Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Snort Encoded Rule Plugin SID error

    Scheduled Pinned Locked Moved pfSense Packages
    3 Posts 2 Posters 4.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      simby
      last edited by

      Hi i have a lot of this error. What is this?

      Nov 21 11:12:52 snort[3936]: Encoded Rule Plugin SID: 17132, GID: 3 not registered properly. Disabling this rule.
      Nov 21 11:12:52 snort[3936]: Encoded Rule Plugin SID: 17132, GID: 3 not registered properly. Disabling this rule.
      Nov 21 11:12:52 snort[3936]: Encoded Rule Plugin SID: 16173, GID: 3 not registered properly. Disabling this rule.
      Nov 21 11:12:52 snort[3936]: Encoded Rule Plugin SID: 16173, GID: 3 not registered properly. Disabling this rule.
      Nov 21 11:12:52 snort[3936]: Encoded Rule Plugin SID: 17690, GID: 3 not registered properly. Disabling this rule.
      Nov 21 11:12:52 snort[3936]: Encoded Rule Plugin SID: 17690, GID: 3 not registered properly. Disabling this rule.
      Nov 21 11:12:52 snort[3936]: Encoded Rule Plugin SID: 17771, GID: 3 not registered properly. Disabling this rule.
      Nov 21 11:12:52 snort[3936]: Encoded Rule Plugin SID: 17771, GID: 3 not registered properly. Disabling this rule.
      Nov 21 11:12:52 snort[3936]: Encoded Rule Plugin SID: 15959, GID: 3 not registered properly. Disabling this rule.
      Nov 21 11:12:52 snort[3936]: Encoded Rule Plugin SID: 15959, GID: 3 not registered properly. Disabling this rule.

      more then 500 lines :(

      1 Reply Last reply Reply Quote 0
      • S
        simby
        last edited by

        Nov 21 11:35:40 snort[1146]: Warning: flowbits key 'http.otf' is set but not ever checked.
        Nov 21 11:35:40 snort[1146]: Warning: flowbits key 'http.otf' is set but not ever checked.
        Nov 21 11:35:40 snort[1146]: Warning: flowbits key 'http.wma' is set but not ever checked.
        Nov 21 11:35:40 snort[1146]: Warning: flowbits key 'http.wma' is set but not ever checked.
        Nov 21 11:35:40 snort[1146]: Warning: flowbits key 'vnc.auth' is checked but not ever set.
        Nov 21 11:35:40 snort[1146]: Warning: flowbits key 'vnc.auth' is checked but not ever set.
        Nov 21 11:35:40 snort[1146]: Warning: flowbits key 'http.wmv' is set but not ever checked.
        Nov 21 11:35:40 snort[1146]: Warning: flowbits key 'http.wmv' is set but not ever checked.
        Nov 21 11:35:40 snort[1146]: Warning: flowbits key 'http.plf' is set but not ever checked.
        Nov 21 11:35:40 snort[1146]: Warning: flowbits key 'http.plf' is set but not ever checked.
        Nov 21 11:35:40 snort[1146]: Warning: flowbits key 'http.ttf' is set but not ever checked.
        Nov 21 11:35:40 snort[1146]: Warning: flowbits key 'http.ttf' is set but not ever checked.
        Nov 21 11:35:40 snort[1146]: Warning: flowbits key 'emf.request' is set but not ever checked.
        Nov 21 11:35:40 snort[1146]: Warning: flowbits key 'emf.request' is set but not ever checked.
        Nov 21 11:35:40 snort[1146]: Warning: flowbits key 'http.rat' is set but not ever checked.
        Nov 21 11:35:40 snort[1146]: Warning: flowbits key 'http.rat' is set but not ever checked.
        Nov 21 11:35:40 snort[1146]: Warning: flowbits key 'http.msproducer' is set but not ever checked.
        Nov 21 11:35:40 snort[1146]: Warning: flowbits key 'http.msproducer' is set but not ever checked.
        Nov 21 11:35:40 snort[1146]: Warning: flowbits key 'exe.download' is set but not ever checked.
        Nov 21 11:35:40 snort[1146]: Warning: flowbits key 'exe.download' is set but not ever checked.
        Nov 21 11:35:40 snort[1146]: Warning: flowbits key 'http.oless.v4' is set but not ever checked.
        Nov 21 11:35:40 snort[1146]: Warning: flowbits key 'http.oless.v4' is set but not ever checked.
        Nov 21 11:35:40 snort[1146]: Warning: flowbits key 'eot.download' is set but not ever checked.
        Nov 21 11:35:40 snort[1146]: Warning: flowbits key 'eot.download' is set but not ever checked.
        Nov 21 11:35:40 snort[1146]: Warning: flowbits key 'http.mswmm' is set but not ever checked.
        Nov 21 11:35:40 snort[1146]: Warning: flowbits key 'http.mswmm' is set but not ever checked.
        Nov 21 11:35:40 snort[1146]: Warning: flowbits key 'backup_file.request' is set but not ever checked.
        Nov 21 11:35:40 snort[1146]: Warning: flowbits key 'backup_file.request' is set but not ever checked.
        Nov 21 11:35:40 snort[1146]: Warning: flowbits key 'maki_file.request' is set but not ever checked.
        Nov 21 11:35:40 snort[1146]: Warning: flowbits key 'maki_file.request' is set but not ever checked.
        Nov 21 11:35:40 snort[1146]: Warning: flowbits key 'http.oless.v3' is set but not ever checked.
        Nov 21 11:35:40 snort[1146]: Warning: flowbits key 'http.oless.v3' is set but not ever checked.
        Nov 21 11:35:40 snort[1146]: Warning: flowbits key 'BrAin_Wiper_Chat' is set but not ever checked.
        Nov 21 11:35:40 snort[1146]: Warning: flowbits key 'BrAin_Wiper_Chat' is set but not ever checked.
        Nov 21 11:35:40 snort[1146]: Warning: flowbits key 'realplayer.playlist' is checked but not ever set.
        Nov 21 11:35:40 snort[1146]: Warning: flowbits key 'realplayer.playlist' is checked but not ever set.
        Nov 21 11:35:40 snort[1146]: Warning: flowbits key 'http.rtf' is set but not ever checked.
        Nov 21 11:35:40 snort[1146]: Warning: flowbits key 'http.rtf' is set but not ever checked.
        Nov 21 11:35:40 snort[1146]: Warning: flowbits key 'ipp.application' is checked but not ever set.
        Nov 21 11:35:40 snort[1146]: Warning: flowbits key 'ipp.application' is checked but not ever set.
        Nov 21 11:35:40 snort[1146]: Warning: flowbits key 'http.tiff.little' is set but not ever checked.
        Nov 21 11:35:40 snort[1146]: Warning: flowbits key 'http.tiff.little' is set but not ever checked.
        Nov 21 11:35:40 snort[1146]: Warning: flowbits key 'tlsv1.client_hello.certificate' is set but not ever checked.
        Nov 21 11:35:40 snort[1146]: Warning: flowbits key 'tlsv1.client_hello.certificate' is set but not ever checked.
        Nov 21 11:35:40 snort[1146]: Warning: flowbits key 'snipernet' is set but not ever checked.
        Nov 21 11:35:40 snort[1146]: Warning: flowbits key 'snipernet' is set but not ever checked.
        Nov 21 11:35:40 snort[1146]: Warning: flowbits key 'asp.upload' is set but not ever checked.
        Nov 21 11:35:40 snort[1146]: Warning: flowbits key 'asp.upload' is set but not ever checked.
        Nov 21 11:35:40 snort[1146]: Warning: flowbits key 'PtakkS_Keepalive' is set but not ever checked.
        Nov 21 11:35:40 snort[1146]: Warning: flowbits key 'PtakkS_Keepalive' is set but not ever checked.
        Nov 21 11:35:40 snort[1146]: Warning: flowbits key 'http.bmp' is checked but not ever set.
        Nov 21 11:35:40 snort[1146]: Warning: flowbits key 'http.bmp' is checked but not ever set.
        Nov 21 11:35:40 snort[1146]: Warning: flowbits key 'java_class_file.request' is checked but not ever set.
        Nov 21 11:35:40 snort[1146]: Warning: flowbits key 'java_class_file.request' is checked but not ever set.
        Nov 21 11:35:40 snort[1146]: Warning: flowbits key 'chm_content_type' is set but not ever checked.
        Nov 21 11:35:40 snort[1146]: Warning: flowbits key 'chm_content_type' is set but not ever checked.
        Nov 21 11:35:40 snort[1146]: Warning: flowbits key 'Backdoor.Bersek.Init' is set but not ever checked.
        Nov 21 11:35:40 snort[1146]: Warning: flowbits key 'Backdoor.Bersek.Init' is set but not ever checked.
        Nov 21 11:35:40 snort[1146]: Warning: flowbits key 'http.asx' is set but not ever checked.
        Nov 21 11:35:40 snort[1146]: Warning: flowbits key 'http.asx' is set but not ever checked.
        Nov 21 11:35:40 snort[1146]: Warning: flowbits key 'http.pls.download' is set but not ever checked.
        Nov 21 11:35:40 snort[1146]: Warning: flowbits key 'http.pls.download' is set but not ever checked.
        Nov 21 11:35:40 snort[1146]: Warning: flowbits key 'pop3.stat' is set but not ever checked.
        Nov 21 11:35:40 snort[1146]: Warning: flowbits key 'pop3.stat' is set but not ever checked.
        Nov 21 11:35:40 snort[1146]: Warning: flowbits key 'http.pub' is checked but not ever set.
        Nov 21 11:35:40 snort[1146]: Warning: flowbits key 'http.pub' is checked but not ever set.
        Nov 21 11:35:40 snort[1146]: Warning: flowbits key 'http.tiff.big' is set but not ever checked.
        Nov 21 11:35:40 snort[1146]: Warning: flowbits key 'http.tiff.big' is set but not ever checked.
        Nov 21 11:35:40 snort[1146]: Warning: flowbits key 'http.eps.download' is set but not ever checked.
        Nov 21 11:35:40 snort[1146]: Warning: flowbits key 'http.eps.download' is set but not ever checked.
        Nov 21 11:35:40 snort[1146]: Warning: flowbits key 'Netspy_Command_Pattern' is set but not ever checked.
        Nov 21 11:35:40 snort[1146]: Warning: flowbits key 'Netspy_Command_Pattern' is set but not ever checked.
        Nov 21 11:35:40 snort[1146]: Warning: flowbits key 'starttls.attempt' is set but not ever checked.
        Nov 21 11:35:40 snort[1146]: Warning: flowbits key 'starttls.attempt' is set but not ever checked.
        Nov 21 11:35:40 snort[1146]: Warning: flowbits key 'qualcom.worldmail.ok' is checked but not ever set.
        Nov 21 11:35:40 snort[1146]: Warning: flowbits key 'qualcom.worldmail.ok' is checked but not ever set.
        Nov 21 11:35:40 snort[1146]: Warning: flowbits key 'ppt.download' is set but not ever checked.
        Nov 21 11:35:40 snort[1146]: Warning: flowbits key 'ppt.download' is set but not ever checked.
        Nov 21 11:35:40 snort[1146]: Warning: flowbits key 'csv.download' is checked but not ever set.
        Nov 21 11:35:40 snort[1146]: Warning: flowbits key 'csv.download' is checked but not ever set.
        Nov 21 11:35:40 snort[1146]: Warning: 'ignore_any_rules' option for Stream5 UDP disabled because of UDP rule with flow or flowbits option
        Nov 21 11:35:40 snort[1146]: Warning: 'ignore_any_rules' option for Stream5 UDP disabled because of UDP rule with flow or flowbits option

        1 Reply Last reply Reply Quote 0
        • J
          jamesdean
          last edited by

          Dont worry about the flow bits.

          These errors on the other hand needs to be looked at. I need to update snort or the alert map file for the missing this sigs.

          "Encoded Rule Plugin SID: 17132, GID: 3 not registered properly. Disabling this rule."

          I am rebuilding snort from the ground up, that's taking all my time, Simply.
          Im working as fast as I can.

          James

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.