snort

To: <debian-user-portuguese@lists.debian.org>
Subject: snort
From: "informatica" <informatica@divisaveiculos.com.br>
Date: Mon, 17 Jan 2005 14:47:36 -0200
Message-id: <[🔎] 002601c4fcb4$4035b170$5f56010a@divisaveiculos.com.br>
galera qdo inicializo snort da o seguinte erro


unning in IDS mode

Initializing Network Interface eth0

        --== Initializing Snort ==--
Initializing Output Plugins!
Decoding Ethernet on interface eth0
Initializing Preprocessors!
Initializing Plug-ins!
Parsing Rules file /etc/snort/snort.conf

+++++++++++++++++++++++++++++++++++++++++++++++++++
Initializing rule chains...
,-----------[Flow Config]----------------------
| Stats Interval:  0
| Hash Method:     2
| Memcap:          10485760
| Rows  :          4099
| Overhead Bytes:  16400(%0.16)
`----------------------------------------------
No arguments to frag2 directive, setting defaults to:
    Fragment timeout: 60 seconds
    Fragment memory cap: 4194304 bytes
    Fragment min_ttl:   0
    Fragment ttl_limit: 5
    Fragment Problems: 0
    Self preservation threshold: 500
    Self preservation period: 90
    Suspend threshold: 1000
    Suspend period: 30
Stream4 config:
    Stateful inspection: ACTIVE
    Session statistics: INACTIVE
    Session timeout: 30 seconds
    Session memory cap: 8388608 bytes
    State alerts: INACTIVE
    Evasion alerts: INACTIVE
    Scan alerts: INACTIVE
    Log Flushed Streams: INACTIVE
    MinTTL: 1
    TTL Limit: 5
    Async Link: 0
    State Protection: 0
    Self preservation threshold: 50
    Self preservation period: 90
    Suspend threshold: 200
    Suspend period: 30
    Enforce TCP State: INACTIVE
    Midstream Drop Alerts: INACTIVE

Stream4_reassemble config:
    Server reassembly: INACTIVE
    Client reassembly: ACTIVE
    Reassembler alerts: ACTIVE
    Zero out flushed packets: INACTIVE
    flush_data_diff_size: 500
    Ports: 21 23 25 53 80 110 111 143 513 1433
    Emergency Ports: 21 23 25 53 80 110 111 143 513 1433
HttpInspect Config:
    GLOBAL CONFIG
      Max Pipeline Requests:    0
      Inspection Type:          STATELESS
      Detect Proxy Usage:       NO
      IIS Unicode Map Filename: /etc/snort/unicode.map
      IIS Unicode Map Codepage: 1252
    DEFAULT SERVER CONFIG:
      Ports: 80 8080 8180
      Flow Depth: 300
      Max Chunk Length: 500000
      Inspect Pipeline Requests: YES
      URI Discovery Strict Mode: NO
      Allow Proxy Usage: NO
      Disable Alerting: NO
      Oversize Dir Length: 500
      Only inspect URI: NO
      Ascii: YES alert: NO
      Double Decoding: YES alert: YES
      %U Encoding: YES alert: YES
      Bare Byte: YES alert: YES
      Base36: OFF
      UTF 8: OFF
      IIS Unicode: YES alert: YES
      Multiple Slash: YES alert: NO
      IIS Backslash: YES alert: NO
      Directory Traversal: YES alert: NO
      Web Root Traversal: YES alert: YES
      Apache WhiteSpace: YES alert: NO
      IIS Delimiter: YES alert: NO
      IIS Unicode Map: GLOBAL IIS UNICODE MAP CONFIG
      Non-RFC Compliant Characters: NONE
rpc_decode arguments:
    Ports to decode RPC on: 111 32771
    alert_fragments: INACTIVE
    alert_large_fragments: ACTIVE
    alert_incomplete: ACTIVE
    alert_multiple_requests: ACTIVE
telnet_decode arguments:
    Ports to decode telnet on: 21 23 25 119
Portscan Detection Config:
    Detect Protocols:  TCP UDP ICMP IP
    Detect Scan Type:  portscan portsweep decoy_portscan
distributed_portscan
    Sensitivity Level: Low
    Memcap (in bytes): 10000000
    Number of Nodes:   36900

database: compiled support for ( mysql )
database: configured to use mysql
database:          user = snort
database:          host = 10.1.86.254
database: must enter database name in configuration file


USAGE: database plugin

 output database: [log | alert], [type of database], [parameter list]

 [log | alert] selects whether the plugin will use the alert or
 log facility.

 For the first argument, you must supply the type of database.
 The possible values are mysql, postgresql, odbc, oracle and
 mssql
 The parameter list consists of key value pairs. The proper
 format is a list of key=value pairs each separated a space.

 The only parameter that is absolutely necessary is "dbname".
 All other parameters are optional but may be necessary
 depending on how you have configured your RDBMS.

 dbname - the name of the database you are connecting to

 host - the host the RDBMS is on

 port - the port number the RDBMS is listening on

 user - connect to the database as this user

 password - the password for given user

 sensor_name - specify your own name for this snort sensor. If you
        do not specify a name one will be generated automatically

 encoding - specify a data encoding type (hex, base64, or ascii)

 detail - specify a detail level (full or fast)

 ignore_bpf - specify if you want to ignore the BPF part for a sensor

              definition (yes or no, no is default)

 FOR EXAMPLE:
 The configuration I am currently using is MySQL with the database
 name of "snort". The user "snortusr@localhost" has INSERT and SELECT
 privileges on the "snort" database and does not require a password.
 The following line enables snort to log to this database.

 output database: log, mysql, dbname=snort user=snortusr host=localhost

ERROR: Fatal Error, Quitting..
Reply to:
Prev by Date: Re: BDE + Wine.
Next by Date: Re: CDROM SE RECUSA A ABRIR
Previous by thread: Re: snort
Next by thread: Configurando comportamento das janelas
Index(es):
- Date
- Thread