Snort[55970] exiting
-
And again it happens… forcing a start again...
Sep 7 12:04:25 snort[1447]: Snort exiting
Sep 7 12:04:25 snort[1447]: Snort exiting
Sep 7 12:03:40 SnortStartup[59909]: Snort Soft Reload For 29323_bge1…
Sep 7 12:03:40 SnortStartup[59753]: Snort already running, soft restart
Sep 7 12:03:40 SnortStartup[58145]: Snort Startup files Sync…
Sep 7 12:03:38 snort[1447]: | gen-id=1 sig-id=2001219 type=Threshold tracking=src count=5 seconds=120 filtered=2
Sep 7 12:03:38 snort[1447]: | gen-id=1 sig-id=2001219 type=Threshold tracking=src count=5 seconds=120 filtered=2
Sep 7 12:03:38 snort[1447]: | gen-id=1 sig-id=2002911 type=Threshold tracking=src count=5 seconds=60 filtered=22
Sep 7 12:03:38 snort[1447]: | gen-id=1 sig-id=2002911 type=Threshold tracking=src count=5 seconds=60 filtered=22
Sep 7 12:03:38 snort[1447]: | gen-id=1 sig-id=2406823 type=Limit tracking=src count=1 seconds=60 filtered=12
Sep 7 12:03:38 snort[1447]: | gen-id=1 sig-id=2406823 type=Limit tracking=src count=1 seconds=60 filtered=12
Sep 7 12:03:38 snort[1447]: | gen-id=1 sig-id=2001972 type=Both tracking=src count=20 seconds=360 filtered=27
Sep 7 12:03:38 snort[1447]: | gen-id=1 sig-id=2001972 type=Both tracking=src count=20 seconds=360 filtered=27
Sep 7 12:03:38 snort[1447]: +–---------------------[filtered events]–------------------------------------
Sep 7 12:03:38 snort[1447]: +–---------------------[filtered events]–------------------------------------
Sep 7 12:03:38 snort[1447]: ===============================================================================
Sep 7 12:03:38 snort[1447]: ===============================================================================
Sep 7 12:03:38 snort[1447]: Detection disabled: 732
Sep 7 12:03:38 snort[1447]: Detection disabled: 732
Sep 7 12:03:38 snort[1447]: Sessions ignored: 5467
Sep 7 12:03:38 snort[1447]: Sessions ignored: 5467
Sep 7 12:03:38 snort[1447]: Bad handshakes: 0
Sep 7 12:03:38 snort[1447]: Bad handshakes: 0
Sep 7 12:03:38 snort[1447]: Completed handshakes: 0
Sep 7 12:03:38 snort[1447]: Completed handshakes: 0
Sep 7 12:03:38 snort[1447]: Unrecognized records: 18542
Sep 7 12:03:38 snort[1447]: Unrecognized records: 18542
Sep 7 12:03:38 snort[1447]: Alert: 1065
Sep 7 12:03:38 snort[1447]: Alert: 1065
Sep 7 12:03:38 snort[1447]: Server Application: 5471
Sep 7 12:03:38 snort[1447]: Server Application: 5471
Sep 7 12:03:38 snort[1447]: Client Application: 3527
Sep 7 12:03:38 snort[1447]: Client Application: 3527
Sep 7 12:03:38 snort[1447]: Finished: 0
Sep 7 12:03:38 snort[1447]: Finished: 0
Sep 7 12:03:38 snort[1447]: Change Cipher: 5912
Sep 7 12:03:38 snort[1447]: Change Cipher: 5912
Sep 7 12:03:38 snort[1447]: Server Key Exchange: 19
Sep 7 12:03:38 snort[1447]: Server Key Exchange: 19
Sep 7 12:03:38 snort[1447]: Client Key Exchange: 537
Sep 7 12:03:38 snort[1447]: Client Key Exchange: 537
Sep 7 12:03:38 snort[1447]: Server Done: 5741
Sep 7 12:03:38 snort[1447]: Server Done: 5741
Sep 7 12:03:38 snort[1447]: Certificate: 3030
Sep 7 12:03:38 snort[1447]: Certificate: 3030
Sep 7 12:03:38 snort[1447]: Server Hello: 4798
Sep 7 12:03:38 snort[1447]: Server Hello: 4798
Sep 7 12:03:38 snort[1447]: Client Hello: 701
Sep 7 12:03:38 snort[1447]: Client Hello: 701
Sep 7 12:03:38 snort[1447]: SSL packets decoded: 34648
Sep 7 12:03:38 snort[1447]: SSL packets decoded: 34648
Sep 7 12:03:38 snort[1447]: SSL Preprocessor:
Sep 7 12:03:38 snort[1447]: SSL Preprocessor:
Sep 7 12:03:38 snort[1447]: ===============================================================================
Sep 7 12:03:38 snort[1447]: ===============================================================================
Sep 7 12:03:38 snort[1447]: Total sessions: 0
Sep 7 12:03:38 snort[1447]: Total sessions: 0
Sep 7 12:03:38 snort[1447]: dcerpc2 Preprocessor Statistics
Sep 7 12:03:38 snort[1447]: dcerpc2 Preprocessor Statistics
Sep 7 12:03:38 snort[1447]: ===============================================================================
Sep 7 12:03:38 snort[1447]: ===============================================================================
Sep 7 12:03:38 snort[1447]: Total packets processed: 1131917
Sep 7 12:03:38 snort[1447]: Total packets processed: 1131917
Sep 7 12:03:38 snort[1447]: Gzip Decompressed Data Processed: n/a
Sep 7 12:03:38 snort[1447]: Gzip Decompressed Data Processed: n/a
Sep 7 12:03:38 snort[1447]: Gzip Compressed Data Processed: n/a
Sep 7 12:03:38 snort[1447]: Gzip Compressed Data Processed: n/a
Sep 7 12:03:38 snort[1447]: HTTP Response Gzip packets extracted: 0
Sep 7 12:03:38 snort[1447]: HTTP Response Gzip packets extracted: 0
Sep 7 12:03:38 snort[1447]: Self-referencing paths ("./"): 0
Sep 7 12:03:38 snort[1447]: Self-referencing paths ("./"): 0
Sep 7 12:03:38 snort[1447]: Extra slashes ("//"): 0
Sep 7 12:03:38 snort[1447]: Extra slashes ("//"): 0
Sep 7 12:03:38 snort[1447]: Directory traversals: 0
Sep 7 12:03:38 snort[1447]: Directory traversals: 0
Sep 7 12:03:38 snort[1447]: Base 36: 0
Sep 7 12:03:38 snort[1447]: Base 36: 0
Sep 7 12:03:38 snort[1447]: Non-ASCII representable: 0
Sep 7 12:03:38 snort[1447]: Non-ASCII representable: 0
Sep 7 12:03:38 snort[1447]: Double unicode: 0
Sep 7 12:03:38 snort[1447]: Double unicode: 0
Sep 7 12:03:38 snort[1447]: Unicode: 0
Sep 7 12:03:38 snort[1447]: Unicode: 0
Sep 7 12:03:38 snort[1447]: HTTP Response Cookies extracted: 0
Sep 7 12:03:38 snort[1447]: HTTP Response Cookies extracted: 0
Sep 7 12:03:38 snort[1447]: HTTP response Headers extracted: 0
Sep 7 12:03:38 snort[1447]: HTTP response Headers extracted: 0
Sep 7 12:03:38 snort[1447]: Post parameters extracted: 0
Sep 7 12:03:38 snort[1447]: Post parameters extracted: 0
Sep 7 12:03:38 snort[1447]: HTTP Request Cookies extracted: 0
Sep 7 12:03:38 snort[1447]: HTTP Request Cookies extracted: 0
Sep 7 12:03:38 snort[1447]: HTTP Request Headers extracted: 1
Sep 7 12:03:38 snort[1447]: HTTP Request Headers extracted: 1
Sep 7 12:03:38 snort[1447]: GET methods: 1
Sep 7 12:03:38 snort[1447]: GET methods: 1
Sep 7 12:03:38 snort[1447]: POST methods: 0
Sep 7 12:03:38 snort[1447]: POST methods: 0
Sep 7 12:03:38 snort[1447]: HTTP Inspect - encodings (Note: stream-reassembled packets included):
Sep 7 12:03:38 snort[1447]: HTTP Inspect - encodings (Note: stream-reassembled packets included):
Sep 7 12:03:38 snort[1447]: ===============================================================================
Sep 7 12:03:38 snort[1447]: ===============================================================================
Sep 7 12:03:38 snort[1447]: Tracked: 66427
Sep 7 12:03:38 snort[1447]: Tracked: 66427
Sep 7 12:03:38 snort[1447]: Inspected: 0
Sep 7 12:03:38 snort[1447]: Inspected: 0
Sep 7 12:03:38 snort[1447]: Dropped: 0
Sep 7 12:03:38 snort[1447]: Dropped: 0
Sep 7 12:03:38 snort[1447]: UDP Port Filter
Sep 7 12:03:38 snort[1447]: UDP Port Filter
Sep 7 12:03:38 snort[1447]: Tracked: 1439252
Sep 7 12:03:38 snort[1447]: Tracked: 1439252
Sep 7 12:03:38 snort[1447]: Inspected: 0
Sep 7 12:03:38 snort[1447]: Inspected: 0
Sep 7 12:03:38 snort[1447]: Dropped: 0
Sep 7 12:03:38 snort[1447]: Dropped: 0
Sep 7 12:03:38 snort[1447]: TCP Port Filter
Sep 7 12:03:38 snort[1447]: TCP Port Filter
Sep 7 12:03:38 snort[1447]: Internal Events: 0
Sep 7 12:03:38 snort[1447]: Internal Events: 0
Sep 7 12:03:38 snort[1447]: Events: 0
Sep 7 12:03:38 snort[1447]: Events: 0
Sep 7 12:03:38 snort[1447]: UDP Discards: 0
Sep 7 12:03:38 snort[1447]: UDP Discards: 0
Sep 7 12:03:38 snort[1447]: UDP Timeouts: 11322
Sep 7 12:03:38 snort[1447]: UDP Timeouts: 11322
Sep 7 12:03:38 snort[1447]: UDP Sessions Deleted: 65346
Sep 7 12:03:38 snort[1447]: UDP Sessions Deleted: 65346
Sep 7 12:03:38 snort[1447]: UDP Sessions Created: 65346
Sep 7 12:03:38 snort[1447]: UDP Sessions Created: 65346
Sep 7 12:03:38 snort[1447]: TCP Gaps: 4
Sep 7 12:03:38 snort[1447]: TCP Gaps: 4
Sep 7 12:03:38 snort[1447]: TCP Discards: 1231040
Sep 7 12:03:38 snort[1447]: TCP Discards: 1231040
Sep 7 12:03:38 snort[1447]: TCP Segments Used: 6
Sep 7 12:03:38 snort[1447]: TCP Segments Used: 6
Sep 7 12:03:38 snort[1447]: TCP Rebuilt Packets: 6
Sep 7 12:03:38 snort[1447]: TCP Rebuilt Packets: 6
Sep 7 12:03:38 snort[1447]: TCP Segments Released: 13
Sep 7 12:03:38 snort[1447]: TCP Segments Released: 13
Sep 7 12:03:38 snort[1447]: TCP Segments Queued: 13
Sep 7 12:03:38 snort[1447]: TCP Segments Queued: 13
Sep 7 12:03:38 snort[1447]: TCP Overlaps: 13
Sep 7 12:03:38 snort[1447]: TCP Overlaps: 13
Sep 7 12:03:38 snort[1447]: TCP Timeouts: 16702
Sep 7 12:03:38 snort[1447]: TCP Timeouts: 16702
Sep 7 12:03:38 snort[1447]: TCP StreamTrackers Deleted: 46023
Sep 7 12:03:38 snort[1447]: TCP StreamTrackers Deleted: 46023
Sep 7 12:03:38 snort[1447]: TCP StreamTrackers Created: 46023
Sep 7 12:03:38 snort[1447]: TCP StreamTrackers Created: 46023
Sep 7 12:03:38 snort[1447]: ICMP Prunes: 0
Sep 7 12:03:38 snort[1447]: ICMP Prunes: 0
Sep 7 12:03:38 snort[1447]: UDP Prunes: 0
Sep 7 12:03:38 snort[1447]: UDP Prunes: 0
Sep 7 12:03:38 snort[1447]: TCP Prunes: 0
Sep 7 12:03:38 snort[1447]: TCP Prunes: 0
Sep 7 12:03:38 snort[1447]: ICMP sessions: 0
Sep 7 12:03:38 snort[1447]: ICMP sessions: 0
Sep 7 12:03:38 snort[1447]: UDP sessions: 54024
Sep 7 12:03:38 snort[1447]: UDP sessions: 54024
Sep 7 12:03:38 snort[1447]: TCP sessions: 40315
Sep 7 12:03:38 snort[1447]: TCP sessions: 40315
Sep 7 12:03:38 snort[1447]: Total sessions: 94339
Sep 7 12:03:38 snort[1447]: Total sessions: 94339
Sep 7 12:03:38 snort[1447]: Stream5 statistics:
Sep 7 12:03:38 snort[1447]: Stream5 statistics:
Sep 7 12:03:38 snort[1447]: ===============================================================================
Sep 7 12:03:38 snort[1447]: ===============================================================================
Sep 7 12:03:38 snort[1447]: Frag Nodes Deleted: 146
Sep 7 12:03:38 snort[1447]: Frag Nodes Deleted: 146
Sep 7 12:03:38 snort[1447]: Frag Nodes Inserted: 146
Sep 7 12:03:38 snort[1447]: Frag Nodes Inserted: 146
Sep 7 12:03:38 snort[1447]: FragTrackers Auto Freed: 0
Sep 7 12:03:38 snort[1447]: FragTrackers Auto Freed: 0
Sep 7 12:03:38 snort[1447]: FragTrackers Dumped: 73
Sep 7 12:03:38 snort[1447]: FragTrackers Dumped: 73
Sep 7 12:03:38 snort[1447]: FragTrackers Added: 73
Sep 7 12:03:38 snort[1447]: FragTrackers Added: 73
Sep 7 12:03:38 snort[1447]: Drops: 0
Sep 7 12:03:38 snort[1447]: Drops: 0
Sep 7 12:03:38 snort[1447]: Alerts: 0
Sep 7 12:03:38 snort[1447]: Alerts: 0
Sep 7 12:03:38 snort[1447]: Anomalies: 0
Sep 7 12:03:38 snort[1447]: Anomalies: 0
Sep 7 12:03:38 snort[1447]: Overlaps: 0
Sep 7 12:03:38 snort[1447]: Overlaps: 0
Sep 7 12:03:38 snort[1447]: Timeouts: 0
Sep 7 12:03:38 snort[1447]: Timeouts: 0
Sep 7 12:03:38 snort[1447]: Memory Faults: 0
Sep 7 12:03:38 snort[1447]: Memory Faults: 0
Sep 7 12:03:38 snort[1447]: Discards: 0
Sep 7 12:03:38 snort[1447]: Discards: 0
Sep 7 12:03:38 snort[1447]: Frags Reassembled: 73
Sep 7 12:03:38 snort[1447]: Frags Reassembled: 73
Sep 7 12:03:38 snort[1447]: Total Fragments: 146
Sep 7 12:03:38 snort[1447]: Total Fragments: 146
Sep 7 12:03:38 snort[1447]: Frag3 statistics:
Sep 7 12:03:38 snort[1447]: Frag3 statistics:
Sep 7 12:03:38 snort[1447]: ===============================================================================
Sep 7 12:03:38 snort[1447]: ===============================================================================
Sep 7 12:03:38 snort[1447]: Ignore: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: Ignore: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: Blacklist: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: Blacklist: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: Whitelist: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: Whitelist: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: Replace: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: Replace: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: Block: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: Block: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: Allow: 3361019 ( 99.999%)
Sep 7 12:03:38 snort[1447]: Allow: 3361019 ( 99.999%)
Sep 7 12:03:38 snort[1447]: Verdicts:
Sep 7 12:03:38 snort[1447]: Verdicts:
Sep 7 12:03:38 snort[1447]: Event Limit: 63
Sep 7 12:03:38 snort[1447]: Event Limit: 63
Sep 7 12:03:38 snort[1447]: Log Limit: 0
Sep 7 12:03:38 snort[1447]: Log Limit: 0
Sep 7 12:03:38 snort[1447]: Queue Limit: 0
Sep 7 12:03:38 snort[1447]: Queue Limit: 0
Sep 7 12:03:38 snort[1447]: Match Limit: 0
Sep 7 12:03:38 snort[1447]: Match Limit: 0
Sep 7 12:03:38 snort[1447]: Passed: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: Passed: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: Logged: 211 ( 0.006%)
Sep 7 12:03:38 snort[1447]: Logged: 211 ( 0.006%)
Sep 7 12:03:38 snort[1447]: Alerts: 211 ( 0.006%)
Sep 7 12:03:38 snort[1447]: Alerts: 211 ( 0.006%)
Sep 7 12:03:38 snort[1447]: Action Stats:
Sep 7 12:03:38 snort[1447]: Action Stats:
Sep 7 12:03:38 snort[1447]: ===============================================================================
Sep 7 12:03:38 snort[1447]: ===============================================================================
Sep 7 12:03:38 snort[1447]: Total: 3361101
Sep 7 12:03:38 snort[1447]: Total: 3361101
Sep 7 12:03:38 snort[1447]: S5 G 2: 1 ( 0.000%)
Sep 7 12:03:38 snort[1447]: S5 G 2: 1 ( 0.000%)
Sep 7 12:03:38 snort[1447]: S5 G 1: 8 ( 0.000%)
Sep 7 12:03:38 snort[1447]: S5 G 1: 8 ( 0.000%)
Sep 7 12:03:38 snort[1447]: Bad TTL: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: Bad TTL: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: Bad Chk Sum: 1825099 ( 54.301%)
Sep 7 12:03:38 snort[1447]: Bad Chk Sum: 1825099 ( 54.301%)
Sep 7 12:03:38 snort[1447]: Other: 256544 ( 7.633%)
Sep 7 12:03:38 snort[1447]: Other: 256544 ( 7.633%)
Sep 7 12:03:38 snort[1447]: All Discard: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: All Discard: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: ICMP Disc: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: ICMP Disc: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: UDP Disc: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: UDP Disc: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: TCP Disc: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: TCP Disc: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: IP6 Disc: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: IP6 Disc: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: IP4 Disc: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: IP4 Disc: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: Eth Disc: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: Eth Disc: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: Eth Loop: 2136 ( 0.064%)
Sep 7 12:03:38 snort[1447]: Eth Loop: 2136 ( 0.064%)
Sep 7 12:03:38 snort[1447]: IPX: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: IPX: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: ARP: 80 ( 0.002%)
Sep 7 12:03:38 snort[1447]: ARP: 80 ( 0.002%)
Sep 7 12:03:38 snort[1447]: MPLS: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: MPLS: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: GRE Loop: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: GRE Loop: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: GRE IPX: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: GRE IPX: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: GRE ARP: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: GRE ARP: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: GRE PPTP: 57158 ( 1.701%)
Sep 7 12:03:38 snort[1447]: GRE PPTP: 57158 ( 1.701%)
Sep 7 12:03:38 snort[1447]: GRE IP6 Ext: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: GRE IP6 Ext: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: GRE IP6: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: GRE IP6: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: GRE IP4: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: GRE IP4: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: GRE VLAN: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: GRE VLAN: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: GRE Eth: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: GRE Eth: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: GRE: 57158 ( 1.701%)
Sep 7 12:03:38 snort[1447]: GRE: 57158 ( 1.701%)
Sep 7 12:03:38 snort[1447]: IP6/IP6: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: IP6/IP6: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: IP6/IP4: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: IP6/IP4: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: IP4/IP6: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: IP4/IP6: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: IP4/IP4: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: IP4/IP4: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: EAPOL: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: EAPOL: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: ICMP-IP: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: ICMP-IP: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: Teredo: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: Teredo: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: TCP6: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: TCP6: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: UDP6: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: UDP6: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: ICMP6: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: ICMP6: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: Frag6: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: Frag6: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: IP6 Opts: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: IP6 Opts: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: IP6 Ext: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: IP6 Ext: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: IP6: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: IP6: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: TCP: 2906835 ( 86.485%)
Sep 7 12:03:38 snort[1447]: TCP: 2906835 ( 86.485%)
Sep 7 12:03:38 snort[1447]: UDP: 135830 ( 4.041%)
Sep 7 12:03:38 snort[1447]: UDP: 135830 ( 4.041%)
Sep 7 12:03:38 snort[1447]: ICMP: 2445 ( 0.073%)
Sep 7 12:03:38 snort[1447]: ICMP: 2445 ( 0.073%)
Sep 7 12:03:38 snort[1447]: Frag: 146 ( 0.004%)
Sep 7 12:03:38 snort[1447]: Frag: 146 ( 0.004%)
Sep 7 12:03:38 snort[1447]: IP4: 3358529 ( 99.923%)
Sep 7 12:03:38 snort[1447]: IP4: 3358529 ( 99.923%)
Sep 7 12:03:38 snort[1447]: VLAN: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: VLAN: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: Eth: 3361101 (100.000%)
Sep 7 12:03:38 snort[1447]: Eth: 3361101 (100.000%)
Sep 7 12:03:38 snort[1447]: Breakdown by protocol (includes rebuilt packets):
Sep 7 12:03:38 snort[1447]: Breakdown by protocol (includes rebuilt packets):
Sep 7 12:03:38 snort[1447]: ===============================================================================
Sep 7 12:03:38 snort[1447]: ===============================================================================
Sep 7 12:03:38 snort[1447]: Injected: 0
Sep 7 12:03:38 snort[1447]: Injected: 0
Sep 7 12:03:38 snort[1447]: Outstanding: 38 ( 0.001%)
Sep 7 12:03:38 snort[1447]: Outstanding: 38 ( 0.001%)
Sep 7 12:03:38 snort[1447]: Filtered: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: Filtered: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: Dropped: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: Dropped: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: Analyzed: 3361019 ( 99.999%)
Sep 7 12:03:38 snort[1447]: Analyzed: 3361019 ( 99.999%)
Sep 7 12:03:38 snort[1447]: Received: 3361057
Sep 7 12:03:38 snort[1447]: Received: 3361057
Sep 7 12:03:38 snort[1447]: Packet I/O Totals:
Sep 7 12:03:38 snort[1447]: Packet I/O Totals:
Sep 7 12:03:38 snort[1447]: ===============================================================================
Sep 7 12:03:38 snort[1447]: ===============================================================================
Sep 7 12:03:37 snort[1447]: Pkts/sec: 157
Sep 7 12:03:37 snort[1447]: Pkts/sec: 157
Sep 7 12:03:37 snort[1447]: Pkts/min: 9441
Sep 7 12:03:37 snort[1447]: Pkts/min: 9441
Sep 7 12:03:37 snort[1447]: Pkts/hr: 672203
Sep 7 12:03:37 snort[1447]: Pkts/hr: 672203
Sep 7 12:03:37 snort[1447]: Snort ran for 0 days 5 hours 56 minutes 10 seconds
Sep 7 12:03:37 snort[1447]: Snort ran for 0 days 5 hours 56 minutes 10 seconds
Sep 7 12:03:36 snort[1447]: Snort processed 3361019 packets.
Sep 7 12:03:36 snort[1447]: Snort processed 3361019 packets.
Sep 7 12:03:36 snort[1447]: Run time for packet processing was 21370.563516 seconds
Sep 7 12:03:36 snort[1447]: Run time for packet processing was 21370.563516 seconds
Sep 7 12:03:36 snort[1447]: ===============================================================================
Sep 7 12:03:36 snort[1447]: ===============================================================================
Sep 7 12:03:35 snort[1447]: *** Caught Term-Signal
Sep 7 12:03:35 snort[1447]: *** Caught Term-Signal
Sep 7 12:03:34 SnortStartup[50450]: Snort HARD STOP For 29323_bge1… -
Something in your system is happening.
Try to find out what event is triggering this. -
I guess I could do a clean install and import my config; I'll have to find a good time to do that. In the mean time I guess I'll keep clicking "Start". Thanks Ermal! I kinda wondered if things would come to this; especially since my other system is running fine.
-
You aren't the only one who's seeing this happen. It has happened ever since I upgraded to this newer version. I did a clean install yesterday hoping that would fix it. It stopped last night right after midnight. I'm guessing it was when it updated the rules. I've also seen it stop in the middle of the day (possibly when the gateway goes down since I've had some Internet issues caused by a recent storm). I'll have to review the logs a bit closer to see what else is going on.
Steve
-
I just put a fix in the package that should not stop anymore the package after an update but just tigger a config reload.
Can you please reinstall the package files, not necessary a full re-install, and see if this occurs again?
-
I made some rule changes and entered the default info into HTTP Inspect Settings. I hadn't done that on either system; so far so good… I'll keep an eye on it and as soon as I have things die again I'll do a reinstall. I'm still considering doing a clean install. Thanks for your help Ermal!
-
Just an update - Still no problems with Snort exiting… (knock on wood)... I have all preprocessors running except Port Scan and have no *scan rules enabled; I don't know if that would be part of the problems, so I'm eliminating that.
Update The wood must have been rotten; having to redo system from scratch. Hopefully that will clear up all my problems.
-
I just started to notice this issue and it's already fixed :). @ermal thanks for the quick fix, much appreciated!
-th3r3isnospoon
-
Well mine was going good for a few days after the last update. Then this morning it exited again right after midnight as it did before. I'm heading to work, but can poke around later today.
Sep 11 00:11:45 router SnortStartup[43087]: Snort Startup files Sync... Sep 11 00:11:45 router SnortStartup[44709]: Snort already running, soft restart Sep 11 00:11:45 router SnortStartup[45017]: Snort Soft Reload For 31706_re0... Sep 11 00:11:45 router snort[2268]: Sep 11 00:11:45 router snort[2268]: Sep 11 00:11:45 router snort[2268]: --== Reloading Snort ==-- Sep 11 00:11:45 router snort[2268]: --== Reloading Snort ==-- Sep 11 00:11:45 router snort[2268]: Sep 11 00:11:45 router snort[2268]: Sep 11 00:11:58 router snort[2268]: PortVar 'HTTP_PORTS' defined : Sep 11 00:11:58 router snort[2268]: PortVar 'HTTP_PORTS' defined : Sep 11 00:11:58 router snort[2268]: [ 80 ] Sep 11 00:11:58 router snort[2268]: [ 80 ] Sep 11 00:11:58 router snort[2268]: Sep 11 00:11:58 router snort[2268]: Sep 11 00:11:58 router snort[2268]: PortVar 'SHELLCODE_PORTS' defined : Sep 11 00:11:58 router snort[2268]: PortVar 'SHELLCODE_PORTS' defined : Sep 11 00:11:58 router snort[2268]: [ 0:79 81:65535 ] Sep 11 00:11:58 router snort[2268]: [ 0:79 81:65535 ] Sep 11 00:11:58 router snort[2268]: Sep 11 00:11:58 router snort[2268]: Sep 11 00:11:58 router snort[2268]: PortVar 'ORACLE_PORTS' defined : Sep 11 00:11:58 router snort[2268]: PortVar 'ORACLE_PORTS' defined : Sep 11 00:11:58 router snort[2268]: [ 1521 ] Sep 11 00:11:58 router snort[2268]: [ 1521 ] Sep 11 00:11:58 router snort[2268]: Sep 11 00:11:58 router snort[2268]: Sep 11 00:11:58 router snort[2268]: PortVar 'AUTH_PORTS' defined : Sep 11 00:11:58 router snort[2268]: PortVar 'AUTH_PORTS' defined : Sep 11 00:11:58 router snort[2268]: [ 113 ] Sep 11 00:11:58 router snort[2268]: [ 113 ] Sep 11 00:11:58 router snort[2268]: Sep 11 00:11:58 router snort[2268]: Sep 11 00:11:58 router snort[2268]: PortVar 'DNS_PORTS' defined : Sep 11 00:11:58 router snort[2268]: PortVar 'DNS_PORTS' defined : Sep 11 00:11:58 router snort[2268]: [ 53 ] Sep 11 00:11:58 router snort[2268]: [ 53 ] Sep 11 00:11:58 router snort[2268]: Sep 11 00:11:58 router snort[2268]: Sep 11 00:11:58 router snort[2268]: PortVar 'FINGER_PORTS' defined : Sep 11 00:11:58 router snort[2268]: PortVar 'FINGER_PORTS' defined : Sep 11 00:11:58 router snort[2268]: [ 79 ] Sep 11 00:11:58 router snort[2268]: [ 79 ] Sep 11 00:11:58 router snort[2268]: Sep 11 00:11:58 router snort[2268]: Sep 11 00:11:58 router snort[2268]: PortVar 'FTP_PORTS' defined : Sep 11 00:11:58 router snort[2268]: PortVar 'FTP_PORTS' defined : Sep 11 00:11:58 router snort[2268]: [ 21 ] Sep 11 00:11:58 router snort[2268]: [ 21 ] Sep 11 00:11:58 router snort[2268]: Sep 11 00:11:58 router snort[2268]: Sep 11 00:11:58 router snort[2268]: PortVar 'IMAP_PORTS' defined : Sep 11 00:11:58 router snort[2268]: PortVar 'IMAP_PORTS' defined : Sep 11 00:11:58 router snort[2268]: [ 143 ] Sep 11 00:11:58 router snort[2268]: [ 143 ] Sep 11 00:11:58 router snort[2268]: Sep 11 00:11:58 router snort[2268]: Sep 11 00:11:58 router snort[2268]: PortVar 'IRC_PORTS' defined : Sep 11 00:11:58 router snort[2268]: PortVar 'IRC_PORTS' defined : Sep 11 00:11:58 router snort[2268]: [ 6665:6669 7000 ] Sep 11 00:11:58 router snort[2268]: [ 6665:6669 7000 ] Sep 11 00:11:58 router snort[2268]: Sep 11 00:11:58 router snort[2268]: Sep 11 00:11:58 router snort[2268]: PortVar 'MSSQL_PORTS' defined : Sep 11 00:11:58 router snort[2268]: PortVar 'MSSQL_PORTS' defined : Sep 11 00:11:58 router snort[2268]: [ 1433 ] Sep 11 00:11:58 router snort[2268]: [ 1433 ] Sep 11 00:11:58 router snort[2268]: Sep 11 00:11:58 router snort[2268]: Sep 11 00:11:58 router snort[2268]: PortVar 'NNTP_PORTS' defined : Sep 11 00:11:58 router snort[2268]: PortVar 'NNTP_PORTS' defined : Sep 11 00:11:58 router snort[2268]: [ 119 ] Sep 11 00:11:58 router snort[2268]: [ 119 ] Sep 11 00:11:58 router snort[2268]: Sep 11 00:11:58 router snort[2268]: Sep 11 00:11:58 router snort[2268]: PortVar 'POP2_PORTS' defined : Sep 11 00:11:58 router snort[2268]: PortVar 'POP2_PORTS' defined : Sep 11 00:11:58 router snort[2268]: [ 109 ] Sep 11 00:11:58 router snort[2268]: [ 109 ] Sep 11 00:11:58 router snort[2268]: Sep 11 00:11:58 router snort[2268]: Sep 11 00:11:58 router snort[2268]: PortVar 'POP3_PORTS' defined : Sep 11 00:11:58 router snort[2268]: PortVar 'POP3_PORTS' defined : Sep 11 00:11:58 router snort[2268]: [ 110 ] Sep 11 00:11:58 router snort[2268]: [ 110 ] Sep 11 00:11:58 router snort[2268]: Sep 11 00:11:58 router snort[2268]: Sep 11 00:11:58 router snort[2268]: PortVar 'SUNRPC_PORTS' defined : Sep 11 00:11:58 router snort[2268]: PortVar 'SUNRPC_PORTS' defined : Sep 11 00:11:58 router snort[2268]: [ 111 32770:32779 ] Sep 11 00:11:58 router snort[2268]: [ 111 32770:32779 ] Sep 11 00:11:58 router snort[2268]: Sep 11 00:11:58 router snort[2268]: Sep 11 00:11:58 router snort[2268]: PortVar 'RLOGIN_PORTS' defined : Sep 11 00:11:58 router snort[2268]: PortVar 'RLOGIN_PORTS' defined : Sep 11 00:11:58 router snort[2268]: [ 513 ] Sep 11 00:11:58 router snort[2268]: [ 513 ] Sep 11 00:11:58 router snort[2268]: Sep 11 00:11:58 router snort[2268]: Sep 11 00:11:58 router snort[2268]: PortVar 'RSH_PORTS' defined : Sep 11 00:11:58 router snort[2268]: PortVar 'RSH_PORTS' defined : Sep 11 00:11:58 router snort[2268]: [ 514 ] Sep 11 00:11:58 router snort[2268]: [ 514 ] Sep 11 00:11:58 router snort[2268]: Sep 11 00:11:58 router snort[2268]: Sep 11 00:11:58 router snort[2268]: PortVar 'SMB_PORTS' defined : Sep 11 00:11:58 router snort[2268]: PortVar 'SMB_PORTS' defined : Sep 11 00:11:58 router snort[2268]: [ 139 445 ] Sep 11 00:11:58 router snort[2268]: [ 139 445 ] Sep 11 00:11:58 router snort[2268]: Sep 11 00:11:58 router snort[2268]: Sep 11 00:11:58 router snort[2268]: PortVar 'SMTP_PORTS' defined : Sep 11 00:11:58 router snort[2268]: PortVar 'SMTP_PORTS' defined : Sep 11 00:11:58 router snort[2268]: [ 25 ] Sep 11 00:11:58 router snort[2268]: [ 25 ] Sep 11 00:11:58 router snort[2268]: Sep 11 00:11:58 router snort[2268]: Sep 11 00:11:58 router snort[2268]: PortVar 'SNMP_PORTS' defined : Sep 11 00:11:58 router snort[2268]: PortVar 'SNMP_PORTS' defined : Sep 11 00:11:58 router snort[2268]: [ 161 ] Sep 11 00:11:58 router snort[2268]: [ 161 ] Sep 11 00:11:58 router snort[2268]: Sep 11 00:11:58 router snort[2268]: Sep 11 00:11:58 router snort[2268]: PortVar 'SSH_PORTS' defined : Sep 11 00:11:58 router snort[2268]: PortVar 'SSH_PORTS' defined : Sep 11 00:11:58 router snort[2268]: [ 22 ] Sep 11 00:11:58 router snort[2268]: [ 22 ] Sep 11 00:11:58 router snort[2268]: Sep 11 00:11:58 router snort[2268]: Sep 11 00:11:58 router snort[2268]: PortVar 'TELNET_PORTS' defined : Sep 11 00:11:58 router snort[2268]: PortVar 'TELNET_PORTS' defined : Sep 11 00:11:58 router snort[2268]: [ 23 ] Sep 11 00:11:58 router snort[2268]: [ 23 ] Sep 11 00:11:58 router snort[2268]: Sep 11 00:11:58 router snort[2268]: Sep 11 00:11:58 router snort[2268]: PortVar 'MAIL_PORTS' defined : Sep 11 00:11:58 router snort[2268]: PortVar 'MAIL_PORTS' defined : Sep 11 00:11:58 router snort[2268]: [ 25 143 465 691 ] Sep 11 00:11:58 router snort[2268]: [ 25 143 465 691 ] Sep 11 00:11:58 router snort[2268]: Sep 11 00:11:58 router snort[2268]: Sep 11 00:11:58 router snort[2268]: PortVar 'SSL_PORTS' defined : Sep 11 00:11:58 router snort[2268]: PortVar 'SSL_PORTS' defined : Sep 11 00:11:58 router snort[2268]: [ 443 465 563 636 989:990 992:995 ] Sep 11 00:11:58 router snort[2268]: [ 443 465 563 636 989:990 992:995 ] Sep 11 00:11:58 router snort[2268]: Sep 11 00:11:58 router snort[2268]: Sep 11 00:11:58 router snort[2268]: PortVar 'SIP_PROXY_PORTS' defined : Sep 11 00:11:58 router snort[2268]: PortVar 'SIP_PROXY_PORTS' defined : Sep 11 00:11:58 router snort[2268]: [ 5060:5090 16384:32768 ] Sep 11 00:11:58 router snort[2268]: [ 5060:5090 16384:32768 ] Sep 11 00:11:58 router snort[2268]: Sep 11 00:11:58 router snort[2268]: Sep 11 00:11:58 router snort[2268]: PortVar 'DCERPC_NCACN_IP_TCP' defined : Sep 11 00:11:58 router snort[2268]: PortVar 'DCERPC_NCACN_IP_TCP' defined : Sep 11 00:11:58 router snort[2268]: [ 139 445 ] Sep 11 00:11:58 router snort[2268]: [ 139 445 ] Sep 11 00:11:58 router snort[2268]: Sep 11 00:11:58 router snort[2268]: Sep 11 00:11:58 router snort[2268]: PortVar 'DCERPC_NCADG_IP_UDP' defined : Sep 11 00:11:58 router snort[2268]: PortVar 'DCERPC_NCADG_IP_UDP' defined : Sep 11 00:11:58 router snort[2268]: [ 138 1024:65535 ] Sep 11 00:11:58 router snort[2268]: [ 138 1024:65535 ] Sep 11 00:11:58 router snort[2268]: Sep 11 00:11:58 router snort[2268]: Sep 11 00:11:58 router snort[2268]: PortVar 'DCERPC_NCACN_IP_LONG' defined : Sep 11 00:11:58 router snort[2268]: PortVar 'DCERPC_NCACN_IP_LONG' defined : Sep 11 00:11:58 router snort[2268]: [ 135 139 445 593 1024:65535 ] Sep 11 00:11:58 router snort[2268]: [ 135 139 445 593 1024:65535 ] Sep 11 00:11:58 router snort[2268]: Sep 11 00:11:58 router snort[2268]: Sep 11 00:11:58 router snort[2268]: PortVar 'DCERPC_NCACN_UDP_LONG' defined : Sep 11 00:11:58 router snort[2268]: PortVar 'DCERPC_NCACN_UDP_LONG' defined : Sep 11 00:11:58 router snort[2268]: [ 135 1024:65535 ] Sep 11 00:11:58 router snort[2268]: [ 135 1024:65535 ] Sep 11 00:11:58 router snort[2268]: Sep 11 00:11:58 router snort[2268]: Sep 11 00:11:58 router snort[2268]: PortVar 'DCERPC_NCACN_UDP_SHORT' defined : Sep 11 00:11:58 router snort[2268]: PortVar 'DCERPC_NCACN_UDP_SHORT' defined : Sep 11 00:11:58 router snort[2268]: [ 135 593 1024:65535 ] Sep 11 00:11:58 router snort[2268]: [ 135 593 1024:65535 ] Sep 11 00:11:58 router snort[2268]: Sep 11 00:11:58 router snort[2268]: Sep 11 00:11:58 router snort[2268]: PortVar 'DCERPC_NCACN_TCP' defined : Sep 11 00:11:58 router snort[2268]: PortVar 'DCERPC_NCACN_TCP' defined : Sep 11 00:11:58 router snort[2268]: [ 2103 2105 2107 ] Sep 11 00:11:58 router snort[2268]: [ 2103 2105 2107 ] Sep 11 00:11:58 router snort[2268]: Sep 11 00:11:58 router snort[2268]: Sep 11 00:11:58 router snort[2268]: PortVar 'DCERPC_BRIGHTSTORE' defined : Sep 11 00:11:58 router snort[2268]: PortVar 'DCERPC_BRIGHTSTORE' defined : Sep 11 00:11:58 router snort[2268]: [ 6503:6504 ] Sep 11 00:11:58 router snort[2268]: [ 6503:6504 ] Sep 11 00:11:58 router snort[2268]: Sep 11 00:11:58 router snort[2268]: Sep 11 00:11:58 router snort[2268]: Detection: Sep 11 00:11:58 router snort[2268]: Detection: Sep 11 00:11:58 router snort[2268]: Search-Method = AC-BNFA-Q Sep 11 00:11:58 router snort[2268]: Search-Method = AC-BNFA-Q Sep 11 00:12:00 router snort[2268]: Found pid path directive (/var/log/snort/run) Sep 11 00:12:00 router snort[2268]: Found pid path directive (/var/log/snort/run) Sep 11 00:12:00 router snort[2268]: Snort Reload: Any change to the dynamic detection configuration requires a restart. Sep 11 00:12:00 router snort[2268]: Snort Reload: Any change to the dynamic detection configuration requires a restart. Sep 11 00:12:00 router snort[2268]: Reload via Signal HUP does not work if you aren't root or are chroot'ed. Sep 11 00:12:00 router snort[2268]: Reload via Signal HUP does not work if you aren't root or are chroot'ed. Sep 11 00:12:00 router kernel: re0: promiscuous mode disabled Sep 11 00:12:15 router snort[2268]: S5: Pruned session from cache that was using 1100271 bytes (purge whole cache). 68.114.132.47 18699 --> 72.21.81.132 80 : LWstate 0xe LWFlags 0x226007 Sep 11 00:12:15 router snort[2268]: S5: Pruned session from cache that was using 1100271 bytes (purge whole cache). 68.114.132.47 18699 --> 72.21.81.132 80 : LWstate 0xe LWFlags 0x226007 Sep 11 00:12:24 router snort[2268]: =============================================================================== Sep 11 00:12:24 router snort[2268]: =============================================================================== Sep 11 00:12:24 router snort[2268]: Packet I/O Totals: Sep 11 00:12:24 router snort[2268]: Packet I/O Totals: Sep 11 00:12:24 router snort[2268]: Received: 6620311 Sep 11 00:12:24 router snort[2268]: Received: 6620311 Sep 11 00:12:24 router snort[2268]: Analyzed: 6493083 ( 98.078%) Sep 11 00:12:24 router snort[2268]: Analyzed: 6493083 ( 98.078%) Sep 11 00:12:24 router snort[2268]: Dropped: 127217 ( 1.922%) Sep 11 00:12:24 router snort[2268]: Dropped: 127217 ( 1.922%) Sep 11 00:12:24 router snort[2268]: Filtered: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: Filtered: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: Outstanding: 127228 ( 1.922%) Sep 11 00:12:24 router snort[2268]: Outstanding: 127228 ( 1.922%) Sep 11 00:12:24 router snort[2268]: Injected: 0 Sep 11 00:12:24 router snort[2268]: Injected: 0 Sep 11 00:12:24 router snort[2268]: =============================================================================== Sep 11 00:12:24 router snort[2268]: =============================================================================== Sep 11 00:12:24 router snort[2268]: Breakdown by protocol (includes rebuilt packets): Sep 11 00:12:24 router snort[2268]: Breakdown by protocol (includes rebuilt packets): Sep 11 00:12:24 router snort[2268]: Eth: 6493093 (100.000%) Sep 11 00:12:24 router snort[2268]: Eth: 6493093 (100.000%) Sep 11 00:12:24 router snort[2268]: VLAN: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: VLAN: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: IP4: 5077672 ( 78.201%) Sep 11 00:12:24 router snort[2268]: IP4: 5077672 ( 78.201%) Sep 11 00:12:24 router snort[2268]: Frag: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: Frag: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: ICMP: 363464 ( 5.598%) Sep 11 00:12:24 router snort[2268]: ICMP: 363464 ( 5.598%) Sep 11 00:12:24 router snort[2268]: UDP: 357544 ( 5.507%) Sep 11 00:12:24 router snort[2268]: UDP: 357544 ( 5.507%) Sep 11 00:12:24 router snort[2268]: TCP: 4354220 ( 67.059%) Sep 11 00:12:24 router snort[2268]: TCP: 4354220 ( 67.059%) Sep 11 00:12:24 router snort[2268]: IP6: 2372 ( 0.037%) Sep 11 00:12:24 router snort[2268]: IP6: 2372 ( 0.037%) Sep 11 00:12:24 router snort[2268]: IP6 Ext: 2372 ( 0.037%) Sep 11 00:12:24 router snort[2268]: IP6 Ext: 2372 ( 0.037%) Sep 11 00:12:24 router snort[2268]: IP6 Opts: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: IP6 Opts: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: Frag6: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: Frag6: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: ICMP6: 2035 ( 0.031%) Sep 11 00:12:24 router snort[2268]: ICMP6: 2035 ( 0.031%) Sep 11 00:12:24 router snort[2268]: UDP6: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: UDP6: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: TCP6: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: TCP6: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: Teredo: 2372 ( 0.037%) Sep 11 00:12:24 router snort[2268]: Teredo: 2372 ( 0.037%) Sep 11 00:12:24 router snort[2268]: ICMP-IP: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: ICMP-IP: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: EAPOL: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: EAPOL: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: IP4/IP4: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: IP4/IP4: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: IP4/IP6: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: IP4/IP6: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: IP6/IP4: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: IP6/IP4: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: IP6/IP6: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: IP6/IP6: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: GRE: 2444 ( 0.038%) Sep 11 00:12:24 router snort[2268]: GRE: 2444 ( 0.038%) Sep 11 00:12:24 router snort[2268]: GRE Eth: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: GRE Eth: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: GRE VLAN: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: GRE VLAN: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: GRE IP4: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: GRE IP4: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: GRE IP6: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: GRE IP6: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: GRE IP6 Ext: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: GRE IP6 Ext: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: GRE PPTP: 2444 ( 0.038%) Sep 11 00:12:24 router snort[2268]: GRE PPTP: 2444 ( 0.038%) Sep 11 00:12:24 router snort[2268]: GRE ARP: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: GRE ARP: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: GRE IPX: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: GRE IPX: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: GRE Loop: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: GRE Loop: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: MPLS: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: MPLS: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: ARP: 1415421 ( 21.799%) Sep 11 00:12:24 router snort[2268]: ARP: 1415421 ( 21.799%) Sep 11 00:12:24 router snort[2268]: IPX: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: IPX: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: Eth Loop: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: Eth Loop: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: Eth Disc: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: Eth Disc: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: IP4 Disc: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: IP4 Disc: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: IP6 Disc: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: IP6 Disc: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: TCP Disc: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: TCP Disc: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: UDP Disc: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: UDP Disc: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: ICMP Disc: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: ICMP Disc: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: All Discard: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: All Discard: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: Other: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: Other: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: Bad Chk Sum: 2626993 ( 40.458%) Sep 11 00:12:24 router snort[2268]: Bad Chk Sum: 2626993 ( 40.458%) Sep 11 00:12:24 router snort[2268]: Bad TTL: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: Bad TTL: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: S5 G 1: 10 ( 0.000%) Sep 11 00:12:24 router snort[2268]: S5 G 1: 10 ( 0.000%) Sep 11 00:12:24 router snort[2268]: S5 G 2: 1 ( 0.000%) Sep 11 00:12:24 router snort[2268]: S5 G 2: 1 ( 0.000%) Sep 11 00:12:24 router snort[2268]: Total: 6493093 Sep 11 00:12:24 router snort[2268]: Total: 6493093 Sep 11 00:12:24 router snort[2268]: =============================================================================== Sep 11 00:12:24 router snort[2268]: =============================================================================== Sep 11 00:12:24 router snort[2268]: Action Stats: Sep 11 00:12:24 router snort[2268]: Action Stats: Sep 11 00:12:24 router snort[2268]: Alerts: 23 ( 0.000%) Sep 11 00:12:24 router snort[2268]: Alerts: 23 ( 0.000%) Sep 11 00:12:24 router snort[2268]: Logged: 23 ( 0.000%) Sep 11 00:12:24 router snort[2268]: Logged: 23 ( 0.000%) Sep 11 00:12:24 router snort[2268]: Passed: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: Passed: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: Match Limit: 0 Sep 11 00:12:24 router snort[2268]: Match Limit: 0 Sep 11 00:12:24 router snort[2268]: Queue Limit: 0 Sep 11 00:12:24 router snort[2268]: Queue Limit: 0 Sep 11 00:12:24 router snort[2268]: Log Limit: 0 Sep 11 00:12:24 router snort[2268]: Log Limit: 0 Sep 11 00:12:24 router snort[2268]: Event Limit: 446 Sep 11 00:12:24 router snort[2268]: Event Limit: 446 Sep 11 00:12:24 router snort[2268]: Verdicts: Sep 11 00:12:24 router snort[2268]: Verdicts: Sep 11 00:12:24 router snort[2268]: Allow: 6493082 ( 98.078%) Sep 11 00:12:24 router snort[2268]: Allow: 6493082 ( 98.078%) Sep 11 00:12:24 router snort[2268]: Block: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: Block: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: Replace: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: Replace: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: Whitelist: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: Whitelist: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: Blacklist: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: Blacklist: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: Ignore: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: Ignore: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: =============================================================================== Sep 11 00:12:24 router snort[2268]: =============================================================================== Sep 11 00:12:24 router snort[2268]: Frag3 statistics: Sep 11 00:12:24 router snort[2268]: Frag3 statistics: Sep 11 00:12:24 router snort[2268]: Total Fragments: 0 Sep 11 00:12:24 router snort[2268]: Total Fragments: 0 Sep 11 00:12:24 router snort[2268]: Frags Reassembled: 0 Sep 11 00:12:24 router snort[2268]: Frags Reassembled: 0 Sep 11 00:12:24 router snort[2268]: Discards: 0 Sep 11 00:12:24 router snort[2268]: Discards: 0 Sep 11 00:12:24 router snort[2268]: Memory Faults: 0 Sep 11 00:12:24 router snort[2268]: Memory Faults: 0 Sep 11 00:12:24 router snort[2268]: Timeouts: 0 Sep 11 00:12:24 router snort[2268]: Timeouts: 0 Sep 11 00:12:24 router snort[2268]: Overlaps: 0 Sep 11 00:12:24 router snort[2268]: Overlaps: 0 Sep 11 00:12:24 router snort[2268]: Anomalies: 0 Sep 11 00:12:24 router snort[2268]: Anomalies: 0 Sep 11 00:12:24 router snort[2268]: Alerts: 0 Sep 11 00:12:24 router snort[2268]: Alerts: 0 Sep 11 00:12:24 router snort[2268]: Drops: 0 Sep 11 00:12:24 router snort[2268]: Drops: 0 Sep 11 00:12:24 router snort[2268]: FragTrackers Added: 0 Sep 11 00:12:24 router snort[2268]: FragTrackers Added: 0 Sep 11 00:12:24 router snort[2268]: FragTrackers Dumped: 0 Sep 11 00:12:24 router snort[2268]: FragTrackers Dumped: 0 Sep 11 00:12:24 router snort[2268]: FragTrackers Auto Freed: 0 Sep 11 00:12:24 router snort[2268]: FragTrackers Auto Freed: 0 Sep 11 00:12:24 router snort[2268]: Frag Nodes Inserted: 0 Sep 11 00:12:24 router snort[2268]: Frag Nodes Inserted: 0 Sep 11 00:12:24 router snort[2268]: Frag Nodes Deleted: 0 Sep 11 00:12:24 router snort[2268]: Frag Nodes Deleted: 0 Sep 11 00:12:24 router snort[2268]: =============================================================================== Sep 11 00:12:24 router snort[2268]: =============================================================================== Sep 11 00:12:24 router snort[2268]: Stream5 statistics: Sep 11 00:12:24 router snort[2268]: Stream5 statistics: Sep 11 00:12:24 router snort[2268]: Total sessions: 82695 Sep 11 00:12:24 router snort[2268]: Total sessions: 82695 Sep 11 00:12:24 router snort[2268]: TCP sessions: 52142 Sep 11 00:12:24 router snort[2268]: TCP sessions: 52142 Sep 11 00:12:24 router snort[2268]: UDP sessions: 30553 Sep 11 00:12:24 router snort[2268]: UDP sessions: 30553 Sep 11 00:12:24 router snort[2268]: ICMP sessions: 0 Sep 11 00:12:24 router snort[2268]: ICMP sessions: 0 Sep 11 00:12:24 router snort[2268]: TCP Prunes: 0 Sep 11 00:12:24 router snort[2268]: TCP Prunes: 0 Sep 11 00:12:24 router snort[2268]: UDP Prunes: 0 Sep 11 00:12:24 router snort[2268]: UDP Prunes: 0 Sep 11 00:12:24 router snort[2268]: ICMP Prunes: 0 Sep 11 00:12:24 router snort[2268]: ICMP Prunes: 0 Sep 11 00:12:24 router snort[2268]: TCP StreamTrackers Created: 67492 Sep 11 00:12:24 router snort[2268]: TCP StreamTrackers Created: 67492 Sep 11 00:12:24 router snort[2268]: TCP StreamTrackers Deleted: 67492 Sep 11 00:12:24 router snort[2268]: TCP StreamTrackers Deleted: 67492 Sep 11 00:12:24 router snort[2268]: TCP Timeouts: 19964 Sep 11 00:12:24 router snort[2268]: TCP Timeouts: 19964 Sep 11 00:12:24 router snort[2268]: TCP Overlaps: 26 Sep 11 00:12:24 router snort[2268]: TCP Overlaps: 26 Sep 11 00:12:24 router snort[2268]: TCP Segments Queued: 707 Sep 11 00:12:24 router snort[2268]: TCP Segments Queued: 707 Sep 11 00:12:24 router snort[2268]: TCP Segments Released: 707 Sep 11 00:12:24 router snort[2268]: TCP Segments Released: 707 Sep 11 00:12:24 router snort[2268]: TCP Rebuilt Packets: 11 Sep 11 00:12:24 router snort[2268]: TCP Rebuilt Packets: 11 Sep 11 00:12:24 router snort[2268]: TCP Segments Used: 11 Sep 11 00:12:24 router snort[2268]: TCP Segments Used: 11 Sep 11 00:12:24 router snort[2268]: TCP Discards: 1868984 Sep 11 00:12:24 router snort[2268]: TCP Discards: 1868984 Sep 11 00:12:24 router snort[2268]: TCP Gaps: 0 Sep 11 00:12:24 router snort[2268]: TCP Gaps: 0 Sep 11 00:12:24 router snort[2268]: UDP Sessions Created: 40057 Sep 11 00:12:24 router snort[2268]: UDP Sessions Created: 40057 Sep 11 00:12:24 router snort[2268]: UDP Sessions Deleted: 40057 Sep 11 00:12:24 router snort[2268]: UDP Sessions Deleted: 40057 Sep 11 00:12:24 router snort[2268]: UDP Timeouts: 9504 Sep 11 00:12:24 router snort[2268]: UDP Timeouts: 9504 Sep 11 00:12:24 router snort[2268]: UDP Discards: 0 Sep 11 00:12:24 router snort[2268]: UDP Discards: 0 Sep 11 00:12:24 router snort[2268]: Events: 0 Sep 11 00:12:24 router snort[2268]: Events: 0 Sep 11 00:12:24 router snort[2268]: Internal Events: 0 Sep 11 00:12:24 router snort[2268]: Internal Events: 0 Sep 11 00:12:24 router snort[2268]: TCP Port Filter Sep 11 00:12:24 router snort[2268]: TCP Port Filter Sep 11 00:12:24 router snort[2268]: Dropped: 0 Sep 11 00:12:24 router snort[2268]: Dropped: 0 Sep 11 00:12:24 router snort[2268]: Inspected: 0 Sep 11 00:12:24 router snort[2268]: Inspected: 0 Sep 11 00:12:24 router snort[2268]: Tracked: 2072467 Sep 11 00:12:24 router snort[2268]: Tracked: 2072467 Sep 11 00:12:24 router snort[2268]: UDP Port Filter Sep 11 00:12:24 router snort[2268]: UDP Port Filter Sep 11 00:12:24 router snort[2268]: Dropped: 0 Sep 11 00:12:24 router snort[2268]: Dropped: 0 Sep 11 00:12:24 router snort[2268]: Inspected: 0 Sep 11 00:12:24 router snort[2268]: Inspected: 0 Sep 11 00:12:24 router snort[2268]: Tracked: 193967 Sep 11 00:12:24 router snort[2268]: Tracked: 193967 Sep 11 00:12:24 router snort[2268]: =============================================================================== Sep 11 00:12:24 router snort[2268]: =============================================================================== Sep 11 00:12:24 router snort[2268]: HTTP Inspect - encodings (Note: stream-reassembled packets included): Sep 11 00:12:24 router snort[2268]: HTTP Inspect - encodings (Note: stream-reassembled packets included): Sep 11 00:12:24 router snort[2268]: POST methods: 59 Sep 11 00:12:24 router snort[2268]: POST methods: 59 Sep 11 00:12:24 router snort[2268]: GET methods: 33173 Sep 11 00:12:24 router snort[2268]: GET methods: 33173 Sep 11 00:12:24 router snort[2268]: HTTP Request Headers extracted: 33232 Sep 11 00:12:24 router snort[2268]: HTTP Request Headers extracted: 33232 Sep 11 00:12:24 router snort[2268]: HTTP Request Cookies extracted: 0 Sep 11 00:12:24 router snort[2268]: HTTP Request Cookies extracted: 0 Sep 11 00:12:24 router snort[2268]: Post parameters extracted: 47 Sep 11 00:12:24 router snort[2268]: Post parameters extracted: 47 Sep 11 00:12:24 router snort[2268]: HTTP response Headers extracted: 0 Sep 11 00:12:24 router snort[2268]: HTTP response Headers extracted: 0 Sep 11 00:12:24 router snort[2268]: HTTP Response Cookies extracted: 0 Sep 11 00:12:24 router snort[2268]: HTTP Response Cookies extracted: 0 Sep 11 00:12:24 router snort[2268]: Unicode: 2 Sep 11 00:12:24 router snort[2268]: Unicode: 2 Sep 11 00:12:24 router snort[2268]: Double unicode: 0 Sep 11 00:12:24 router snort[2268]: Double unicode: 0 Sep 11 00:12:24 router snort[2268]: Non-ASCII representable: 0 Sep 11 00:12:24 router snort[2268]: Non-ASCII representable: 0 Sep 11 00:12:24 router snort[2268]: Base 36: 0 Sep 11 00:12:24 router snort[2268]: Base 36: 0 Sep 11 00:12:24 router snort[2268]: Directory traversals: 0 Sep 11 00:12:24 router snort[2268]: Directory traversals: 0 Sep 11 00:12:24 router snort[2268]: Extra slashes ("//"): 1188 Sep 11 00:12:24 router snort[2268]: Extra slashes ("//"): 1188 Sep 11 00:12:24 router snort[2268]: Self-referencing paths ("./"): 0 Sep 11 00:12:24 router snort[2268]: Self-referencing paths ("./"): 0 Sep 11 00:12:24 router snort[2268]: HTTP Response Gzip packets extracted: 0 Sep 11 00:12:24 router snort[2268]: HTTP Response Gzip packets extracted: 0 Sep 11 00:12:24 router snort[2268]: Gzip Compressed Data Processed: n/a Sep 11 00:12:24 router snort[2268]: Gzip Compressed Data Processed: n/a Sep 11 00:12:24 router snort[2268]: Gzip Decompressed Data Processed: n/a Sep 11 00:12:24 router snort[2268]: Gzip Decompressed Data Processed: n/a Sep 11 00:12:24 router snort[2268]: Total packets processed: 1574820 Sep 11 00:12:24 router snort[2268]: Total packets processed: 1574820 Sep 11 00:12:24 router snort[2268]: =============================================================================== Sep 11 00:12:24 router snort[2268]: =============================================================================== Sep 11 00:12:24 router snort[2268]: dcerpc2 Preprocessor Statistics Sep 11 00:12:24 router snort[2268]: dcerpc2 Preprocessor Statistics Sep 11 00:12:24 router snort[2268]: Total sessions: 0 Sep 11 00:12:24 router snort[2268]: Total sessions: 0 Sep 11 00:12:24 router snort[2268]: =============================================================================== Sep 11 00:12:24 router snort[2268]: =============================================================================== Sep 11 00:12:24 router snort[2268]: SSL Preprocessor: Sep 11 00:12:24 router snort[2268]: SSL Preprocessor: Sep 11 00:12:24 router snort[2268]: SSL packets decoded: 42423 Sep 11 00:12:24 router snort[2268]: SSL packets decoded: 42423 Sep 11 00:12:24 router snort[2268]: Client Hello: 530 Sep 11 00:12:24 router snort[2268]: Client Hello: 530 Sep 11 00:12:24 router snort[2268]: Server Hello: 7729 Sep 11 00:12:24 router snort[2268]: Server Hello: 7729 Sep 11 00:12:24 router snort[2268]: Certificate: 5883 Sep 11 00:12:24 router snort[2268]: Certificate: 5883 Sep 11 00:12:24 router snort[2268]: Server Done: 9344 Sep 11 00:12:24 router snort[2268]: Server Done: 9344 Sep 11 00:12:24 router snort[2268]: Client Key Exchange: 499 Sep 11 00:12:24 router snort[2268]: Client Key Exchange: 499 Sep 11 00:12:24 router snort[2268]: Server Key Exchange: 137 Sep 11 00:12:24 router snort[2268]: Server Key Exchange: 137 Sep 11 00:12:24 router snort[2268]: Change Cipher: 8507 Sep 11 00:12:24 router snort[2268]: Change Cipher: 8507 Sep 11 00:12:24 router snort[2268]: Finished: 0 Sep 11 00:12:24 router snort[2268]: Finished: 0 Sep 11 00:12:24 router snort[2268]: Client Application: 6009 Sep 11 00:12:24 router snort[2268]: Client Application: 6009 Sep 11 00:12:24 router snort[2268]: Server Application: 8877 Sep 11 00:12:24 router snort[2268]: Server Application: 8877 Sep 11 00:12:24 router snort[2268]: Alert: 366 Sep 11 00:12:24 router snort[2268]: Alert: 366 Sep 11 00:12:24 router snort[2268]: Unrecognized records: 18409 Sep 11 00:12:24 router snort[2268]: Unrecognized records: 18409 Sep 11 00:12:24 router snort[2268]: Completed handshakes: 0 Sep 11 00:12:24 router snort[2268]: Completed handshakes: 0 Sep 11 00:12:24 router snort[2268]: Bad handshakes: 0 Sep 11 00:12:24 router snort[2268]: Bad handshakes: 0 Sep 11 00:12:24 router snort[2268]: Sessions ignored: 8877 Sep 11 00:12:24 router snort[2268]: Sessions ignored: 8877 Sep 11 00:12:24 router snort[2268]: Detection disabled: 42 Sep 11 00:12:24 router snort[2268]: Detection disabled: 42 Sep 11 00:12:24 router snort[2268]: =============================================================================== Sep 11 00:12:24 router snort[2268]: =============================================================================== Sep 11 00:12:24 router snort[2268]: +-----------------------[filtered events]-------------------------------------- Sep 11 00:12:24 router snort[2268]: +-----------------------[filtered events]-------------------------------------- Sep 11 00:12:24 router snort[2268]: | gen-id=1 sig-id=2500962 type=Limit tracking=src count=1 seconds=60 filtered=1 Sep 11 00:12:24 router snort[2268]: | gen-id=1 sig-id=2500962 type=Limit tracking=src count=1 seconds=60 filtered=1 Sep 11 00:12:24 router snort[2268]: | gen-id=1 sig-id=2002994 type=Both tracking=src count=30 seconds=60 filtered=111 Sep 11 00:12:24 router snort[2268]: | gen-id=1 sig-id=2002994 type=Both tracking=src count=30 seconds=60 filtered=111 Sep 11 00:12:24 router snort[2268]: | gen-id=1 sig-id=2001972 type=Both tracking=src count=20 seconds=360 filtered=19 Sep 11 00:12:24 router snort[2268]: | gen-id=1 sig-id=2001972 type=Both tracking=src count=20 seconds=360 filtered=19 Sep 11 00:12:24 router snort[2268]: | gen-id=1 sig-id=2501114 type=Limit tracking=src count=1 seconds=60 filtered=20 Sep 11 00:12:24 router snort[2268]: | gen-id=1 sig-id=2501114 type=Limit tracking=src count=1 seconds=60 filtered=20 Sep 11 00:12:24 router snort[2268]: | gen-id=1 sig-id=2500068 type=Limit tracking=src count=1 seconds=60 filtered=1 Sep 11 00:12:24 router snort[2268]: | gen-id=1 sig-id=2500068 type=Limit tracking=src count=1 seconds=60 filtered=1 Sep 11 00:12:24 router snort[2268]: | gen-id=1 sig-id=2002995 type=Both tracking=src count=30 seconds=60 filtered=261 Sep 11 00:12:24 router snort[2268]: | gen-id=1 sig-id=2002995 type=Both tracking=src count=30 seconds=60 filtered=261 Sep 11 00:12:24 router snort[2268]: | gen-id=1 sig-id=2500600 type=Limit tracking=src count=1 seconds=60 filtered=1 Sep 11 00:12:24 router snort[2268]: | gen-id=1 sig-id=2500600 type=Limit tracking=src count=1 seconds=60 filtered=1 Sep 11 00:12:24 router snort[2268]: | gen-id=1 sig-id=2500970 type=Limit tracking=src count=1 seconds=60 filtered=1 Sep 11 00:12:24 router snort[2268]: | gen-id=1 sig-id=2500970 type=Limit tracking=src count=1 seconds=60 filtered=1 Sep 11 00:12:24 router snort[2268]: | gen-id=1 sig-id=2001219 type=Threshold tracking=src count=5 seconds=120 filtered=28 Sep 11 00:12:24 router snort[2268]: | gen-id=1 sig-id=2001219 type=Threshold tracking=src count=5 seconds=120 filtered=28 Sep 11 00:12:24 router snort[2268]: | gen-id=1 sig-id=2002911 type=Threshold tracking=src count=5 seconds=60 filtered=3 Sep 11 00:12:24 router snort[2268]: | gen-id=1 sig-id=2002911 type=Threshold tracking=src count=5 seconds=60 filtered=3 Sep 11 00:13:11 router snort[2268]: Snort exiting Sep 11 00:13:11 router snort[2268]: Snort exiting -
I've been running 2.0-RC3 (i386) built on Sat Sep 10 17:10:54 EDT 2011 for 2 days, 03:19 w/ no exits and limited rule categories. So far so good. I'm hopeful that 2.0 final will workout fine since seeing swinn's post.
