Thierry Boibary | 26 Jul 13:38 2016
Picon

Debian

Hi,

is Snort available on Debian8.1?

Regards
T Granier

------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are 
consuming the most bandwidth. Provides multi-vendor support for NetFlow, 
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports.http://sdm.link/zohodev2dev
_______________________________________________
Snort-users mailing list
Snort-users <at> lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Thierry Boibary | 26 Jul 11:46 2016
Picon

debian

Hi,

is "snort" available on Debian 8 ?

Regards
T.

------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are 
consuming the most bandwidth. Provides multi-vendor support for NetFlow, 
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports.http://sdm.link/zohodev2dev
_______________________________________________
Snort-users mailing list
Snort-users <at> lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

João Ferreira | 26 Jul 03:19 2016
Picon

Snort IPS in a Virtual Machine

I' am trying to find a way to set snort as IPS in a VM. I cant on host because its windows and i think snort doesn't work as IPS on windows. Suggestions please.
------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are 
consuming the most bandwidth. Provides multi-vendor support for NetFlow, 
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports.http://sdm.link/zohodev2dev
_______________________________________________
Snort-users mailing list
Snort-users <at> lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
J Green | 26 Jul 01:29 2016
Picon

Re: Newbie question -- Can Snort be installed in a routed mode instead of bridged mode?

Hello all:
 
Have been reading up on how to install Snort, and I have come across two modes:  Bridged and SPAN.  Bridged mode would be preferable, but our network is configured with layer 2 VLAN'ing, and an Etherchannel connecting switches to the firewall.  So I do not see how I could physically connect Snort in Bridged mode, since there is not just one connection from switch to the firewall (where I could physically connect a Snort box inbetween).  Was wondering if Snort supports a Routed mode, where the incoming interface is configured on one network subnet, and the outgoing interface is configured on a different network subnet?  If so, could you please direct me to supporting documentation re how to accomplish this?  My goal is to have Snort inspect traffic from one internal network destined to another internal network. 
 
Thank you. 
------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are 
consuming the most bandwidth. Provides multi-vendor support for NetFlow, 
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports.http://sdm.link/zohodev2dev
_______________________________________________
Snort-users mailing list
Snort-users <at> lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
James Lay | 25 Jul 02:23 2016
Picon

Re: Fwd: ERROR! daq_static library not found

I would defer this to the snort development team.

James

On Sun, 2016-07-24 at 19:05 +0100, João Ferreira wrote:

Im not. I have this error trying to install snort.

Em 24/07/2016 4:18 da tarde, "James Lay" <jlay <at> slave-tothe-box.net> escreveu:
>
> On 2016-07-23 12:12, João Ferreira wrote:
>>
>> Im just using the default instalation per snort site like:
>>
>> daq: ./configure && make && sudo make install
>> snort: ./configure --enable-sourcefire && make && sudo make install
>>
>> 2016-07-23 18:29 GMT+01:00 James Lay <jlay <at> slave-tothe-box.net>:
>>
>>> Ok...so...since from source, what was your ./configure line from
>>> both snort and daq?
>>>
>>> James
>>>
>>> On Sat, 2016-07-23 at 17:38 +0100, João Ferreira wrote:
>>>
>>>> I installed from source. Problem is i used earlier versions of
>>>> snort specifically 2982 and now with 2983 i have this problem.
>>>
>>>
>>> 2016-07-23 17:32 GMT+01:00 James Lay <jlay <at> slave-tothe-box.net>:
>>>
>>> On 2016-07-23 10:27, João Ferreira wrote:
>>>>
>>>> I just used the default configuration. I didn't even changed
>>>
>>> anything
>>>>
>>>> yet.
>>>>
>>>> 2016-07-23 13:23 GMT+01:00 James Lay <jlay <at> slave-tothe-box.net>:
>>>>
>>>>> On Sat, 2016-07-23 at 01:54 +0100, João Ferreira wrote:
>>>>>
>>>>>> In a completely new VM i installed daq and trying to install
>>>
>>> snort
>>>>>>
>>>>>> i get this. What do i do? Thanks.
>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>> ------------------------------------------------------------------------------
>>>>>>
>>>>>> What NetFlow Analyzer can do for you? Monitors network bandwidth
>>>>>> and traffic
>>>>>> patterns at an interface-level. Reveals which users, apps, and
>>>>>> protocols are
>>>>>> consuming the most bandwidth. Provides multi-vendor support for
>>>>>> NetFlow,
>>>>>> J-Flow, sFlow and other flows. Make informed decisions using
>>>>>> capacity planning
>>>>>> reports.http://sdm.link/zohodev2dev
>>>>>>
>>>>>> _______________________________________________
>>>>>> Snort-users mailing list
>>>>>> Snort-users <at> lists.sourceforge.net
>>>>>> Go to this URL to change user options or unsubscribe:
>>>>>> https://lists.sourceforge.net/lists/listinfo/snort-users
>>>>>> Snort-users list archive:
>>>>>>
>>>>>
>>> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>>>>>>
>>>>>>
>>>>>> Please visit http://blog.snort.org to stay current on all the
>>>>>> latest Snort news!
>>>>>
>>>>>
>>>>> What configure lines did you use for snort and daq?
>>>>>
>>>>> James
>>>>>
>>>
>>> I take it you installed from packages and not from source?
>>>
>
> Ok....last question...how are you starting snort?
>
> James

------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are 
consuming the most bandwidth. Provides multi-vendor support for NetFlow, 
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports.http://sdm.link/zohodev2dev
_______________________________________________
Snort-users mailing list
Snort-users <at> lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
John Hall | 24 Jul 23:29 2016

Snort - Cannot start Snort. libdnet.1 not found. How to fix? libdnet is installed? OS is Ubuntu 14.

john <at> snort1:~$ snort -V

snort: error while loading shared libraries: libdnet.1: cannot open shared object file: No such file or directory

 

john <at> snort1:~$ find /usr -name "libdnet*"

/usr/share/doc/libdnet

/usr/share/lintian/overrides/libdnet

/usr/lib/libdnet_daemon.so.2

/usr/lib/libdnet.so.2

/usr/lib/libdnet_daemon.so.2.43.1

/usr/lib/libdnet-dap.so.2.46.0

/usr/lib/libdnet.1

/usr/lib/libdnet-dap.so.2

/usr/lib/libdnet.so.2.43.2

 

------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are 
consuming the most bandwidth. Provides multi-vendor support for NetFlow, 
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports.http://sdm.link/zohodev2dev
_______________________________________________
Snort-users mailing list
Snort-users <at> lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
James Lay | 23 Jul 19:29 2016
Picon

Re: Fwd: ERROR! daq_static library not found

Ok...so...since from source, what was your ./configure line from both snort and daq?

James

On Sat, 2016-07-23 at 17:38 +0100, João Ferreira wrote:
I installed from source. Problem is i used earlier versions of snort specifically 2982 and now with 2983 i have this problem.

2016-07-23 17:32 GMT+01:00 James Lay <jlay <at> slave-tothe-box.net>:
On 2016-07-23 10:27, João Ferreira wrote:
> I just used the default configuration. I didn't even changed anything
> yet.
>
> 2016-07-23 13:23 GMT+01:00 James Lay <jlay <at> slave-tothe-box.net>:
>
>> On Sat, 2016-07-23 at 01:54 +0100, João Ferreira wrote:
>>
>>> In a completely new VM i installed daq and trying to install snort
>>> i get this. What do i do? Thanks.
>>>
>>>
>>
> ------------------------------------------------------------------------------
>>> What NetFlow Analyzer can do for you? Monitors network bandwidth
>>> and traffic
>>> patterns at an interface-level. Reveals which users, apps, and
>>> protocols are
>>> consuming the most bandwidth. Provides multi-vendor support for
>>> NetFlow,
>>> J-Flow, sFlow and other flows. Make informed decisions using
>>> capacity planning
>>> reports.http://sdm.link/zohodev2dev
>>>
>>> _______________________________________________
>>> Snort-users mailing list
>>> Snort-users <at> lists.sourceforge.net
>>> Go to this URL to change user options or unsubscribe:
>>> https://lists.sourceforge.net/lists/listinfo/snort-users
>>> Snort-users list archive:
>>>
>> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>>>
>>> Please visit http://blog.snort.org to stay current on all the
>>> latest Snort news!
>>
>> What configure lines did you use for snort and daq?
>>
>> James
>>

I take it you installed from packages and not from source?

------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports.http://sdm.link/zohodev2dev
_______________________________________________
Snort-users mailing list
Snort-users <at> lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!


------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are 
consuming the most bandwidth. Provides multi-vendor support for NetFlow, 
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports.http://sdm.link/zohodev2dev
_______________________________________________
Snort-users mailing list
Snort-users <at> lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
James Lay | 23 Jul 18:32 2016
Picon

Re: Fwd: ERROR! daq_static library not found

On 2016-07-23 10:27, João Ferreira wrote:
> I just used the default configuration. I didn't even changed anything
> yet.
> 
> 2016-07-23 13:23 GMT+01:00 James Lay <jlay <at> slave-tothe-box.net>:
> 
>> On Sat, 2016-07-23 at 01:54 +0100, João Ferreira wrote:
>> 
>>> In a completely new VM i installed daq and trying to install snort
>>> i get this. What do i do? Thanks.
>>> 
>>> 
>> 
> ------------------------------------------------------------------------------
>>> What NetFlow Analyzer can do for you? Monitors network bandwidth
>>> and traffic
>>> patterns at an interface-level. Reveals which users, apps, and
>>> protocols are
>>> consuming the most bandwidth. Provides multi-vendor support for
>>> NetFlow,
>>> J-Flow, sFlow and other flows. Make informed decisions using
>>> capacity planning
>>> reports.http://sdm.link/zohodev2dev
>>> 
>>> _______________________________________________
>>> Snort-users mailing list
>>> Snort-users <at> lists.sourceforge.net
>>> Go to this URL to change user options or unsubscribe:
>>> https://lists.sourceforge.net/lists/listinfo/snort-users
>>> Snort-users list archive:
>>> 
>> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>>> 
>>> Please visit http://blog.snort.org to stay current on all the
>>> latest Snort news!
>> 
>> What configure lines did you use for snort and daq?
>> 
>> James
>> 

I take it you installed from packages and not from source?

------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are 
consuming the most bandwidth. Provides multi-vendor support for NetFlow, 
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports.http://sdm.link/zohodev2dev
_______________________________________________
Snort-users mailing list
Snort-users <at> lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
João Ferreira | 23 Jul 02:54 2016
Picon

Fwd: ERROR! daq_static library not found


In a completely new VM i installed daq and trying to install snort i get this. What do i do? Thanks.

------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are 
consuming the most bandwidth. Provides multi-vendor support for NetFlow, 
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports.http://sdm.link/zohodev2dev
_______________________________________________
Snort-users mailing list
Snort-users <at> lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Pratibha Rajan | 22 Jul 20:11 2016

Test Snort

Hi,

This is with regard to the error I am facing while starting the snort service after the test Snort start up which was successfull:

******************************************************************

           Preprocessor Object: SF_POP  Version 1.0  <Build 1>
           Preprocessor Object: SF_FTPTELNET  Version 1.2  <Build 13>


Snort successfully validated the configuration!
Snort exiting

********************************************************************


while trying to start the service this is the error being faced:


*********************************************************************
[root <at> tparheidspxx1 init.d]# ./snort restart
Stopping snort:                                            [  OK  ]
Starting snort: Spawning daemon child...
My daemon child 13226 lives...
Daemon parent exiting (0)
                                                           [  OK  ]
[root <at> tparheidspxx1 init.d]# ./snort status
snort dead but subsys locked


**************************************************************************

The initialization file i have used is the shell script from snort.downloads and below is the  permission set for the same:

[root <at> tparheidspxx1 init.d]# ls -l | grep snort
-rwx------. 1 snort snort  3761 Jul 21 12:41 snort


Few queries:
Do I need to make changes to the script with respect to network interface? As the test snort is being run on a virtual machine.
I see that the interface set in the script is "eth0".
Is the permission set for the script correct?

Also:

********************************************

# cd /var/log/snort
# ls -l
total 4
-rw-r--r--. 1 snort snort 0 Jul 22 09:25 alert
-rw-------. 1 snort snort 6 Jul 22 13:50 snort_ens192.pid
-rw-------. 1 snort snort 0 Jul 22 13:50 snort_ens192.pid.lck
-rw-------. 1 snort snort 0 Jul 22 13:50 snort.log.1469209828


ens192 is the management interface of the virtual machine.

Kindly let me know if I need to attach any logs


Thanks


Pratibha

------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are 
consuming the most bandwidth. Provides multi-vendor support for NetFlow, 
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports.http://sdm.link/zohodev2dev
_______________________________________________
Snort-users mailing list
Snort-users <at> lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Rodrigo Borges Pereira | 22 Jul 19:22 2016
Picon
Gravatar

Hello,

Is there a way to limit the depth of a pcre search? I can use byte_extract to get the length of a variable buffer to which the pcre expression should apply, but there doesn't seem to be an option to do this.

Appreciate any hints. 

Rgds.
------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are 
consuming the most bandwidth. Provides multi-vendor support for NetFlow, 
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports.http://sdm.link/zohodev2dev
_______________________________________________
Snort-users mailing list
Snort-users <at> lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Gmane