     Target-based policy: WINDOWS
Aug 12 07:59:31 ns1 snort[8135]:     Fragment timeout: 180 seconds
Aug 12 07:59:31 ns1 snort[8135]:     Fragment min_ttl:   1
Aug 12 07:59:31 ns1 snort[8135]:     Fragment Problems: 1
Aug 12 07:59:31 ns1 snort[8135]:     Overlap Limit:     10
Aug 12 07:59:31 ns1 snort[8135]:     Min fragment Length:     100
Aug 12 07:59:31 ns1 snort[8135]: Stream5 global config:
Aug 12 07:59:31 ns1 snort[8135]:     Track TCP sessions: ACTIVE
Aug 12 07:59:31 ns1 snort[8135]:     Max TCP sessions: 8192
Aug 12 07:59:31 ns1 snort[8135]:     Memcap (for reassembly packet storage): 8388608
Aug 12 07:59:31 ns1 snort[8135]:     Track UDP sessions: ACTIVE
Aug 12 07:59:31 ns1 snort[8135]:     Max UDP sessions: 131072
Aug 12 07:59:31 ns1 snort[8135]:     Track ICMP sessions: INACTIVE
Aug 12 07:59:31 ns1 snort[8135]:     Log info if session memory consumption exceeds 1048576
Aug 12 07:59:31 ns1 snort[8135]: Stream5 TCP Policy config:
Aug 12 07:59:31 ns1 snort[8135]:     Reassembly Policy: WINDOWS
Aug 12 07:59:31 ns1 snort[8135]:     Timeout: 180 seconds
Aug 12 07:59:31 ns1 snort[8135]:     Limit on TCP Overlaps: 10
Aug 12 07:59:31 ns1 snort[8135]:     Maximum number of bytes to queue per session: 1048576
Aug 12 07:59:31 ns1 snort[8135]:     Maximum number of segs to queue per session: 2621
Aug 12 07:59:31 ns1 snort[8135]:     Options:
Aug 12 07:59:31 ns1 snort[8135]:         Require 3-Way Handshake: YES
Aug 12 07:59:31 ns1 snort[8135]:         3-Way Handshake Timeout: 180
Aug 12 07:59:31 ns1 snort[8135]:         Detect Anomalies: YES
Aug 12 07:59:31 ns1 snort[8135]:     Reassembly Ports:
Aug 12 07:59:31 ns1 snort[8135]:       21 client (Footprint) 
Aug 12 07:59:31 ns1 snort[8135]:       22 client (Footprint) 
Aug 12 07:59:31 ns1 snort[8135]:       23 client (Footprint) 
Aug 12 07:59:31 ns1 snort[8135]:       25 client (Footprint) 
Aug 12 07:59:31 ns1 snort[8135]:       42 client (Footprint) 
Aug 12 07:59:31 ns1 snort[8135]:       53 client (Footprint) 
Aug 12 07:59:31 ns1 snort[8135]:       79 client (Footprint) 
Aug 12 07:59:31 ns1 snort[8135]:       80 client (Footprint) server (Footprint)
Aug 12 07:59:31 ns1 snort[8135]:       109 client (Footprint) 
Aug 12 07:59:31 ns1 snort[8135]:       110 client (Footprint) 
Aug 12 07:59:31 ns1 snort[8135]:       111 client (Footprint) 
Aug 12 07:59:31 ns1 snort[8135]:       113 client (Footprint) 
Aug 12 07:59:31 ns1 snort[8135]:       119 client (Footprint) 
Aug 12 07:59:31 ns1 snort[8135]:       135 client (Footprint) 
Aug 12 07:59:31 ns1 snort[8135]:       136 client (Footprint) 
Aug 12 07:59:31 ns1 snort[8135]:       137 client (Footprint) 
Aug 12 07:59:31 ns1 snort[8135]:       139 client (Footprint) 
Aug 12 07:59:31 ns1 snort[8135]:       143 client (Footprint) 
Aug 12 07:59:31 ns1 snort[8135]:       161 client (Footprint) 
Aug 12 07:59:31 ns1 snort[8135]:       311 client (Footprint) server (Footprint)
Aug 12 07:59:31 ns1 snort[8135]: Stream5 UDP Policy config:
Aug 12 07:59:31 ns1 snort[8135]:     Timeout: 180 seconds
Aug 12 07:59:31 ns1 snort[8135]: HttpInspect Config:
Aug 12 07:59:31 ns1 snort[8135]:     GLOBAL CONFIG
Aug 12 07:59:31 ns1 snort[8135]:       Max Pipeline Requests:    0
Aug 12 07:59:31 ns1 snort[8135]:       Inspection Type:          STATELESS
Aug 12 07:59:31 ns1 snort[8135]:       Detect Proxy Usage:       NO
Aug 12 07:59:31 ns1 snort[8135]:       IIS Unicode Map Filename: /etc/snort/unicode.map
Aug 12 07:59:31 ns1 snort[8135]:       IIS Unicode Map Codepage: 1252
Aug 12 07:59:31 ns1 snort[8135]: FATAL ERROR: /etc/snort/snort.conf(195) => Invalid keyword 'inspect_gzip' for server configuration.
Aug 12 08:09:33 ns1 snort[5324]: Found pid path directive (/var/run/snort_venet0.pid)
Aug 12 08:09:33 ns1 snort[5324]: Running in IDS mode
Aug 12 08:09:33 ns1 snort[5324]: 
Aug 12 08:09:33 ns1 snort[5324]:         --== Initializing Snort ==--
Aug 12 08:09:33 ns1 snort[5324]: Initializing Output Plugins!
Aug 12 08:09:33 ns1 snort[5324]: Initializing Preprocessors!
Aug 12 08:09:33 ns1 snort[5324]: Initializing Plug-ins!
Aug 12 08:09:33 ns1 snort[5324]: Parsing Rules file "/etc/snort/snort.conf"
Aug 12 08:09:33 ns1 snort[5324]: PortVar 'HTTP_PORTS' defined :
Aug 12 08:09:33 ns1 snort[5324]:  [ 80 311 591 593 901 1220 1414 1830 2301 2381 2809 3128 3702 5250 7001 7777 7779 8000 8008 8028 8080 8088 8118 8123 8180 8243 8280 8888 9090:9091 9443 9999 11371 ]
Aug 12 08:09:33 ns1 snort[5324]: 
Aug 12 08:09:33 ns1 snort[5324]: PortVar 'SHELLCODE_PORTS' defined :
Aug 12 08:09:33 ns1 snort[5324]:  [ 0:79 81:65535 ]
Aug 12 08:09:33 ns1 snort[5324]: 
Aug 12 08:09:33 ns1 snort[5324]: PortVar 'ORACLE_PORTS' defined :
Aug 12 08:09:33 ns1 snort[5324]:  [ 1024:65535 ]
Aug 12 08:09:33 ns1 snort[5324]: 
Aug 12 08:09:33 ns1 snort[5324]: PortVar 'SSH_PORTS' defined :
Aug 12 08:09:33 ns1 snort[5324]:  [ 22 ]
Aug 12 08:09:33 ns1 snort[5324]: 
Aug 12 08:09:33 ns1 snort[5324]: Detection:
Aug 12 08:09:33 ns1 snort[5324]:    Search-Method = Low-Mem-Q
Aug 12 08:09:33 ns1 snort[5324]:     Search-Method-Optimizations = enabled
Aug 12 08:09:33 ns1 snort[5324]: Found pid path directive (/var/run/snort_venet0.pid)
Aug 12 08:09:33 ns1 snort[5324]: Tagged Packet Limit: 256
Aug 12 08:09:33 ns1 snort[5324]: Loading dynamic engine /usr/lib/snort_dynamicengine/libsf_engine.so...
Aug 12 08:09:33 ns1 snort[5324]: done
Aug 12 08:09:33 ns1 snort[5324]: Loading all dynamic preprocessor libs from /usr/lib/snort_dynamicpreprocessor/...
Aug 12 08:09:33 ns1 snort[5324]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_smtp_preproc.so...
Aug 12 08:09:33 ns1 snort[5324]: done
Aug 12 08:09:33 ns1 snort[5324]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_ftptelnet_preproc.so...
Aug 12 08:09:33 ns1 snort[5324]: done
Aug 12 08:09:33 ns1 snort[5324]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_dns_preproc.so...
Aug 12 08:09:33 ns1 snort[5324]: done
Aug 12 08:09:33 ns1 snort[5324]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_sdf_preproc.so...
Aug 12 08:09:33 ns1 snort[5324]: done
Aug 12 08:09:33 ns1 snort[5324]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_dce2_preproc.so...
Aug 12 08:09:33 ns1 snort[5324]: done
Aug 12 08:09:33 ns1 snort[5324]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_ssl_preproc.so...
Aug 12 08:09:33 ns1 snort[5324]: done
Aug 12 08:09:33 ns1 snort[5324]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_ssh_preproc.so...
Aug 12 08:09:33 ns1 snort[5324]: done
Aug 12 08:09:33 ns1 snort[5324]:   Finished Loading all dynamic preprocessor libs from /usr/lib/snort_dynamicpreprocessor/
Aug 12 08:09:33 ns1 snort[5324]: Log directory = /var/log/snort
Aug 12 08:09:33 ns1 snort[5324]: Frag3 global config:
Aug 12 08:09:33 ns1 snort[5324]:     Max frags: 65536
Aug 12 08:09:33 ns1 snort[5324]:     Fragment memory cap: 4194304 bytes
Aug 12 08:09:33 ns1 snort[5324]: Frag3 engine config:
Aug 12 08:09:33 ns1 snort[5324]:     Target-based policy: WINDOWS
Aug 12 08:09:33 ns1 snort[5324]:     Fragment timeout: 180 seconds
Aug 12 08:09:33 ns1 snort[5324]:     Fragment min_ttl:   1
Aug 12 08:09:33 ns1 snort[5324]:     Fragment Problems: 1
Aug 12 08:09:33 ns1 snort[5324]:     Overlap Limit:     10
Aug 12 08:09:33 ns1 snort[5324]:     Min fragment Length:     100
Aug 12 08:09:33 ns1 snort[5324]: Stream5 global config:
Aug 12 08:09:33 ns1 snort[5324]:     Track TCP sessions: ACTIVE
Aug 12 08:09:33 ns1 snort[5324]:     Max TCP sessions: 8192
Aug 12 08:09:33 ns1 snort[5324]:     Memcap (for reassembly packet storage): 8388608
Aug 12 08:09:33 ns1 snort[5324]:     Track UDP sessions: ACTIVE
Aug 12 08:09:33 ns1 snort[5324]:     Max UDP sessions: 131072
Aug 12 08:09:33 ns1 snort[5324]:     Track ICMP sessions: INACTIVE
Aug 12 08:09:33 ns1 snort[5324]:     Log info if session memory consumption exceeds 1048576
Aug 12 08:09:33 ns1 snort[5324]: Stream5 TCP Policy config:
Aug 12 08:09:33 ns1 snort[5324]:     Reassembly Policy: WINDOWS
Aug 12 08:09:33 ns1 snort[5324]:     Timeout: 180 seconds
Aug 12 08:09:33 ns1 snort[5324]:     Limit on TCP Overlaps: 10
Aug 12 08:09:33 ns1 snort[5324]:     Maximum number of bytes to queue per session: 1048576
Aug 12 08:09:33 ns1 snort[5324]:     Maximum number of segs to queue per session: 2621
Aug 12 08:09:33 ns1 snort[5324]:     Options:
Aug 12 08:09:33 ns1 snort[5324]:         Require 3-Way Handshake: YES
Aug 12 08:09:33 ns1 snort[5324]:         3-Way Handshake Timeout: 180
Aug 12 08:09:33 ns1 snort[5324]:         Detect Anomalies: YES
Aug 12 08:09:33 ns1 snort[5324]:     Reassembly Ports:
Aug 12 08:09:33 ns1 snort[5324]:       21 client (Footprint) 
Aug 12 08:09:33 ns1 snort[5324]:       22 client (Footprint) 
Aug 12 08:09:33 ns1 snort[5324]:       23 client (Footprint) 
Aug 12 08:09:33 ns1 snort[5324]:       25 client (Footprint) 
Aug 12 08:09:33 ns1 snort[5324]:       42 client (Footprint) 
Aug 12 08:09:33 ns1 snort[5324]:       53 client (Footprint) 
Aug 12 08:09:33 ns1 snort[5324]:       79 client (Footprint) 
Aug 12 08:09:33 ns1 snort[5324]:       80 client (Footprint) server (Footprint)
Aug 12 08:09:33 ns1 snort[5324]:       109 client (Footprint) 
Aug 12 08:09:33 ns1 snort[5324]:       110 client (Footprint) 
Aug 12 08:09:33 ns1 snort[5324]:       111 client (Footprint) 
Aug 12 08:09:33 ns1 snort[5324]:       113 client (Footprint) 
Aug 12 08:09:33 ns1 snort[5324]:       119 client (Footprint) 
Aug 12 08:09:33 ns1 snort[5324]:       135 client (Footprint) 
Aug 12 08:09:33 ns1 snort[5324]:       136 client (Footprint) 
Aug 12 08:09:33 ns1 snort[5324]:       137 client (Footprint) 
Aug 12 08:09:33 ns1 snort[5324]:       139 client (Footprint) 
Aug 12 08:09:33 ns1 snort[5324]:       143 client (Footprint) 
Aug 12 08:09:33 ns1 snort[5324]:       161 client (Footprint) 
Aug 12 08:09:33 ns1 snort[5324]:       311 client (Footprint) server (Footprint)
Aug 12 08:09:33 ns1 snort[5324]: Stream5 UDP Policy config:
Aug 12 08:09:33 ns1 snort[5324]:     Timeout: 180 seconds
Aug 12 08:09:33 ns1 snort[5324]: HttpInspect Config:
Aug 12 08:09:33 ns1 snort[5324]:     GLOBAL CONFIG
Aug 12 08:09:33 ns1 snort[5324]:       Max Pipeline Requests:    0
Aug 12 08:09:33 ns1 snort[5324]:       Inspection Type:          STATELESS
Aug 12 08:09:33 ns1 snort[5324]:       Detect Proxy Usage:       NO
Aug 12 08:09:33 ns1 snort[5324]:       IIS Unicode Map Filename: /etc/snort/unicode.map
Aug 12 08:09:33 ns1 snort[5324]:       IIS Unicode Map Codepage: 1252
Aug 12 08:09:33 ns1 snort[5324]: FATAL ERROR: /etc/snort/snort.conf(195) => Invalid keyword 'inspect_gzip' for server configuration.
Aug 12 08:19:30 ns1 snort[30249]: Found pid path directive (/var/run/snort_venet0.pid)
Aug 12 08:19:30 ns1 snort[30249]: Running in IDS mode
Aug 12 08:19:30 ns1 snort[30249]: 
Aug 12 08:19:30 ns1 snort[30249]:         --== Initializing Snort ==--
Aug 12 08:19:30 ns1 snort[30249]: Initializing Output Plugins!
Aug 12 08:19:30 ns1 snort[30249]: Initializing Preprocessors!
Aug 12 08:19:30 ns1 snort[30249]: Initializing Plug-ins!
Aug 12 08:19:30 ns1 snort[30249]: Parsing Rules file "/etc/snort/snort.conf"
Aug 12 08:19:30 ns1 snort[30249]: PortVar 'HTTP_PORTS' defined :
Aug 12 08:19:30 ns1 snort[30249]:  [ 80 311 591 593 901 1220 1414 1830 2301 2381 2809 3128 3702 5250 7001 7777 7779 8000 8008 8028 8080 8088 8118 8123 8180 8243 8280 8888 9090:9091 9443 9999 11371 ]
Aug 12 08:19:30 ns1 snort[30249]: 
Aug 12 08:19:30 ns1 snort[30249]: PortVar 'SHELLCODE_PORTS' defined :
Aug 12 08:19:30 ns1 snort[30249]:  [ 0:79 81:65535 ]
Aug 12 08:19:30 ns1 snort[30249]: 
Aug 12 08:19:30 ns1 snort[30249]: PortVar 'ORACLE_PORTS' defined :
Aug 12 08:19:30 ns1 snort[30249]:  [ 1024:65535 ]
Aug 12 08:19:30 ns1 snort[30249]: 
Aug 12 08:19:30 ns1 snort[30249]: PortVar 'SSH_PORTS' defined :
Aug 12 08:19:30 ns1 snort[30249]:  [ 22 ]
Aug 12 08:19:30 ns1 snort[30249]: 
Aug 12 08:19:30 ns1 snort[30249]: Detection:
Aug 12 08:19:30 ns1 snort[30249]:    Search-Method = Low-Mem-Q
Aug 12 08:19:30 ns1 snort[30249]:     Search-Method-Optimizations = enabled
Aug 12 08:19:30 ns1 snort[30249]: Found pid path directive (/var/run/snort_venet0.pid)
Aug 12 08:19:30 ns1 snort[30249]: Tagged Packet Limit: 256
Aug 12 08:19:30 ns1 snort[30249]: Loading dynamic engine /usr/lib/snort_dynamicengine/libsf_engine.so...
Aug 12 08:19:30 ns1 snort[30249]: done
Aug 12 08:19:30 ns1 snort[30249]: Loading all dynamic preprocessor libs from /usr/lib/snort_dynamicpreprocessor/...
Aug 12 08:19:30 ns1 snort[30249]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_smtp_preproc.so...
Aug 12 08:19:30 ns1 snort[30249]: done
Aug 12 08:19:30 ns1 snort[30249]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_ftptelnet_preproc.so...
Aug 12 08:19:30 ns1 snort[30249]: done
Aug 12 08:19:30 ns1 snort[30249]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_dns_preproc.so...
Aug 12 08:19:30 ns1 snort[30249]: done
Aug 12 08:19:30 ns1 snort[30249]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_sdf_preproc.so...
Aug 12 08:19:30 ns1 snort[30249]: done
Aug 12 08:19:30 ns1 snort[30249]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_dce2_preproc.so...
Aug 12 08:19:30 ns1 snort[30249]: done
Aug 12 08:19:30 ns1 snort[30249]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_ssl_preproc.so...
Aug 12 08:19:30 ns1 snort[30249]: done
Aug 12 08:19:30 ns1 snort[30249]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_ssh_preproc.so...
Aug 12 08:19:30 ns1 snort[30249]: done
Aug 12 08:19:30 ns1 snort[30249]:   Finished Loading all dynamic preprocessor libs from /usr/lib/snort_dynamicpreprocessor/
Aug 12 08:19:30 ns1 snort[30249]: Log directory = /var/log/snort
Aug 12 08:19:30 ns1 snort[30249]: Frag3 global config:
Aug 12 08:19:30 ns1 snort[30249]:     Max frags: 65536
Aug 12 08:19:30 ns1 snort[30249]:     Fragment memory cap: 4194304 bytes
Aug 12 08:19:30 ns1 snort[30249]: Frag3 engine config:
Aug 12 08:19:30 ns1 snort[30249]:     Target-based policy: WINDOWS
Aug 12 08:19:30 ns1 snort[30249]:     Fragment timeout: 180 seconds
Aug 12 08:19:30 ns1 snort[30249]:     Fragment min_ttl:   1
Aug 12 08:19:30 ns1 snort[30249]:     Fragment Problems: 1
Aug 12 08:19:30 ns1 snort[30249]:     Overlap Limit:     10
Aug 12 08:19:30 ns1 snort[30249]:     Min fragment Length:     100
Aug 12 08:19:30 ns1 snort[30249]: Stream5 global config:
Aug 12 08:19:30 ns1 snort[30249]:     Track TCP sessions: ACTIVE
Aug 12 08:19:30 ns1 snort[30249]:     Max TCP sessions: 8192
Aug 12 08:19:30 ns1 snort[30249]:     Memcap (for reassembly packet storage): 8388608
Aug 12 08:19:30 ns1 snort[30249]:     Track UDP sessions: ACTIVE
Aug 12 08:19:30 ns1 snort[30249]:     Max UDP sessions: 131072
Aug 12 08:19:30 ns1 snort[30249]:     Track ICMP sessions: INACTIVE
Aug 12 08:19:30 ns1 snort[30249]:     Log info if session memory consumption exceeds 1048576
Aug 12 08:19:30 ns1 snort[30249]: Stream5 TCP Policy config:
Aug 12 08:19:30 ns1 snort[30249]:     Reassembly Policy: WINDOWS
Aug 12 08:19:30 ns1 snort[30249]:     Timeout: 180 seconds
Aug 12 08:19:30 ns1 snort[30249]:     Limit on TCP Overlaps: 10
Aug 12 08:19:30 ns1 snort[30249]:     Maximum number of bytes to queue per session: 1048576
Aug 12 08:19:30 ns1 snort[30249]:     Maximum number of segs to queue per session: 2621
Aug 12 08:19:30 ns1 snort[30249]:     Options:
Aug 12 08:19:30 ns1 snort[30249]:         Require 3-Way Handshake: YES
Aug 12 08:19:30 ns1 snort[30249]:         3-Way Handshake Timeout: 180
Aug 12 08:19:30 ns1 snort[30249]:         Detect Anomalies: YES
Aug 12 08:19:30 ns1 snort[30249]:     Reassembly Ports:
Aug 12 08:19:30 ns1 snort[30249]:       21 client (Footprint) 
Aug 12 08:19:30 ns1 snort[30249]:       22 client (Footprint) 
Aug 12 08:19:30 ns1 snort[30249]:       23 client (Footprint) 
Aug 12 08:19:30 ns1 snort[30249]:       25 client (Footprint) 
Aug 12 08:19:30 ns1 snort[30249]:       42 client (Footprint) 
Aug 12 08:19:30 ns1 snort[30249]:       53 client (Footprint) 
Aug 12 08:19:30 ns1 snort[30249]:       79 client (Footprint) 
Aug 12 08:19:30 ns1 snort[30249]:       80 client (Footprint) server (Footprint)
Aug 12 08:19:30 ns1 snort[30249]:       109 client (Footprint) 
Aug 12 08:19:30 ns1 snort[30249]:       110 client (Footprint) 
Aug 12 08:19:30 ns1 snort[30249]:       111 client (Footprint) 
Aug 12 08:19:30 ns1 snort[30249]:       113 client (Footprint) 
Aug 12 08:19:30 ns1 snort[30249]:       119 client (Footprint) 
Aug 12 08:19:30 ns1 snort[30249]:       135 client (Footprint) 
Aug 12 08:19:30 ns1 snort[30249]:       136 client (Footprint) 
Aug 12 08:19:30 ns1 snort[30249]:       137 client (Footprint) 
Aug 12 08:19:30 ns1 snort[30249]:       139 client (Footprint) 
Aug 12 08:19:30 ns1 snort[30249]:       143 client (Footprint) 
Aug 12 08:19:30 ns1 snort[30249]:       161 client (Footprint) 
Aug 12 08:19:30 ns1 snort[30249]:       311 client (Footprint) server (Footprint)
Aug 12 08:19:30 ns1 snort[30249]: Stream5 UDP Policy config:
Aug 12 08:19:30 ns1 snort[30249]:     Timeout: 180 seconds
Aug 12 08:19:30 ns1 snort[30249]: HttpInspect Config:
Aug 12 08:19:30 ns1 snort[30249]:     GLOBAL CONFIG
Aug 12 08:19:30 ns1 snort[30249]:       Max Pipeline Requests:    0
Aug 12 08:19:30 ns1 snort[30249]:       Inspection Type:          STATELESS
Aug 12 08:19:30 ns1 snort[30249]:       Detect Proxy Usage:       NO
Aug 12 08:19:30 ns1 snort[30249]:       IIS Unicode Map Filename: /etc/snort/unicode.map
Aug 12 08:19:30 ns1 snort[30249]:       IIS Unicode Map Codepage: 1252
Aug 12 08:19:30 ns1 snort[30249]: FATAL ERROR: /etc/snort/snort.conf(195) => Invalid keyword 'inspect_gzip' for server configuration.
Aug 12 08:29:32 ns1 snort[23900]: Found pid path directive (/var/run/snort_venet0.pid)
Aug 12 08:29:32 ns1 snort[23900]: Running in IDS mode
Aug 12 08:29:32 ns1 snort[23900]: 
Aug 12 08:29:32 ns1 snort[23900]:         --== Initializing Snort ==--
Aug 12 08:29:32 ns1 snort[23900]: Initializing Output Plugins!
Aug 12 08:29:32 ns1 snort[23900]: Initializing Preprocessors!
Aug 12 08:29:32 ns1 snort[23900]: Initializing Plug-ins!
Aug 12 08:29:32 ns1 snort[23900]: Parsing Rules file "/etc/snort/snort.conf"
Aug 12 08:29:32 ns1 snort[23900]: PortVar 'HTTP_PORTS' defined :
Aug 12 08:29:32 ns1 snort[23900]:  [ 80 311 591 593 901 1220 1414 1830 2301 2381 2809 3128 3702 5250 7001 7777 7779 8000 8008 8028 8080 8088 8118 8123 8180 8243 8280 8888 9090:9091 9443 9999 11371 ]
Aug 12 08:29:32 ns1 snort[23900]: 
Aug 12 08:29:32 ns1 snort[23900]: PortVar 'SHELLCODE_PORTS' defined :
Aug 12 08:29:32 ns1 snort[23900]:  [ 0:79 81:65535 ]
Aug 12 08:29:32 ns1 snort[23900]: 
Aug 12 08:29:32 ns1 snort[23900]: PortVar 'ORACLE_PORTS' defined :
Aug 12 08:29:32 ns1 snort[23900]:  [ 1024:65535 ]
Aug 12 08:29:32 ns1 snort[23900]: 
Aug 12 08:29:32 ns1 snort[23900]: PortVar 'SSH_PORTS' defined :
Aug 12 08:29:32 ns1 snort[23900]:  [ 22 ]
Aug 12 08:29:32 ns1 snort[23900]: 
Aug 12 08:29:32 ns1 snort[23900]: Detection:
Aug 12 08:29:32 ns1 snort[23900]:    Search-Method = Low-Mem-Q
Aug 12 08:29:32 ns1 snort[23900]:     Search-Method-Optimizations = enabled
Aug 12 08:29:32 ns1 snort[23900]: Found pid path directive (/var/run/snort_venet0.pid)
Aug 12 08:29:32 ns1 snort[23900]: Tagged Packet Limit: 256
Aug 12 08:29:32 ns1 snort[23900]: Loading dynamic engine /usr/lib/snort_dynamicengine/libsf_engine.so...
Aug 12 08:29:32 ns1 snort[23900]: done
Aug 12 08:29:32 ns1 snort[23900]: Loading all dynamic preprocessor libs from /usr/lib/snort_dynamicpreprocessor/...
Aug 12 08:29:32 ns1 snort[23900]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_smtp_preproc.so...
Aug 12 08:29:32 ns1 snort[23900]: done
Aug 12 08:29:32 ns1 snort[23900]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_ftptelnet_preproc.so...
Aug 12 08:29:32 ns1 snort[23900]: done
Aug 12 08:29:32 ns1 snort[23900]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_dns_preproc.so...
Aug 12 08:29:32 ns1 snort[23900]: done
Aug 12 08:29:32 ns1 snort[23900]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_sdf_preproc.so...
Aug 12 08:29:32 ns1 snort[23900]: done
Aug 12 08:29:32 ns1 snort[23900]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_dce2_preproc.so...
Aug 12 08:29:32 ns1 snort[23900]: done
Aug 12 08:29:32 ns1 snort[23900]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_ssl_preproc.so...
Aug 12 08:29:32 ns1 snort[23900]: done
Aug 12 08:29:32 ns1 snort[23900]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_ssh_preproc.so...
Aug 12 08:29:32 ns1 snort[23900]: done
Aug 12 08:29:32 ns1 snort[23900]:   Finished Loading all dynamic preprocessor libs from /usr/lib/snort_dynamicpreprocessor/
Aug 12 08:29:32 ns1 snort[23900]: Log directory = /var/log/snort
Aug 12 08:29:32 ns1 snort[23900]: Frag3 global config:
Aug 12 08:29:32 ns1 snort[23900]:     Max frags: 65536
Aug 12 08:29:32 ns1 snort[23900]:     Fragment memory cap: 4194304 bytes
Aug 12 08:29:32 ns1 snort[23900]: Frag3 engine config:
Aug 12 08:29:32 ns1 snort[23900]:     Target-based policy: WINDOWS
Aug 12 08:29:32 ns1 snort[23900]:     Fragment timeout: 180 seconds
Aug 12 08:29:32 ns1 snort[23900]:     Fragment min_ttl:   1
Aug 12 08:29:32 ns1 snort[23900]:     Fragment Problems: 1
Aug 12 08:29:32 ns1 snort[23900]:     Overlap Limit:     10
Aug 12 08:29:32 ns1 snort[23900]:     Min fragment Length:     100
Aug 12 08:29:32 ns1 snort[23900]: Stream5 global config:
Aug 12 08:29:32 ns1 snort[23900]:     Track TCP sessions: ACTIVE
Aug 12 08:29:32 ns1 snort[23900]:     Max TCP sessions: 8192
Aug 12 08:29:32 ns1 snort[23900]:     Memcap (for reassembly packet storage): 8388608
Aug 12 08:29:32 ns1 snort[23900]:     Track UDP sessions: ACTIVE
Aug 12 08:29:32 ns1 snort[23900]:     Max UDP sessions: 131072
Aug 12 08:29:32 ns1 snort[23900]:     Track ICMP sessions: INACTIVE
Aug 12 08:29:32 ns1 snort[23900]:     Log info if session memory consumption exceeds 1048576
Aug 12 08:29:32 ns1 snort[23900]: Stream5 TCP Policy config:
Aug 12 08:29:32 ns1 snort[23900]:     Reassembly Policy: WINDOWS
Aug 12 08:29:32 ns1 snort[23900]:     Timeout: 180 seconds
Aug 12 08:29:32 ns1 snort[23900]:     Limit on TCP Overlaps: 10
Aug 12 08:29:32 ns1 snort[23900]:     Maximum number of bytes to queue per session: 1048576
Aug 12 08:29:32 ns1 snort[23900]:     Maximum number of segs to queue per session: 2621
Aug 12 08:29:32 ns1 snort[23900]:     Options:
Aug 12 08:29:32 ns1 snort[23900]:         Require 3-Way Handshake: YES
Aug 12 08:29:32 ns1 snort[23900]:         3-Way Handshake Timeout: 180
Aug 12 08:29:32 ns1 snort[23900]:         Detect Anomalies: YES
Aug 12 08:29:32 ns1 snort[23900]:     Reassembly Ports:
Aug 12 08:29:32 ns1 snort[23900]:       21 client (Footprint) 
Aug 12 08:29:32 ns1 snort[23900]:       22 client (Footprint) 
Aug 12 08:29:32 ns1 snort[23900]:       23 client (Footprint) 
Aug 12 08:29:32 ns1 snort[23900]:       25 client (Footprint) 
Aug 12 08:29:32 ns1 snort[23900]:       42 client (Footprint) 
Aug 12 08:29:32 ns1 snort[23900]:       53 client (Footprint) 
Aug 12 08:29:32 ns1 snort[23900]:       79 client (Footprint) 
Aug 12 08:29:32 ns1 snort[23900]:       80 client (Footprint) server (Footprint)
Aug 12 08:29:32 ns1 snort[23900]:       109 client (Footprint) 
Aug 12 08:29:32 ns1 snort[23900]:       110 client (Footprint) 
Aug 12 08:29:32 ns1 snort[23900]:       111 client (Footprint) 
Aug 12 08:29:32 ns1 snort[23900]:       113 client (Footprint) 
Aug 12 08:29:32 ns1 snort[23900]:       119 client (Footprint) 
Aug 12 08:29:32 ns1 snort[23900]:       135 client (Footprint) 
Aug 12 08:29:32 ns1 snort[23900]:       136 client (Footprint) 
Aug 12 08:29:32 ns1 snort[23900]:       137 client (Footprint) 
Aug 12 08:29:32 ns1 snort[23900]:       139 client (Footprint) 
Aug 12 08:29:32 ns1 snort[23900]:       143 client (Footprint) 
Aug 12 08:29:32 ns1 snort[23900]:       161 client (Footprint) 
Aug 12 08:29:32 ns1 snort[23900]:       311 client (Footprint) server (Footprint)
Aug 12 08:29:32 ns1 snort[23900]: Stream5 UDP Policy config:
Aug 12 08:29:32 ns1 snort[23900]:     Timeout: 180 seconds
Aug 12 08:29:32 ns1 snort[23900]: HttpInspect Config:
Aug 12 08:29:32 ns1 snort[23900]:     GLOBAL CONFIG
Aug 12 08:29:32 ns1 snort[23900]:       Max Pipeline Requests:    0
Aug 12 08:29:32 ns1 snort[23900]:       Inspection Type:          STATELESS
Aug 12 08:29:32 ns1 snort[23900]:       Detect Proxy Usage:       NO
Aug 12 08:29:32 ns1 snort[23900]:       IIS Unicode Map Filename: /etc/snort/unicode.map
Aug 12 08:29:32 ns1 snort[23900]:       IIS Unicode Map Codepage: 1252
Aug 12 08:29:32 ns1 snort[23900]: FATAL ERROR: /etc/snort/snort.conf(195) => Invalid keyword 'inspect_gzip' for server configuration.
root@ns1:~#
Best Regards,
Friend7
 
Posts: 2373
Joined: Sun Feb 06, 2011 3:41 pm
Artica servers number: 1
Linux System: Debian
Technical skills: A newbee

Re: unable to stat snort_dynamicrules directory [OPEN]

New postby admin » Fri Aug 12, 2011 3:10 pm

Usually inspect_gzip preprocessor is available in 2.9 version...
i have removed inspect_gzip from the configuration
apply this patch
Attachments
exec.snort.php.tar.gz
(7.9 KiB) Downloaded 306 times
User avatar
admin
Site Admin
 
Posts: 11943
Joined: Wed Oct 17, 2007 7:59 am
Location: France

Re: unable to stat snort_dynamicrules directory [OPEN]

New postby Friend7 » Sat Aug 13, 2011 6:45 pm

Nope

Code: Select all
Aug 13 12:41:50 ns1 snort[24104]:       IIS Unicode Map Codepage: 1252
Aug 13 12:41:50 ns1 snort[24104]: FATAL ERROR: /etc/snort/snort.conf(194) => Invalid keyword 'unlimited_decompress' for server configuration.
Best Regards,
Friend7
 
Posts: 2373
Joined: Sun Feb 06, 2011 3:41 pm
Artica servers number: 1
Linux System: Debian
Technical skills: A newbee

Re: unable to stat snort_dynamicrules directory [OPEN]

New postby admin » Sat Aug 13, 2011 11:01 pm

this ?
Attachments
exec.snort.php.tar.gz
(7.9 KiB) Downloaded 297 times
User avatar
admin
Site Admin
 
Posts: 11943
Joined: Wed Oct 17, 2007 7:59 am
Location: France

Re: unable to stat snort_dynamicrules directory [OPEN]

New postby Friend7 » Sun Aug 14, 2011 12:14 am

Yupe ....

but it has this error:

Starting......: Snort Daemon unable to stat snort_dynamicrules directory !!

Code: Select all

root@ns1:~# php /usr/share/artica-postfix/exec.snort.php --start
Starting......: Snort Daemon building configuration...
Starting......: Snort Daemon version 2.9.0.5 (29)
Starting......: Snort Daemon HOME_NET xxx.xxx.xxx.0/27
Starting......: Snort Daemon unable to stat snort_dynamicrules directory !!
Starting......: Snort Daemon adding rule attack-responses.rules
Starting......: Snort Daemon adding rule backdoor.rules
Starting......: Snort Daemon adding rule bad-traffic.rules
Starting......: Snort Daemon adding rule blacklist.rules
Starting......: Snort Daemon adding rule botnet-cnc.rules
Starting......: Snort Daemon adding rule chat.rules
Starting......: Snort Daemon adding rule content-replace.rules
Starting......: Snort Daemon adding rule ddos.rules
Starting......: Snort Daemon adding rule deleted.rules
Starting......: Snort Daemon adding rule dns.rules
Starting......: Snort Daemon adding rule dos.rules
Starting......: Snort Daemon adding rule experimental.rules
Starting......: Snort Daemon adding rule exploit.rules
Starting......: Snort Daemon adding rule finger.rules
Starting......: Snort Daemon adding rule ftp.rules
Starting......: Snort Daemon adding rule icmp-info.rules
Starting......: Snort Daemon adding rule icmp.rules
Starting......: Snort Daemon adding rule imap.rules
Starting......: Snort Daemon adding rule info.rules
Starting......: Snort Daemon adding rule local.rules
Starting......: Snort Daemon adding rule misc.rules
Starting......: Snort Daemon adding rule multimedia.rules
Starting......: Snort Daemon adding rule mysql.rules
Starting......: Snort Daemon adding rule netbios.rules
Starting......: Snort Daemon adding rule nntp.rules
Starting......: Snort Daemon adding rule oracle.rules
Starting......: Snort Daemon adding rule other-ids.rules
Starting......: Snort Daemon adding rule p2p.rules
Starting......: Snort Daemon adding rule phishing-spam.rules
Starting......: Snort Daemon adding rule policy.rules
Starting......: Snort Daemon adding rule pop2.rules
Starting......: Snort Daemon adding rule pop3.rules
Starting......: Snort Daemon adding rule rpc.rules
Starting......: Snort Daemon adding rule rservices.rules
Starting......: Snort Daemon adding rule scada.rules
Starting......: Snort Daemon adding rule scan.rules
Starting......: Snort Daemon adding rule shellcode.rules
Starting......: Snort Daemon adding rule smtp.rules
Starting......: Snort Daemon adding rule snmp.rules
Starting......: Snort Daemon adding rule specific-threats.rules
Starting......: Snort Daemon adding rule spyware-put.rules
Starting......: Snort Daemon adding rule sql.rules
Starting......: Snort Daemon adding rule telnet.rules
Starting......: Snort Daemon adding rule tftp.rules
Starting......: Snort Daemon adding rule virus.rules
Starting......: Snort Daemon adding rule voip.rules
Starting......: Snort Daemon adding rule web-activex.rules
Starting......: Snort Daemon adding rule web-attacks.rules
Starting......: Snort Daemon adding rule web-cgi.rules
Starting......: Snort Daemon adding rule web-client.rules
Starting......: Snort Daemon adding rule web-coldfusion.rules
Starting......: Snort Daemon adding rule web-frontpage.rules
Starting......: Snort Daemon adding rule web-iis.rules
Starting......: Snort Daemon adding rule web-misc.rules
Starting......: Snort Daemon adding rule web-php.rules
Starting......: Snort Daemon adding rule x11.rules
Starting......: Snort Daemon Testing configuration....
Starting......: Snort Daemon testing config success
Starting......: Snort Daemon building configuration done...
Starting......: Snort Daemon for Interface "venet0"...
Starting......: Snort Daemon for Interface "venet0" success PID 9290

root@ns1:~#


root@ns1:~# uname -r
2.6.32-238.9.1.el5.028stab089.1
root@ns1:~#
Best Regards,
Friend7
 
Posts: 2373
Joined: Sun Feb 06, 2011 3:41 pm
Artica servers number: 1
Linux System: Debian
Technical skills: A newbee

Re: unable to stat snort_dynamicrules directory [OPEN]

New postby admin » Sun Aug 14, 2011 10:19 am

This is just an information.. not a real Fatal error.
User avatar
admin
Site Admin
 
Posts: 11943
Joined: Wed Oct 17, 2007 7:59 am
Location: France

Previous

Return to IDS with Snort

Who is online

Users browsing this forum: No registered users and 1 guest

cron