Snort Releases | 3 Feb 17:31 2016

Snort++ Build 186 Available Now

Snort++ build 186 is now available on snort.org.  This is the latest 
monthly update available for download.  You can also get the latest 
updates from github (snortadmin/snort3) which is updated weekly.

Bug Fixes:

* fix xcode builds
* fix static analysis issues
* fix profiler depth bug
* fixed fatal on failed IP rep segment allocation - thanks to Bill Parker
* fixed build issue with Clang and thread_local
* fixed rule option string unescape issue

Enhancements:

* host_module and host_tracker updates
* start perf_monitor rewrite - 1st of many updates
* start dce2 port - 1st of many updates
* initial host_tracker for new integrated netmap
* continued tcp session refactoring
* new_http_inspect refactoring for time and space considerations
* added new_http_inpsect rule options
* remove --enable-ppm - always enabled
* update copyright to 2016, add missing license blocks
* update default manuals
* tweaked style guide wrt class declarations

Please submit bugs, questions, and feedback to bugs <at> snort.org or the 
Snort-Users mailing list.

(Continue reading)

ARUN LAL | 10 Feb 10:33 2016
Picon

Doubts

Hi All,

We need to monitor the network of all the other servers(client servers) via snort.

Could you please explain the possibilities of that?? we have installed one snort in one server, is there anyway to add other servers to it?? or we need to install snort to all servers?? 

I think everyone can understand my question!!

------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
_______________________________________________
Snort-users mailing list
Snort-users <at> lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Matthew Smith | 9 Feb 21:28 2016

Known Diskspace utilization issues

Is anyone aware of any diskspace issues revolved around using SNORT monitoring? My company currently has an issue with the diskspace utilization rapidly being used up to its capacity which causes the server to become inaccessible and not monitor our network anymore.

 

Respectfully,

 

Tyler Smith

Systems Administrator

msmith <at> harmonia.com

Harmonia Holdings Group, LLC.

 

------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
_______________________________________________
Snort-users mailing list
Snort-users <at> lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Michael Steele | 8 Feb 15:28 2016

How to enable ALL rules when Pulledpork is ran?

I’m trying to figure out how to activate all the rules (for temp testing purposes) when PP is ran.

 

I’m using the –nPT as the switches when I run PP on a ruleset that is current.

 

All rules are located in the snort.rules file.

 

Everything is processing normally using the ips_policy=security switch.

 

Thanks…

------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
_______________________________________________
Snort-users mailing list
Snort-users <at> lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
ARUN LAL | 8 Feb 14:00 2016
Picon

Doubts

Hi All,

We have configured a server with SNORT and we are planning to add different servers to the master server (Server with a snort) for monitoring purposes. Currently client server has no contact with snort servers. Both the servers are on different network.

Eg: 44.25.167.80(master server)

Client servers: 172.24.155.60,192.16.147.30,129.26.4.96,212.48.72.45 like wise.

My questions is how can we connect these servers to master servers? is there anything want to install on the client servers. Please check the possibilities and update us with your valuable suggestions
------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
_______________________________________________
Snort-users mailing list
Snort-users <at> lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Gilbert, Sonia M CTR (US | 5 Feb 01:17 2016

Snort 2.9.8.0 no --enable-zlib option

Dear Snort Community,

I am trying to install Snort 2.9.8.0 and get the following warning:
configure: WARNING: unrecognized options: --enable-zlib

Was zlib replaced by utility?  

Sonia Gilbert
Regional Cyber Center-Pacific, CTR
Defensive Cyber Operations Division
(808) 438-0513
NIPR:  Sonia.m.gilbert.ctr <at> mail.mil

------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
_______________________________________________
Snort-users mailing list
Snort-users <at> lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Izz Noland | 3 Feb 21:30 2016

Re: barnyard2 and Chef

Yes, all of these files are available before the call of the init script to start services.

 

Izz Noland

Sr. Systems Engineer

izz.noland <at> wepanow.com

Toll Free 800.675.7639

100 Gilbert Drive | Alabaster, Alabama 35007

 

From: sste [mailto:stephane.nasdrovisky <at> paradigmo.com]
Sent: Wednesday, February 03, 2016 2:00 PM
To: Izz Noland <izz.noland <at> wepanow.com>
Subject: Re: [Snort-users] barnyard2 and Chef

 

 

Is /bin/bash available during the boot process?

Is  /usr/local/sbin/barnyard2.sh available during the boot process?

if some of these files or directories are on another filesystem, the answer is probably no.

This is 100% guess: I have no centos, chef or barnyard.

 

From: Izz Noland

Subject: [Snort-users] barnyard2 and Chef

 

init script:

 

      /usr/local/sbin/barnyard2.sh &

      sleep 10s

 

where barnyard2.sh is the following:

#!/bin/bash

 

------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
_______________________________________________
Snort-users mailing list
Snort-users <at> lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Izz Noland | 3 Feb 19:26 2016

barnyard2 and Chef

Not sure if this is even the right place for a barnyard2 question, much less an issue regarding chef.  My apologies in advance if this is not the right area.

 

So I have packaged barnyard2 into an RPM and have it as part of a chef cookbook for easy deployment for IDS sensors.  Problem is, the command to start barnyard2 does not fully work via Chef, but works fine when I log into the server and start the service.  I’m running CentOS 6.7 and here is the code I am running as part of a larger init script:

 

      /usr/local/sbin/barnyard2.sh &

      sleep 10s

 

where barnyard2.sh is the following:

#!/bin/bash

 

WALDO="<%= node.wepa_ids_sensor.barnyard2.run_opts.WALDO %>"

ARCHIVEDIR="<%= node.wepa_ids_sensor.barnyard2.run_opts.ARCHIVEDIR %>"

CONFIGFILE="<%= node.wepa_ids_sensor.barnyard2.run_opts.CONFIGFILE %>"

LOGDIR="<%= node.wepa_ids_sensor.barnyard2.run_opts.LOGDIR %>"

LOGFILE="<%= node.wepa_ids_sensor.barnyard2.run_opts.LOGFILE %>"

SIDMAP="<%= node.wepa_ids_sensor.barnyard2.run_opts.SIDMAP %>"

 

while [ true ]

do

            barnyard2 -v -c $CONFIGFILE \

                                                                        -d $LOGDIR \

                                                                        -f $LOGFILE \

                                                                        -w $WALDO \

                                                                        -a $ARCHIVEDIR \

                                                                        -S $SIDMAP

       

            sleep 60s

done

 

this works fine when run via cli.  Anyone have any experience with something like this?

 

Thanks in advance,

Izz

 

Izz Noland

Sr. Systems Engineer

izz.noland <at> wepanow.com

Toll Free 800.675.7639

100 Gilbert Drive | Alabaster, Alabama 35007

 

------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
_______________________________________________
Snort-users mailing list
Snort-users <at> lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Matthew White | 3 Feb 18:38 2016
Picon

Snorby Setup help - ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock'

Hello,

I am getting the following error and would like some feedback.

rake snorby:setup
No time_zone specified in snorby_config.yml; detected time_zone: US/Central
[Hash Here]
ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2)
[datamapper] Finished auto_upgrade! for :default repository '[Name_Of_Repo]'
* Removing old jobs
* Starting the Snorby worker process.
[X] Error: Unable to start the Snorby worker process.

1. I am not running a MySQL Database locally.
2. I had to make development.log and production.log with touch because they didn't exist.
3. I ran the following to get rid of PDF errors.

sed -i 's/\(^.*\)\(Mime::Type.register.*application\/pdf.*$\)/\1if Mime::Type.lookup_by_extension(:pdf) != "application\/pdf"\n\1 \2\n\1end/' vendor/cache/ruby/*.*.*/bundler/gems/ezprint-*/lib/ezprint/railtie.rb sed -i 's/\(^.*\)\(Mime::Type.register.*application\/pdf.*$\)/\1if Mime::Type.lookup_by_extension(:pdf) != "application\/pdf"\n\1 \2\n\1end/' vendor/cache/ruby/*.*.*/gems/actionpack-*/lib/action_dispatch/http/mime_types.rb sed -i 's/\(^.*\)\(Mime::Type.register.*application\/pdf.*$\)/\1if Mime::Type.lookup_by_extension(:pdf) != "application\/pdf"\n\1 \2\n\1end/' vendor/cache/ruby/*.*.*/gems/railties-*/guides/source/action_controller_overview.textile


------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
_______________________________________________
Snort-users mailing list
Snort-users <at> lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Nicolas Lepolard | 3 Feb 17:35 2016

Snort IP blacklist issue (Pulledprok)

Hi guys,

I have an issue with my PulledPork's installation !

When i try this command, i've got this error message :

sudo /usr/local/bin/pulledpork.pl -c /etc/snort/pulledpork.conf -l

(...)
Checking latest MD5 for snortrules-snapshot-2980.tar.gz....
They Match
Done!
Rules tarball download of community-rules.tar.gz....
IP Blacklist download of http://talosintel.com/feeds/ip-filter.blf....
Reading IP List...
Couldn't read /opt/snort/tmp/648.041857729794-black_list.rules - Aucun fichier ou dossier de ce type
 at /usr/local/bin/pulledpork.pl line 540.
main::read_iplist(HASH(0x2a281f8), "/opt/snort/tmp/648.041857729794-black_list.rules") called at /usr/local/bin/pulledpork.pl line 431
main::rulefetch("open", "IPBLACKLIST0", "/opt/snort/tmp/", "http://talosintel.com/feeds/ip-filter.blf") called at /usr/local/bin/pulledpork.pl line 1946

I've seen other posts about this problem but i didn't find solution !

Can you help me please ?

Snort : 2.9.8.0
PulledPorks : 0.7.2

Best regards

Nicolas

------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
_______________________________________________
Snort-users mailing list
Snort-users <at> lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Matthew White | 2 Feb 23:29 2016
Picon

SOLVED Unified 2 not working. I need help.

Thanks to Al the problem was the following.


# Reputation preprocessor. For more information see README.reputation

preprocessor reputation: \

   memcap 500, \

   priority whitelist, \

   nested_ip inner, \


and needed to be


# Reputation preprocessor. For more information see README.reputation

preprocessor reputation: \

   memcap 500, \

   priority whitelist, \

   nested_ip inner


This is why it wasn't working. This didn't throw an error either. It required 2 lines until it was fixed because it was expecting a line continuation. Now I can use the default 1 line and it works.

output unified2: filename /(path)/external1.u2
output unified2: filename /(path)/external1.u2


On Mon, Jan 25, 2016 at 10:21 AM, James Lay <jlay <at> slave-tothe-box.net> wrote:

Try:

output unified2: filename /(path)/external1.u2

James

On 2016-01-25 08:52, Matthew White wrote:

Ran /(path)/snort -D -q -i eth3 -F /(path)/internalbf.filter -c /(path)/snort.conf.internal as root but still the same.
Also ran /(path)/snort -i eth3 -F /(path)/internalbf.filter -c /(path)/snort.conf.internal as root but still the same.
 
Whats funny is that output alert_unified2: works fine.
 

# unified2
# Recommended for most installs
# output unified2: filename merged.log, limit 128, nostamp, mpls_event_types, vlan_event_types
output unified2: filename /(path)/external1-snort.log, limit 128, vlan_event_types
output alert_unified2: filename external1-snort.alert, limit 128

On Sat, Jan 23, 2016 at 5:13 AM, James Lay <jlay <at> slave-tothe-box.net> wrote:
At this point I would test as root...otherwise please post a sanitized version of your complete snort.conf.

James


On Fri, 2016-01-22 at 16:02 -0600, Matthew White wrote:
Tried your steps and still no .u2 file.
On Fri, Jan 22, 2016 at 2:59 PM, James Lay <jlay <at> slave-tothe-box.net> wrote:
Specify full path in your snort.conf:

output unified2: filename /your/path/here/bleh.u2

for testing remove the -D and -q from your command line.

James
On 2016-01-22 13:50, Matthew White wrote:
tried /usr/local/bin/snort -l /var/log/snort -D -q -i eth3 -F /etc/snort/internalbpf.filter -c /usr/src/snort-2.9.8.0/etc/snort.conf.internal -u snort still to no avail.
On Fri, Jan 22, 2016 at 2:40 PM, Avery Rozar <avery.rozar <at> insecure-it.com> wrote:
Try adding "-l /var/log/snort" to step # 4.
On Fri, Jan 22, 2016 at 3:33 PM, Matthew White <on3moda <at> gmail.com> wrote:
1. The specified unified 2 log is not being created.
2. Instead I get the snort.log.date (tcpdump) default and alerts.
3. snort.conf - output unified2: filename internal.u2, limit 128, vlan_event_types
4. running snort with sudo /usr/local/bin/snort -D -q -i eth3 -F /etc/snort/internalbpf.filter -c /usr/src/snort-2.9.8.0/etc/snort.conf.internal -u snort
5. No errors or warnings when grep from /var/log/messages
6. Running RHEL 6
7. Installed and compiled from source
8. Snort has rwx for /var/log/snort
9. Deleted all logs
10. Since this was installed from a tarball no file /etc/sysconfig/snort exists.
11. tail -f alerts and snort.log are working great.
12. Manually made /etc/sysconfig/snort with the following with no success as well.

# /etc/sysconfig/snort
# $Id:
#### General Configuration
INTERFACE=eth2
CONF=/(Path to)/snort.conf
USER=snort
GROUP=snort
PASS_FIRST=0
#### Logging & Alerting
LOGDIR=/var/log/snort
ALERTMODE=fast
DUMP_APP=1
BINARY_LOG=1
NO_PACKET_LOG=0
PRINT_INTERFACE=0

------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
_______________________________________________
Snort-users mailing list
Snort-users <at> lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
_______________________________________________
Snort-users mailing list
Snort-users <at> lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

 
 

------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
_______________________________________________
Snort-users mailing list
Snort-users <at> lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

------------------------------------------------------------------------------ Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140 _______________________________________________ Snort-users mailing list Snort-users <at> lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!


------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
_______________________________________________
Snort-users mailing list
Snort-users <at> lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

 

 

------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
_______________________________________________
Snort-users mailing list
Snort-users <at> lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
_______________________________________________
Snort-users mailing list
Snort-users <at> lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Gmane