Snort[55970] exiting
-
I'm running - 2.0-RC3 (i386)
built on Fri Sep 2 14:17:09 EDT 2011 that I upgraded to last night.
As of either Thursday's snapshot I started noticing that Snort was exiting after a period of time. I enclosed the log from when it exited last. I looked up the error code in Google and didn't find anything. Anyone have an idea of what I can do?** Update ** - the one that is giving me problems is Intel(R) Xeon(TM) CPU 3.06GHz - Dell PE 1750 w/ 2GB RAM; the other unit is P3 1Ghz w/ 512MB RAM and it is working fine. Just remoted into it; it has less rules running on it, so I don't know if that has anything to do with it either. Both have latest Squid/Lightsquid/Darkstat/mtr-nox11/vnstat2; I tried loading CountryBlock and that is giving problems with Xeon system.
Thanks!Sep 3 00:03:44 snort[55970]: Snort exiting
Sep 3 00:03:44 snort[55970]: Snort exiting
Sep 3 00:03:36 SnortStartup[2860]: Snort Soft Reload For 42037_bge1…
Sep 3 00:03:36 SnortStartup[2513]: Snort already running, soft restart
Sep 3 00:03:36 SnortStartup[119]: Snort Startup files Sync…
Sep 3 00:03:33 snort[55970]: ===============================================================================
Sep 3 00:03:33 snort[55970]: ===============================================================================
Sep 3 00:03:33 snort[55970]: Detection disabled: 36
Sep 3 00:03:33 snort[55970]: Detection disabled: 36
Sep 3 00:03:33 snort[55970]: Sessions ignored: 12
Sep 3 00:03:33 snort[55970]: Sessions ignored: 12
Sep 3 00:03:33 snort[55970]: Bad handshakes: 0
Sep 3 00:03:33 snort[55970]: Bad handshakes: 0
Sep 3 00:03:33 snort[55970]: Completed handshakes: 0
Sep 3 00:03:33 snort[55970]: Completed handshakes: 0
Sep 3 00:03:33 snort[55970]: Unrecognized records: 172
Sep 3 00:03:33 snort[55970]: Unrecognized records: 172
Sep 3 00:03:33 snort[55970]: Alert: 47
Sep 3 00:03:33 snort[55970]: Alert: 47
Sep 3 00:03:33 snort[55970]: Server Application: 12
Sep 3 00:03:33 snort[55970]: Server Application: 12
Sep 3 00:03:33 snort[55970]: Client Application: 163
Sep 3 00:03:33 snort[55970]: Client Application: 163
Sep 3 00:03:33 snort[55970]: Finished: 0
Sep 3 00:03:33 snort[55970]: Finished: 0
Sep 3 00:03:33 snort[55970]: Change Cipher: 78
Sep 3 00:03:33 snort[55970]: Change Cipher: 78
Sep 3 00:03:33 snort[55970]: Server Key Exchange: 0
Sep 3 00:03:33 snort[55970]: Server Key Exchange: 0
Sep 3 00:03:33 snort[55970]: Client Key Exchange: 9
Sep 3 00:03:33 snort[55970]: Client Key Exchange: 9
Sep 3 00:03:33 snort[55970]: Server Done: 42
Sep 3 00:03:33 snort[55970]: Server Done: 42
Sep 3 00:03:33 snort[55970]: Certificate: 12
Sep 3 00:03:33 snort[55970]: Certificate: 12
Sep 3 00:03:33 snort[55970]: Server Hello: 12
Sep 3 00:03:33 snort[55970]: Server Hello: 12
Sep 3 00:03:33 snort[55970]: Client Hello: 59
Sep 3 00:03:33 snort[55970]: Client Hello: 59
Sep 3 00:03:33 snort[55970]: SSL packets decoded: 475
Sep 3 00:03:33 snort[55970]: SSL packets decoded: 475
Sep 3 00:03:33 snort[55970]: SSL Preprocessor:
Sep 3 00:03:33 snort[55970]: SSL Preprocessor:
Sep 3 00:03:33 snort[55970]: ===============================================================================
Sep 3 00:03:33 snort[55970]: ===============================================================================
Sep 3 00:03:33 snort[55970]: Total sessions: 0
Sep 3 00:03:33 snort[55970]: Total sessions: 0
Sep 3 00:03:33 snort[55970]: dcerpc2 Preprocessor Statistics
Sep 3 00:03:33 snort[55970]: dcerpc2 Preprocessor Statistics
Sep 3 00:03:33 snort[55970]: ===============================================================================
Sep 3 00:03:33 snort[55970]: ===============================================================================
Sep 3 00:03:33 snort[55970]: Total packets processed: 2544
Sep 3 00:03:33 snort[55970]: Total packets processed: 2544
Sep 3 00:03:33 snort[55970]: Gzip Decompressed Data Processed: n/a
Sep 3 00:03:33 snort[55970]: Gzip Decompressed Data Processed: n/a
Sep 3 00:03:33 snort[55970]: Gzip Compressed Data Processed: n/a
Sep 3 00:03:33 snort[55970]: Gzip Compressed Data Processed: n/a
Sep 3 00:03:33 snort[55970]: HTTP Response Gzip packets extracted: 0
Sep 3 00:03:33 snort[55970]: HTTP Response Gzip packets extracted: 0
Sep 3 00:03:33 snort[55970]: Self-referencing paths ("./"): 0
Sep 3 00:03:33 snort[55970]: Self-referencing paths ("./"): 0
Sep 3 00:03:33 snort[55970]: Extra slashes ("//"): 0
Sep 3 00:03:33 snort[55970]: Extra slashes ("//"): 0
Sep 3 00:03:33 snort[55970]: Directory traversals: 0
Sep 3 00:03:33 snort[55970]: Directory traversals: 0
Sep 3 00:03:33 snort[55970]: Base 36: 0
Sep 3 00:03:33 snort[55970]: Base 36: 0
Sep 3 00:03:33 snort[55970]: Non-ASCII representable: 0
Sep 3 00:03:33 snort[55970]: Non-ASCII representable: 0
Sep 3 00:03:33 snort[55970]: Double unicode: 0
Sep 3 00:03:33 snort[55970]: Double unicode: 0
Sep 3 00:03:33 snort[55970]: Unicode: 0
Sep 3 00:03:33 snort[55970]: Unicode: 0
Sep 3 00:03:33 snort[55970]: HTTP Response Cookies extracted: 0
Sep 3 00:03:33 snort[55970]: HTTP Response Cookies extracted: 0
Sep 3 00:03:33 snort[55970]: HTTP response Headers extracted: 0
Sep 3 00:03:33 snort[55970]: HTTP response Headers extracted: 0
Sep 3 00:03:33 snort[55970]: Post parameters extracted: 0
Sep 3 00:03:33 snort[55970]: Post parameters extracted: 0
Sep 3 00:03:33 snort[55970]: HTTP Request Cookies extracted: 0
Sep 3 00:03:33 snort[55970]: HTTP Request Cookies extracted: 0
Sep 3 00:03:33 snort[55970]: HTTP Request Headers extracted: 0
Sep 3 00:03:33 snort[55970]: HTTP Request Headers extracted: 0
Sep 3 00:03:33 snort[55970]: GET methods: 0
Sep 3 00:03:33 snort[55970]: GET methods: 0
Sep 3 00:03:33 snort[55970]: POST methods: 0
Sep 3 00:03:33 snort[55970]: POST methods: 0
Sep 3 00:03:33 snort[55970]: HTTP Inspect - encodings (Note: stream-reassembled packets included):
Sep 3 00:03:33 snort[55970]: HTTP Inspect - encodings (Note: stream-reassembled packets included):
Sep 3 00:03:33 snort[55970]: ===============================================================================
Sep 3 00:03:33 snort[55970]: ===============================================================================
Sep 3 00:03:33 snort[55970]: Tracked: 889
Sep 3 00:03:33 snort[55970]: Tracked: 889
Sep 3 00:03:33 snort[55970]: Inspected: 0
Sep 3 00:03:33 snort[55970]: Inspected: 0
Sep 3 00:03:33 snort[55970]: Dropped: 0
Sep 3 00:03:33 snort[55970]: Dropped: 0
Sep 3 00:03:33 snort[55970]: UDP Port Filter
Sep 3 00:03:33 snort[55970]: UDP Port Filter
Sep 3 00:03:33 snort[55970]: Tracked: 4895
Sep 3 00:03:33 snort[55970]: Tracked: 4895
Sep 3 00:03:33 snort[55970]: Inspected: 0
Sep 3 00:03:33 snort[55970]: Inspected: 0
Sep 3 00:03:33 snort[55970]: Dropped: 0
Sep 3 00:03:33 snort[55970]: Dropped: 0
Sep 3 00:03:33 snort[55970]: TCP Port Filter
Sep 3 00:03:33 snort[55970]: TCP Port Filter
Sep 3 00:03:33 snort[55970]: Internal Events: 0
Sep 3 00:03:33 snort[55970]: Internal Events: 0
Sep 3 00:03:33 snort[55970]: Events: 0
Sep 3 00:03:33 snort[55970]: Events: 0
Sep 3 00:03:33 snort[55970]: UDP Discards: 0
Sep 3 00:03:33 snort[55970]: UDP Discards: 0
Sep 3 00:03:33 snort[55970]: UDP Timeouts: 214
Sep 3 00:03:33 snort[55970]: UDP Timeouts: 214
Sep 3 00:03:33 snort[55970]: UDP Sessions Deleted: 867
Sep 3 00:03:33 snort[55970]: UDP Sessions Deleted: 867
Sep 3 00:03:33 snort[55970]: UDP Sessions Created: 867
Sep 3 00:03:33 snort[55970]: UDP Sessions Created: 867
Sep 3 00:03:33 snort[55970]: TCP Gaps: 0
Sep 3 00:03:33 snort[55970]: TCP Gaps: 0
Sep 3 00:03:33 snort[55970]: TCP Discards: 3792
Sep 3 00:03:33 snort[55970]: TCP Discards: 3792
Sep 3 00:03:33 snort[55970]: TCP Segments Used: 0
Sep 3 00:03:33 snort[55970]: TCP Segments Used: 0
Sep 3 00:03:33 snort[55970]: TCP Rebuilt Packets: 0
Sep 3 00:03:33 snort[55970]: TCP Rebuilt Packets: 0
Sep 3 00:03:33 snort[55970]: TCP Segments Released: 0
Sep 3 00:03:33 snort[55970]: TCP Segments Released: 0
Sep 3 00:03:33 snort[55970]: TCP Segments Queued: 0
Sep 3 00:03:33 snort[55970]: TCP Segments Queued: 0
Sep 3 00:03:33 snort[55970]: TCP Overlaps: 0
Sep 3 00:03:33 snort[55970]: TCP Overlaps: 0
Sep 3 00:03:33 snort[55970]: TCP Timeouts: 131
Sep 3 00:03:33 snort[55970]: TCP Timeouts: 131
Sep 3 00:03:33 snort[55970]: TCP StreamTrackers Deleted: 407
Sep 3 00:03:33 snort[55970]: TCP StreamTrackers Deleted: 407
Sep 3 00:03:33 snort[55970]: TCP StreamTrackers Created: 407
Sep 3 00:03:33 snort[55970]: TCP StreamTrackers Created: 407
Sep 3 00:03:33 snort[55970]: ICMP Prunes: 0
Sep 3 00:03:33 snort[55970]: ICMP Prunes: 0
Sep 3 00:03:33 snort[55970]: UDP Prunes: 0
Sep 3 00:03:33 snort[55970]: UDP Prunes: 0
Sep 3 00:03:33 snort[55970]: TCP Prunes: 0
Sep 3 00:03:33 snort[55970]: TCP Prunes: 0
Sep 3 00:03:33 snort[55970]: ICMP sessions: 0
Sep 3 00:03:33 snort[55970]: ICMP sessions: 0
Sep 3 00:03:33 snort[55970]: UDP sessions: 653
Sep 3 00:03:33 snort[55970]: UDP sessions: 653
Sep 3 00:03:33 snort[55970]: TCP sessions: 320
Sep 3 00:03:33 snort[55970]: TCP sessions: 320
Sep 3 00:03:33 snort[55970]: Total sessions: 973
Sep 3 00:03:33 snort[55970]: Total sessions: 973
Sep 3 00:03:33 snort[55970]: Stream5 statistics:
Sep 3 00:03:33 snort[55970]: Stream5 statistics:
Sep 3 00:03:33 snort[55970]: ===============================================================================
Sep 3 00:03:33 snort[55970]: ===============================================================================
Sep 3 00:03:33 snort[55970]: Frag Nodes Deleted: 0
Sep 3 00:03:33 snort[55970]: Frag Nodes Deleted: 0
Sep 3 00:03:33 snort[55970]: Frag Nodes Inserted: 0
Sep 3 00:03:33 snort[55970]: Frag Nodes Inserted: 0
Sep 3 00:03:33 snort[55970]: FragTrackers Auto Freed: 0
Sep 3 00:03:33 snort[55970]: FragTrackers Auto Freed: 0
Sep 3 00:03:33 snort[55970]: FragTrackers Dumped: 0
Sep 3 00:03:33 snort[55970]: FragTrackers Dumped: 0
Sep 3 00:03:33 snort[55970]: FragTrackers Added: 0
Sep 3 00:03:33 snort[55970]: FragTrackers Added: 0
Sep 3 00:03:33 snort[55970]: Drops: 0
Sep 3 00:03:33 snort[55970]: Drops: 0
Sep 3 00:03:33 snort[55970]: Alerts: 0
Sep 3 00:03:33 snort[55970]: Alerts: 0
Sep 3 00:03:33 snort[55970]: Anomalies: 0
Sep 3 00:03:33 snort[55970]: Anomalies: 0
Sep 3 00:03:33 snort[55970]: Overlaps: 0
Sep 3 00:03:33 snort[55970]: Overlaps: 0
Sep 3 00:03:33 snort[55970]: Timeouts: 0
Sep 3 00:03:33 snort[55970]: Timeouts: 0
Sep 3 00:03:33 snort[55970]: Memory Faults: 0
Sep 3 00:03:33 snort[55970]: Memory Faults: 0
Sep 3 00:03:33 snort[55970]: Discards: 0
Sep 3 00:03:33 snort[55970]: Discards: 0
Sep 3 00:03:33 snort[55970]: Frags Reassembled: 0
Sep 3 00:03:33 snort[55970]: Frags Reassembled: 0
Sep 3 00:03:33 snort[55970]: Total Fragments: 0
Sep 3 00:03:33 snort[55970]: Total Fragments: 0
Sep 3 00:03:33 snort[55970]: Frag3 statistics:
Sep 3 00:03:33 snort[55970]: Frag3 statistics:
Sep 3 00:03:33 snort[55970]: ===============================================================================
Sep 3 00:03:33 snort[55970]: ===============================================================================
Sep 3 00:03:33 snort[55970]: Ignore: 0 ( 0.000%)
Sep 3 00:03:33 snort[55970]: Ignore: 0 ( 0.000%)
Sep 3 00:03:33 snort[55970]: Blacklist: 0 ( 0.000%)
Sep 3 00:03:33 snort[55970]: Blacklist: 0 ( 0.000%)
Sep 3 00:03:33 snort[55970]: Whitelist: 0 ( 0.000%)
Sep 3 00:03:33 snort[55970]: Whitelist: 0 ( 0.000%)
Sep 3 00:03:33 snort[55970]: Replace: 0 ( 0.000%)
Sep 3 00:03:33 snort[55970]: Replace: 0 ( 0.000%)
Sep 3 00:03:33 snort[55970]: Block: 0 ( 0.000%)
Sep 3 00:03:33 snort[55970]: Block: 0 ( 0.000%)
Sep 3 00:03:33 snort[55970]: Allow: 46840 ( 99.906%)
Sep 3 00:03:33 snort[55970]: Allow: 46840 ( 99.906%)
Sep 3 00:03:33 snort[55970]: Verdicts:
Sep 3 00:03:33 snort[55970]: Verdicts:
Sep 3 00:03:33 snort[55970]: Event Limit: 0
Sep 3 00:03:33 snort[55970]: Event Limit: 0
Sep 3 00:03:33 snort[55970]: Log Limit: 0
Sep 3 00:03:33 snort[55970]: Log Limit: 0
Sep 3 00:03:33 snort[55970]: Queue Limit: 0
Sep 3 00:03:33 snort[55970]: Queue Limit: 0
Sep 3 00:03:33 snort[55970]: Match Limit: 0
Sep 3 00:03:33 snort[55970]: Match Limit: 0
Sep 3 00:03:33 snort[55970]: Passed: 0 ( 0.000%)
Sep 3 00:03:33 snort[55970]: Passed: 0 ( 0.000%)
Sep 3 00:03:33 snort[55970]: Logged: 0 ( 0.000%)
Sep 3 00:03:33 snort[55970]: Logged: 0 ( 0.000%)
Sep 3 00:03:33 snort[55970]: Alerts: 0 ( 0.000%)
Sep 3 00:03:33 snort[55970]: Alerts: 0 ( 0.000%)
Sep 3 00:03:33 snort[55970]: Action Stats:
Sep 3 00:03:33 snort[55970]: Action Stats:
Sep 3 00:03:33 snort[55970]: ===============================================================================
Sep 3 00:03:33 snort[55970]: ===============================================================================
Sep 3 00:03:33 snort[55970]: Total: 46840
Sep 3 00:03:33 snort[55970]: Total: 46840
Sep 3 00:03:33 snort[55970]: S5 G 2: 0 ( 0.000%)
Sep 3 00:03:33 snort[55970]: S5 G 2: 0 ( 0.000%)
Sep 3 00:03:33 snort[55970]: S5 G 1: 0 ( 0.000%)
Sep 3 00:03:33 snort[55970]: S5 G 1: 0 ( 0.000%)
Sep 3 00:03:33 snort[55970]: Bad TTL: 0 ( 0.000%)
Sep 3 00:03:33 snort[55970]: Bad TTL: 0 ( 0.000%)
Sep 3 00:03:33 snort[55970]: Bad Chk Sum: 39240 ( 83.775%)
Sep 3 00:03:33 snort[55970]: Bad Chk Sum: 39240 ( 83.775%)
Sep 3 00:03:33 snort[55970]: Other: 31545 ( 67.346%)
Sep 3 00:03:33 snort[55970]: Other: 31545 ( 67.346%)
Sep 3 00:03:33 snort[55970]: All Discard: 0 ( 0.000%)
Sep 3 00:03:33 snort[55970]: All Discard: 0 ( 0.000%)
Sep 3 00:03:33 snort[55970]: ICMP Disc: 0 ( 0.000%)
Sep 3 00:03:33 snort[55970]: ICMP Disc: 0 ( 0.000%)
Sep 3 00:03:33 snort[55970]: UDP Disc: 0 ( 0.000%)
Sep 3 00:03:33 snort[55970]: UDP Disc: 0 ( 0.000%)
Sep 3 00:03:33 snort[55970]: TCP Disc: 0 ( 0.000%)
Sep 3 00:03:33 snort[55970]: TCP Disc: 0 ( 0.000%)
Sep 3 00:03:33 snort[55970]: IP6 Disc: 0 ( 0.000%)
Sep 3 00:03:33 snort[55970]: IP6 Disc: 0 ( 0.000%)
Sep 3 00:03:33 snort[55970]: IP4 Disc: 0 ( 0.000%)
Sep 3 00:03:33 snort[55970]: IP4 Disc: 0 ( 0.000%)
Sep 3 00:03:33 snort[55970]: Eth Disc: 0 ( 0.000%)
Sep 3 00:03:33 snort[55970]: Eth Disc: 0 ( 0.000%)
Sep 3 00:03:33 snort[55970]: Eth Loop: 263 ( 0.561%)
Sep 3 00:03:33 snort[55970]: Eth Loop: 263 ( 0.561%)
Sep 3 00:03:33 snort[55970]: IPX: 0 ( 0.000%)
Sep 3 00:03:33 snort[55970]: IPX: 0 ( 0.000%)
Sep 3 00:03:33 snort[55970]: ARP: 4 ( 0.009%)
Sep 3 00:03:33 snort[55970]: ARP: 4 ( 0.009%)
Sep 3 00:03:33 snort[55970]: MPLS: 0 ( 0.000%)
Sep 3 00:03:33 snort[55970]: MPLS: 0 ( 0.000%)
Sep 3 00:03:33 snort[55970]: GRE Loop: 0 ( 0.000%)
Sep 3 00:03:33 snort[55970]: GRE Loop: 0 ( 0.000%)
Sep 3 00:03:33 snort[55970]: GRE IPX: 0 ( 0.000%)
Sep 3 00:03:33 snort[55970]: GRE IPX: 0 ( 0.000%)
Sep 3 00:03:33 snort[55970]: GRE ARP: 0 ( 0.000%)
Sep 3 00:03:33 snort[55970]: GRE ARP: 0 ( 0.000%)
Sep 3 00:03:33 snort[55970]: GRE PPTP: 3491 ( 7.453%)
Sep 3 00:03:33 snort[55970]: GRE PPTP: 3491 ( 7.453%)
Sep 3 00:03:33 snort[55970]: GRE IP6 Ext: 0 ( 0.000%)
Sep 3 00:03:33 snort[55970]: GRE IP6 Ext: 0 ( 0.000%)
Sep 3 00:03:33 snort[55970]: GRE IP6: 0 ( 0.000%)
Sep 3 00:03:33 snort[55970]: GRE IP6: 0 ( 0.000%)
Sep 3 00:03:33 snort[55970]: GRE IP4: 0 ( 0.000%)
Sep 3 00:03:33 snort[55970]: GRE IP4: 0 ( 0.000%)
Sep 3 00:03:33 snort[55970]: GRE VLAN: 0 ( 0.000%)
Sep 3 00:03:33 snort[55970]: GRE VLAN: 0 ( 0.000%)
Sep 3 00:03:33 snort[55970]: GRE Eth: 0 ( 0.000%)
Sep 3 00:03:33 snort[55970]: GRE Eth: 0 ( 0.000%)
Sep 3 00:03:33 snort[55970]: GRE: 3491 ( 7.453%)
Sep 3 00:03:33 snort[55970]: GRE: 3491 ( 7.453%)
Sep 3 00:03:33 snort[55970]: IP6/IP6: 0 ( 0.000%)
Sep 3 00:03:33 snort[55970]: IP6/IP6: 0 ( 0.000%)
Sep 3 00:03:33 snort[55970]: IP6/IP4: 0 ( 0.000%)
Sep 3 00:03:33 snort[55970]: IP6/IP4: 0 ( 0.000%)
Sep 3 00:03:33 snort[55970]: IP4/IP6: 0 ( 0.000%)
Sep 3 00:03:33 snort[55970]: IP4/IP6: 0 ( 0.000%)
Sep 3 00:03:33 snort[55970]: IP4/IP4: 0 ( 0.000%)
Sep 3 00:03:33 snort[55970]: IP4/IP4: 0 ( 0.000%)
Sep 3 00:03:33 snort[55970]: EAPOL: 0 ( 0.000%)
Sep 3 00:03:33 snort[55970]: EAPOL: 0 ( 0.000%)
Sep 3 00:03:33 snort[55970]: ICMP-IP: 0 ( 0.000%)
Sep 3 00:03:33 snort[55970]: ICMP-IP: 0 ( 0.000%)
Sep 3 00:03:33 snort[55970]: Teredo: 0 ( 0.000%)
Sep 3 00:03:33 snort[55970]: Teredo: 0 ( 0.000%)
Sep 3 00:03:33 snort[55970]: TCP6: 0 ( 0.000%)
Sep 3 00:03:33 snort[55970]: TCP6: 0 ( 0.000%)
Sep 3 00:03:33 snort[55970]: UDP6: 0 ( 0.000%)
Sep 3 00:03:33 snort[55970]: UDP6: 0 ( 0.000%)
Sep 3 00:03:33 snort[55970]: ICMP6: 0 ( 0.000%)
Sep 3 00:03:33 snort[55970]: ICMP6: 0 ( 0.000%)
Sep 3 00:03:33 snort[55970]: Frag6: 0 ( 0.000%)
Sep 3 00:03:33 snort[55970]: Frag6: 0 ( 0.000%)
Sep 3 00:03:33 snort[55970]: IP6 Opts: 0 ( 0.000%)
Sep 3 00:03:33 snort[55970]: IP6 Opts: 0 ( 0.000%)
Sep 3 00:03:33 snort[55970]: IP6 Ext: 0 ( 0.000%)
Sep 3 00:03:33 snort[55970]: IP6 Ext: 0 ( 0.000%)
Sep 3 00:03:33 snort[55970]: IP6: 0 ( 0.000%)
Sep 3 00:03:33 snort[55970]: IP6: 0 ( 0.000%)
Sep 3 00:03:33 snort[55970]: TCP: 9520 ( 20.325%)
Sep 3 00:03:33 snort[55970]: TCP: 9520 ( 20.325%)
Sep 3 00:03:33 snort[55970]: UDP: 2002 ( 4.274%)
Sep 3 00:03:33 snort[55970]: UDP: 2002 ( 4.274%)
Sep 3 00:03:33 snort[55970]: ICMP: 15 ( 0.032%)
Sep 3 00:03:33 snort[55970]: ICMP: 15 ( 0.032%)
Sep 3 00:03:33 snort[55970]: Frag: 0 ( 0.000%)
Sep 3 00:03:33 snort[55970]: Frag: 0 ( 0.000%)
Sep 3 00:03:33 snort[55970]: IP4: 46529 ( 99.336%)
Sep 3 00:03:33 snort[55970]: IP4: 46529 ( 99.336%)
Sep 3 00:03:33 snort[55970]: VLAN: 0 ( 0.000%)
Sep 3 00:03:33 snort[55970]: VLAN: 0 ( 0.000%)
Sep 3 00:03:33 snort[55970]: Eth: 46840 (100.000%)
Sep 3 00:03:33 snort[55970]: Eth: 46840 (100.000%)
Sep 3 00:03:33 snort[55970]: Breakdown by protocol (includes rebuilt packets):
Sep 3 00:03:33 snort[55970]: Breakdown by protocol (includes rebuilt packets):
Sep 3 00:03:33 snort[55970]: ===============================================================================
Sep 3 00:03:33 snort[55970]: ===============================================================================
Sep 3 00:03:33 snort[55970]: Injected: 0
Sep 3 00:03:33 snort[55970]: Injected: 0
Sep 3 00:03:33 snort[55970]: Outstanding: 44 ( 0.094%)
Sep 3 00:03:33 snort[55970]: Outstanding: 44 ( 0.094%)
Sep 3 00:03:33 snort[55970]: Filtered: 0 ( 0.000%)
Sep 3 00:03:33 snort[55970]: Filtered: 0 ( 0.000%)
Sep 3 00:03:33 snort[55970]: Dropped: 0 ( 0.000%)
Sep 3 00:03:33 snort[55970]: Dropped: 0 ( 0.000%)
Sep 3 00:03:33 snort[55970]: Analyzed: 46840 ( 99.906%)
Sep 3 00:03:33 snort[55970]: Analyzed: 46840 ( 99.906%)
Sep 3 00:03:33 snort[55970]: Received: 46884
Sep 3 00:03:33 snort[55970]: Received: 46884
Sep 3 00:03:33 snort[55970]: Packet I/O Totals:
Sep 3 00:03:33 snort[55970]: Packet I/O Totals:
Sep 3 00:03:33 snort[55970]: ===============================================================================
Sep 3 00:03:33 snort[55970]: ===============================================================================
Sep 3 00:03:33 snort[55970]: Pkts/sec: 17
Sep 3 00:03:33 snort[55970]: Pkts/sec: 17
Sep 3 00:03:33 snort[55970]: Pkts/min: 1089
Sep 3 00:03:33 snort[55970]: Pkts/min: 1089
Sep 3 00:03:33 snort[55970]: Snort ran for 0 days 0 hours 43 minutes 49 seconds
Sep 3 00:03:33 snort[55970]: Snort ran for 0 days 0 hours 43 minutes 49 seconds
Sep 3 00:03:33 snort[55970]: Snort processed 46840 packets.
Sep 3 00:03:33 snort[55970]: Snort processed 46840 packets.
Sep 3 00:03:33 snort[55970]: Run time for packet processing was 2629.86087 seconds
Sep 3 00:03:33 snort[55970]: Run time for packet processing was 2629.86087 seconds
Sep 3 00:03:33 snort[55970]: ===============================================================================
Sep 3 00:03:33 snort[55970]: ===============================================================================
Sep 3 00:03:32 snort[55970]: *** Caught Term-Signal
Sep 3 00:03:32 snort[55970]: *** Caught Term-Signal
Sep 3 00:03:31 SnortStartup[36754]: Snort HARD STOP For 42037_bge1…
Sep 2 23:19:44 SnortStartup[56260]: Interface Rule START for 0_42037_bge1…
Sep 2 23:19:44 snort[55970]: Commencing packet processing (pid=55970)
Sep 2 23:19:44 snort[55970]: Commencing packet processing (pid=55970)
Sep 2 23:19:44 snort[55970]: –== Initialization Complete ==--
Sep 2 23:19:44 snort[55970]: –== Initialization Complete ==--
Sep 2 23:19:44 snort[55970]:
Sep 2 23:19:44 snort[55970]:
Sep 2 23:19:44 snort[55970]: Set uid to 920
Sep 2 23:19:44 snort[55970]: Set uid to 920
Sep 2 23:19:44 snort[55970]: Set gid to 920
Sep 2 23:19:44 snort[55970]: Set gid to 920
Sep 2 23:19:44 snort[55970]: Writing PID "55970" to file "/var/log/snort/run/snort_bge142037.pid"
Sep 2 23:19:44 snort[55970]: Writing PID "55970" to file "/var/log/snort/run/snort_bge142037.pid"
Sep 2 23:19:44 snort[55970]: PID path stat checked out ok, PID path set to /var/log/snort/run
Sep 2 23:19:44 snort[55970]: PID path stat checked out ok, PID path set to /var/log/snort/run
Sep 2 23:19:44 snort[55970]: Checking PID path…
Sep 2 23:19:44 snort[55970]: Checking PID path…
Sep 2 23:19:43 snort[55970]: Decoding Ethernet
Sep 2 23:19:43 snort[55970]: Decoding Ethernet
Sep 2 23:19:43 snort[55970]: Reload thread started, thread 0x9a6d3fc0 (55970)
Sep 2 23:19:43 snort[55970]: Reload thread started, thread 0x9a6d3fc0 (55970)
Sep 2 23:19:42 snort[55970]: Reload thread starting…
Sep 2 23:19:42 snort[55970]: Reload thread starting…
Sep 2 23:19:39 snort[55970]: Daemon initialized, signaled parent pid: 1020
Sep 2 23:19:39 snort[55970]: Daemon initialized, signaled parent pid: 1020
Sep 2 23:19:38 snort[1020]: Initializing daemon mode
Sep 2 23:19:38 snort[1020]: Initializing daemon mode
Sep 2 23:19:38 snort[1020]: Acquiring network traffic from "bge1".
Sep 2 23:19:38 snort[1020]: Acquiring network traffic from "bge1".
Sep 2 23:19:38 snort[1020]: pcap DAQ configured to passive.
Sep 2 23:19:38 snort[1020]: pcap DAQ configured to passive.
Sep 2 23:19:38 snort[1020]: +–--------------------------------------------------------------
Sep 2 23:19:38 snort[1020]: +–--------------------------------------------------------------
Sep 2 23:19:38 snort[1020]: | DFA : 1394.18
Sep 2 23:19:38 snort[1020]: | DFA : 1394.18
Sep 2 23:19:38 snort[1020]: | Fail States : 6.73
Sep 2 23:19:38 snort[1020]: | Fail States : 6.73
Sep 2 23:19:38 snort[1020]: | Match Lists : 20.29
Sep 2 23:19:38 snort[1020]: | Match Lists : 20.29
Sep 2 23:19:38 snort[1020]: | Patterns : 13.73
Sep 2 23:19:38 snort[1020]: | Patterns : 13.73
Sep 2 23:19:38 snort[1020]: | Memory (MB) : 1435.35
Sep 2 23:19:38 snort[1020]: | Memory (MB) : 1435.35
Sep 2 23:19:38 snort[1020]: | Match States : 198382
Sep 2 23:19:38 snort[1020]: | Match States : 198382
Sep 2 23:19:38 snort[1020]: | Patterns : 201014
Sep 2 23:19:38 snort[1020]: | Patterns : 201014
Sep 2 23:19:38 snort[1020]: | State Density : 36.0%
Sep 2 23:19:38 snort[1020]: | State Density : 36.0%
Sep 2 23:19:38 snort[1020]: | Transitions : 162522139
Sep 2 23:19:38 snort[1020]: | Transitions : 162522139
Sep 2 23:19:38 snort[1020]: | States : 1763235
Sep 2 23:19:38 snort[1020]: | States : 1763235
Sep 2 23:19:38 snort[1020]: | Characters : 2375296
Sep 2 23:19:38 snort[1020]: | Characters : 2375296
Sep 2 23:19:38 snort[1020]: | Instances : 1473
Sep 2 23:19:38 snort[1020]: | Instances : 1473
Sep 2 23:19:38 snort[1020]: | Sizeof State : 4 bytes
Sep 2 23:19:38 snort[1020]: | Sizeof State : 4 bytes
Sep 2 23:19:38 snort[1020]: | Alphabet Size : 256 Chars
Sep 2 23:19:38 snort[1020]: | Alphabet Size : 256 Chars
Sep 2 23:19:38 snort[1020]: | Finite Automaton : DFA
Sep 2 23:19:38 snort[1020]: | Finite Automaton : DFA
Sep 2 23:19:38 snort[1020]: | Storage Format : Sparse-Bands
Sep 2 23:19:38 snort[1020]: | Storage Format : Sparse-Bands
Sep 2 23:19:38 snort[1020]: +- [ Aho-Corasick Summary ] –-----------------------------------
Sep 2 23:19:38 snort[1020]: +- [ Aho-Corasick Summary ] –-----------------------------------
Sep 2 23:19:38 snort[1020]: [ Port Based Pattern Matching Memory ]
Sep 2 23:19:38 snort[1020]: [ Port Based Pattern Matching Memory ]
Sep 2 23:19:38 snort[1020]:
Sep 2 23:19:38 snort[1020]:
Sep 2 23:16:51 snort[1020]: 345 out of 1024 flowbits in use.
Sep 2 23:16:51 snort[1020]: 345 out of 1024 flowbits in use.
Sep 2 23:16:51 snort[1020]: Warning: flowbits key 'eot.download' is set but not ever checked.
Sep 2 23:16:51 snort[1020]: Warning: flowbits key 'eot.download' is set but not ever checked.
Sep 2 23:16:51 snort[1020]: Warning: flowbits key 'visio.request' is set but not ever checked.
Sep 2 23:16:51 snort[1020]: Warning: flowbits key 'visio.request' is set but not ever checked.
Sep 2 23:16:51 snort[1020]: Warning: flowbits key 'emf.request' is set but not ever checked.
Sep 2 23:16:51 snort[1020]: Warning: flowbits key 'emf.request' is set but not ever checked.
Sep 2 23:16:51 snort[1020]: Warning: flowbits key 'http.oless.v4' is set but not ever checked.
Sep 2 23:16:51 snort[1020]: Warning: flowbits key 'http.oless.v4' is set but not ever checked.
Sep 2 23:16:51 snort[1020]: Warning: flowbits key 'net.application' is set but not ever checked.
Sep 2 23:16:51 snort[1020]: Warning: flowbits key 'net.application' is set but not ever checked.
Sep 2 23:16:51 snort[1020]: Warning: flowbits key 'http.msproducer' is set but not ever checked.
Sep 2 23:16:51 snort[1020]: Warning: flowbits key 'http.msproducer' is set but not ever checked.
Sep 2 23:16:51 snort[1020]: Warning: flowbits key 'ET.gadu.loggedin' is checked but not ever set.
Sep 2 23:16:51 snort[1020]: Warning: flowbits key 'ET.gadu.loggedin' is checked but not ever set.
Sep 2 23:16:51 snort[1020]: Warning: flowbits key 'java_class_file.request' is checked but not ever set.
Sep 2 23:16:51 snort[1020]: Warning: flowbits key 'java_class_file.request' is checked but not ever set.
Sep 2 23:16:50 snort[1020]: Warning: flowbits key 'asp.upload' is set but not ever checked.
Sep 2 23:16:50 snort[1020]: Warning: flowbits key 'asp.upload' is set but not ever checked.
Sep 2 23:16:50 snort[1020]: Warning: flowbits key 'exe.download' is set but not ever checked.
Sep 2 23:16:50 snort[1020]: Warning: flowbits key 'exe.download' is set but not ever checked.
Sep 2 23:16:50 snort[1020]: Warning: flowbits key 'backup_file.request' is set but not ever checked.
Sep 2 23:16:50 snort[1020]: Warning: flowbits key 'backup_file.request' is set but not ever checked.
Sep 2 23:16:50 snort[1020]: Warning: flowbits key 'http.stat_code_407' is set but not ever checked.
Sep 2 23:16:50 snort[1020]: Warning: flowbits key 'http.stat_code_407' is set but not ever checked.
Sep 2 23:16:50 snort[1020]: Warning: flowbits key 'ipp.application' is checked but not ever set.
Sep 2 23:16:50 snort[1020]: Warning: flowbits key 'ipp.application' is checked but not ever set.
Sep 2 23:16:50 snort[1020]: Warning: flowbits key 'PtakkS_Keepalive' is set but not ever checked.
Sep 2 23:16:50 snort[1020]: Warning: flowbits key 'PtakkS_Keepalive' is set but not ever checked.
Sep 2 23:16:50 snort[1020]: Warning: flowbits key 'http.ttf' is set but not ever checked.
Sep 2 23:16:50 snort[1020]: Warning: flowbits key 'http.ttf' is set but not ever checked.
Sep 2 23:16:50 snort[1020]: Warning: flowbits key 'http.asx' is set but not ever checked.
Sep 2 23:16:50 snort[1020]: Warning: flowbits key 'http.asx' is set but not ever checked.
Sep 2 23:16:50 snort[1020]: Warning: flowbits key 'http.chm' is set but not ever checked.
Sep 2 23:16:50 snort[1020]: Warning: flowbits key 'http.chm' is set but not ever checked.
Sep 2 23:16:50 snort[1020]: Warning: flowbits key 'http.xls.biff5' is set but not ever checked.
Sep 2 23:16:50 snort[1020]: Warning: flowbits key 'http.xls.biff5' is set but not ever checked.
Sep 2 23:16:50 snort[1020]: Warning: flowbits key 'Backdoor.Bersek.Init' is set but not ever checked.
Sep 2 23:16:50 snort[1020]: Warning: flowbits key 'Backdoor.Bersek.Init' is set but not ever checked.
Sep 2 23:16:50 snort[1020]: Warning: flowbits key 'aiff_file.request' is set but not ever checked.
Sep 2 23:16:50 snort[1020]: Warning: flowbits key 'aiff_file.request' is set but not ever checked.
Sep 2 23:16:50 snort[1020]: Warning: flowbits key 'vnc.auth' is checked but not ever set.
Sep 2 23:16:50 snort[1020]: Warning: flowbits key 'vnc.auth' is checked but not ever set.
Sep 2 23:16:50 snort[1020]: Warning: flowbits key 'http.rat' is set but not ever checked.
Sep 2 23:16:50 snort[1020]: Warning: flowbits key 'http.rat' is set but not ever checked.
Sep 2 23:16:50 snort[1020]: Warning: flowbits key 'ET.RBN.Malvertiser' is set but not ever checked.
Sep 2 23:16:50 snort[1020]: Warning: flowbits key 'ET.RBN.Malvertiser' is set but not ever checked.
Sep 2 23:16:50 snort[1020]: Warning: flowbits key 'http.mkv' is set but not ever checked.
Sep 2 23:16:50 snort[1020]: Warning: flowbits key 'http.mkv' is set but not ever checked.
Sep 2 23:16:50 snort[1020]: Warning: flowbits key 'http.lzh' is set but not ever checked.
Sep 2 23:16:50 snort[1020]: Warning: flowbits key 'http.lzh' is set but not ever checked.
Sep 2 23:16:50 snort[1020]: Warning: flowbits key 'ET.http.binary' is checked but not ever set.
Sep 2 23:16:50 snort[1020]: Warning: flowbits key 'ET.http.binary' is checked but not ever set.
Sep 2 23:16:50 snort[1020]: Warning: flowbits key 'wav_file.request' is set but not ever checked.
Sep 2 23:16:50 snort[1020]: Warning: flowbits key 'wav_file.request' is set but not ever checked.
Sep 2 23:16:50 snort[1020]: Warning: flowbits key 'maki_file.request' is set but not ever checked.
Sep 2 23:16:50 snort[1020]: Warning: flowbits key 'maki_file.request' is set but not ever checked.
Sep 2 23:16:50 snort[1020]: Warning: flowbits key 'http.dxf' is checked but not ever set.
Sep 2 23:16:50 snort[1020]: Warning: flowbits key 'http.dxf' is checked but not ever set.
Sep 2 23:16:50 snort[1020]: Warning: flowbits key 'http.lnk' is set but not ever checked.
Sep 2 23:16:50 snort[1020]: Warning: flowbits key 'http.lnk' is set but not ever checked.
Sep 2 23:16:50 snort[1020]: Warning: flowbits key 'http.pmd' is set but not ever checked.
Sep 2 23:16:50 snort[1020]: Warning: flowbits key 'http.pmd' is set but not ever checked.
Sep 2 23:16:50 snort[1020]: Warning: flowbits key 'http.mswmm' is set but not ever checked.
Sep 2 23:16:50 snort[1020]: Warning: flowbits key 'http.mswmm' is set but not ever checked.
Sep 2 23:16:50 snort[1020]: Warning: flowbits key 'realplayer.playlist' is checked but not ever set.
Sep 2 23:16:50 snort[1020]: Warning: flowbits key 'realplayer.playlist' is checked but not ever set.
Sep 2 23:16:50 snort[1020]: Warning: flowbits key 'http.disco' is set but not ever checked.
Sep 2 23:16:50 snort[1020]: Warning: flowbits key 'http.disco' is set but not ever checked.
Sep 2 23:16:50 snort[1020]: Warning: flowbits key 'ET.Evil' is set but not ever checked.
Sep 2 23:16:50 snort[1020]: Warning: flowbits key 'ET.Evil' is set but not ever checked.
Sep 2 23:16:50 snort[1020]: Warning: flowbits key 'tlsv1.client_hello.certificate' is set but not ever checked.
Sep 2 23:16:50 snort[1020]: Warning: flowbits key 'tlsv1.client_hello.certificate' is set but not ever checked.
Sep 2 23:16:50 snort[1020]: Warning: flowbits key 'http.deploy' is set but not ever checked.
Sep 2 23:16:50 snort[1020]: Warning: flowbits key 'http.deploy' is set but not ever checked.
Sep 2 23:16:50 snort[1020]: Warning: flowbits key 'Netspy_Command_Pattern' is set but not ever checked.
Sep 2 23:16:50 snort[1020]: Warning: flowbits key 'Netspy_Command_Pattern' is set but not ever checked.
Sep 2 23:16:50 snort[1020]: Warning: flowbits key 'FraudLoad' is set but not ever checked.
Sep 2 23:16:50 snort[1020]: Warning: flowbits key 'FraudLoad' is set but not ever checked.
Sep 2 23:16:50 snort[1020]: Warning: flowbits key 'ms.publisher.file' is set but not ever checked.
Sep 2 23:16:50 snort[1020]: Warning: flowbits key 'ms.publisher.file' is set but not ever checked.
Sep 2 23:16:50 snort[1020]: Warning: flowbits key 'ET.http.javaclient.vulnerable' is checked but not ever set.
Sep 2 23:16:50 snort[1020]: Warning: flowbits key 'ET.http.javaclient.vulnerable' is checked but not ever set.
Sep 2 23:16:50 snort[1020]: Warning: flowbits key 'realmedia_file.request' is set but not ever checked.
Sep 2 23:16:50 snort[1020]: Warning: flowbits key 'realmedia_file.request' is set but not ever checked.
Sep 2 23:16:50 snort[1020]: Warning: flowbits key 'http.xlw' is checked but not ever set.
Sep 2 23:16:50 snort[1020]: Warning: flowbits key 'http.xlw' is checked but not ever set.
Sep 2 23:16:50 snort[1020]: Warning: flowbits key 'http.spray' is set but not ever checked.
Sep 2 23:16:50 snort[1020]: Warning: flowbits key 'http.spray' is set but not ever checked.
Sep 2 23:16:50 snort[1020]: Warning: flowbits key 'http.wma' is set but not ever checked.
Sep 2 23:16:50 snort[1020]: Warning: flowbits key 'http.wma' is set but not ever checked.
Sep 2 23:16:50 snort[1020]: Warning: flowbits key 'http.eot' is set but not ever checked.
Sep 2 23:16:50 snort[1020]: Warning: flowbits key 'http.eot' is set but not ever checked.
Sep 2 23:16:50 snort[1020]: Warning: flowbits key 'http.wmv' is set but not ever checked.
Sep 2 23:16:50 snort[1020]: Warning: flowbits key 'http.wmv' is set but not ever checked.
Sep 2 23:16:50 snort[1020]: Warning: flowbits key 'http.xpm' is checked but not ever set.
Sep 2 23:16:50 snort[1020]: Warning: flowbits key 'http.xpm' is checked but not ever set.
Sep 2 23:16:50 snort[1020]: Warning: flowbits key 'http.otf' is set but not ever checked.
Sep 2 23:16:50 snort[1020]: Warning: flowbits key 'http.otf' is set but not ever checked.
Sep 2 23:16:50 snort[1020]: Warning: flowbits key 'http.plf' is set but not ever checked.
Sep 2 23:16:50 snort[1020]: Warning: flowbits key 'http.plf' is set but not ever checked.
Sep 2 23:16:50 snort[1020]: Warning: flowbits key 'http.htm' is set but not ever checked.
Sep 2 23:16:50 snort[1020]: Warning: flowbits key 'http.htm' is set but not ever checked.
Sep 2 23:16:50 snort[1020]: Warning: flowbits key 'http.bmp' is checked but not ever set.
Sep 2 23:16:50 snort[1020]: Warning: flowbits key 'http.bmp' is checked but not ever set.
Sep 2 23:16:50 snort[1020]: Warning: flowbits key 'http.oless.v3' is set but not ever checked.
Sep 2 23:16:50 snort[1020]: Warning: flowbits key 'http.oless.v3' is set but not ever checked.
Sep 2 23:16:50 snort[1020]: Warning: flowbits key 'snipernet' is set but not ever checked.
Sep 2 23:16:50 snort[1020]: Warning: flowbits key 'snipernet' is set but not ever checked.
Sep 2 23:16:50 snort[1020]: Warning: flowbits key 'http.torrent' is checked but not ever set.
Sep 2 23:16:50 snort[1020]: Warning: flowbits key 'http.torrent' is checked but not ever set.
Sep 2 23:16:50 snort[1020]: Warning: flowbits key 'http.asf' is set but not ever checked.
Sep 2 23:16:50 snort[1020]: Warning: flowbits key 'http.asf' is set but not ever checked.
Sep 2 23:16:50 snort[1020]: Warning: flowbits key 'csv.download' is checked but not ever set.
Sep 2 23:16:50 snort[1020]: Warning: flowbits key 'csv.download' is checked but not ever set.
Sep 2 23:16:50 snort[1020]: Warning: flowbits key 'BrAin_Wiper_Chat' is set but not ever checked.
Sep 2 23:16:50 snort[1020]: Warning: flowbits key 'BrAin_Wiper_Chat' is set but not ever checked.
Sep 2 23:16:50 snort[1020]: Warning: flowbits key 'http.eps.download' is set but not ever checked.
Sep 2 23:16:50 snort[1020]: Warning: flowbits key 'http.eps.download' is set but not ever checked.
Sep 2 23:16:50 snort[1020]: Warning: 'ignore_any_rules' option for Stream5 UDP disabled because of UDP rule with flow or flowbits option
Sep 2 23:16:50 snort[1020]: Warning: 'ignore_any_rules' option for Stream5 UDP disabled because of UDP rule with flow or flowbits option
Sep 2 23:16:50 snort[1020]: Verifying Preprocessor Configurations!
Sep 2 23:16:50 snort[1020]: Verifying Preprocessor Configurations!
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 15536, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 15536, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 17687, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 17687, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 17756, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 17756, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 17762, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 17762, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 16422, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 16422, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 16536, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 16536, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 17750, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 17750, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 18670, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 18670, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 16326, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 16326, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 17767, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 17767, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 16650, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 16650, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 16408, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 16408, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 16241, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 16241, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 15505, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 15505, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 16662, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 16662, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 17203, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 17203, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 17690, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 17690, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 18200, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 18200, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 17696, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 17696, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 17765, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 17765, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 16649, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 16649, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 11619, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 11619, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 16294, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 16294, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 16633, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 16633, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 16186, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 16186, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 15465, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 15465, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 17743, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 17743, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 13980, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 13980, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 16464, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 16464, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 18068, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 18068, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 13879, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 13879, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 15115, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 15115, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 17752, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 17752, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 18408, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 18408, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 17255, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 17255, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 17683, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 17683, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 17686, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 17686, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 16233, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 16233, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 16318, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 16318, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 16375, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 16375, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 16154, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 16154, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 16640, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 16640, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 16221, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 16221, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 13630, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 13630, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 15694, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 15694, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 13469, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 13469, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 13455, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 13455, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 13677, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 13677, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 13308, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 13308, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 17193, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 17193, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 17755, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 17755, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 13971, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 13971, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 16182, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 16182, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 15537, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 15537, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 13629, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 13629, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 13826, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 13826, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 15148, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 15148, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 15517, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 15517, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 13975, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 13975, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 16223, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 16223, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 18204, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 18204, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 17773, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 17773, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 13448, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 13448, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 13825, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 13825, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 15328, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 15328, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 16657, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 16657, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 16222, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 16222, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 13454, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 13454, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 16646, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 16646, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 15534, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 15534, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 14642, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 14642, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 15462, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 15462, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 16505, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 16505, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 15461, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 15461, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 18673, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 18673, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 13456, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 13456, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 18622, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 18622, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 17766, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 17766, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 17731, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 17731, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 15734, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 15734, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 15365, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 15365, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 16315, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 16315, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 15303, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 15303, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 17684, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 17684, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 16535, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 16535, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 15470, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 15470, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 18413, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 18413, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 13453, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 13453, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 17242, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 17242, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 16151, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 16151, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 17695, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 17695, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 16343, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 16343, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 16416, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 16416, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 18620, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 18620, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 17181, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 17181, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 16564, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 16564, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 18621, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 18621, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 17681, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 17681, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 18639, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 18639, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 15454, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 15454, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 15535, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 15535, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 8092, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 8092, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 17185, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 17185, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 17129, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 17129, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 13960, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 13960, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 17121, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 17121, GID: 3 not registered properly. Disabling this rule.
Sep 2 23:16:50 snort[1020]: Encoded Rule Plugin SID: 15498, GID: 3 not registered properly. Disabling this
-
Check this http://forum.pfsense.org/index.php/topic,40568.0.html
It should help you as well.
-
Ermel - Should I just reinstall the package? I just did that… Thanks for the advise.
-
Snort exited about an hour and a half ago - different exit error - just odd that this keeps happening.
Any ideas on what I should do or be doing differently? I just made a possible link - I had the rules updating after 6hrs; could that have kicked the system and caused it to stop?** Update ** - the one that is giving me problems is Intel(R) Xeon(TM) CPU 3.06GHz - Dell PE 1750 w/ 2GB RAM; the other unit is P3 1Ghz w/ 512MB RAM and it is working fine. Just remoted into it; it has less rules running on it, so I don't know if that has anything to do with it either. Both have latest Squid/Lightsquid/Darkstat/mtr-nox11/vnstat2; I tried loading CountryBlock and that is giving problems with Xeon system.
Thanks!Sep 6 12:04:03 snort[57151]: Snort exiting
Sep 6 12:04:03 snort[57151]: Snort exiting
Sep 6 12:03:19 SnortStartup[37617]: Snort Soft Reload For 29323_bge1…
Sep 6 12:03:19 SnortStartup[37336]: Snort already running, soft restart
Sep 6 12:03:19 SnortStartup[35526]: Snort Startup files Sync…
Sep 6 12:03:16 snort[57151]: ===============================================================================
Sep 6 12:03:16 snort[57151]: ===============================================================================
Sep 6 12:03:16 snort[57151]: Detection disabled: 77
Sep 6 12:03:16 snort[57151]: Detection disabled: 77
Sep 6 12:03:16 snort[57151]: Sessions ignored: 3983
Sep 6 12:03:16 snort[57151]: Sessions ignored: 3983
Sep 6 12:03:16 snort[57151]: Bad handshakes: 0
Sep 6 12:03:16 snort[57151]: Bad handshakes: 0
Sep 6 12:03:16 snort[57151]: Completed handshakes: 0
Sep 6 12:03:16 snort[57151]: Completed handshakes: 0
Sep 6 12:03:16 snort[57151]: Unrecognized records: 5726
Sep 6 12:03:16 snort[57151]: Unrecognized records: 5726
Sep 6 12:03:16 snort[57151]: Alert: 318
Sep 6 12:03:16 snort[57151]: Alert: 318
Sep 6 12:03:16 snort[57151]: Server Application: 3984
Sep 6 12:03:16 snort[57151]: Server Application: 3984
Sep 6 12:03:16 snort[57151]: Client Application: 351
Sep 6 12:03:16 snort[57151]: Client Application: 351
Sep 6 12:03:16 snort[57151]: Finished: 0
Sep 6 12:03:16 snort[57151]: Finished: 0
Sep 6 12:03:16 snort[57151]: Change Cipher: 3518
Sep 6 12:03:16 snort[57151]: Change Cipher: 3518
Sep 6 12:03:16 snort[57151]: Server Key Exchange: 4
Sep 6 12:03:16 snort[57151]: Server Key Exchange: 4
Sep 6 12:03:16 snort[57151]: Client Key Exchange: 14
Sep 6 12:03:16 snort[57151]: Client Key Exchange: 14
Sep 6 12:03:16 snort[57151]: Server Done: 3474
Sep 6 12:03:16 snort[57151]: Server Done: 3474
Sep 6 12:03:16 snort[57151]: Certificate: 1899
Sep 6 12:03:16 snort[57151]: Certificate: 1899
Sep 6 12:03:16 snort[57151]: Server Hello: 3524
Sep 6 12:03:16 snort[57151]: Server Hello: 3524
Sep 6 12:03:16 snort[57151]: Client Hello: 43
Sep 6 12:03:16 snort[57151]: Client Hello: 43
Sep 6 12:03:16 snort[57151]: SSL packets decoded: 13964
Sep 6 12:03:16 snort[57151]: SSL packets decoded: 13964
Sep 6 12:03:16 snort[57151]: SSL Preprocessor:
Sep 6 12:03:16 snort[57151]: SSL Preprocessor:
Sep 6 12:03:16 snort[57151]: ===============================================================================
Sep 6 12:03:16 snort[57151]: ===============================================================================
Sep 6 12:03:16 snort[57151]: Total sessions: 0
Sep 6 12:03:16 snort[57151]: Total sessions: 0
Sep 6 12:03:16 snort[57151]: dcerpc2 Preprocessor Statistics
Sep 6 12:03:16 snort[57151]: dcerpc2 Preprocessor Statistics
Sep 6 12:03:16 snort[57151]: ===============================================================================
Sep 6 12:03:16 snort[57151]: ===============================================================================
Sep 6 12:03:16 snort[57151]: Total packets processed: 622710
Sep 6 12:03:16 snort[57151]: Total packets processed: 622710
Sep 6 12:03:16 snort[57151]: Gzip Decompressed Data Processed: n/a
Sep 6 12:03:16 snort[57151]: Gzip Decompressed Data Processed: n/a
Sep 6 12:03:16 snort[57151]: Gzip Compressed Data Processed: n/a
Sep 6 12:03:16 snort[57151]: Gzip Compressed Data Processed: n/a
Sep 6 12:03:16 snort[57151]: HTTP Response Gzip packets extracted: 0
Sep 6 12:03:16 snort[57151]: HTTP Response Gzip packets extracted: 0
Sep 6 12:03:16 snort[57151]: Self-referencing paths ("./"): 0
Sep 6 12:03:16 snort[57151]: Self-referencing paths ("./"): 0
Sep 6 12:03:16 snort[57151]: Extra slashes ("//"): 0
Sep 6 12:03:16 snort[57151]: Extra slashes ("//"): 0
Sep 6 12:03:16 snort[57151]: Directory traversals: 0
Sep 6 12:03:16 snort[57151]: Directory traversals: 0
Sep 6 12:03:16 snort[57151]: Base 36: 0
Sep 6 12:03:16 snort[57151]: Base 36: 0
Sep 6 12:03:16 snort[57151]: Non-ASCII representable: 0
Sep 6 12:03:16 snort[57151]: Non-ASCII representable: 0
Sep 6 12:03:16 snort[57151]: Double unicode: 0
Sep 6 12:03:16 snort[57151]: Double unicode: 0
Sep 6 12:03:16 snort[57151]: Unicode: 0
Sep 6 12:03:16 snort[57151]: Unicode: 0
Sep 6 12:03:16 snort[57151]: HTTP Response Cookies extracted: 0
Sep 6 12:03:16 snort[57151]: HTTP Response Cookies extracted: 0
Sep 6 12:03:16 snort[57151]: HTTP response Headers extracted: 0
Sep 6 12:03:16 snort[57151]: HTTP response Headers extracted: 0
Sep 6 12:03:16 snort[57151]: Post parameters extracted: 0
Sep 6 12:03:16 snort[57151]: Post parameters extracted: 0
Sep 6 12:03:16 snort[57151]: HTTP Request Cookies extracted: 0
Sep 6 12:03:16 snort[57151]: HTTP Request Cookies extracted: 0
Sep 6 12:03:16 snort[57151]: HTTP Request Headers extracted: 1
Sep 6 12:03:16 snort[57151]: HTTP Request Headers extracted: 1
Sep 6 12:03:16 snort[57151]: GET methods: 1
Sep 6 12:03:16 snort[57151]: GET methods: 1
Sep 6 12:03:16 snort[57151]: POST methods: 0
Sep 6 12:03:16 snort[57151]: POST methods: 0
Sep 6 12:03:16 snort[57151]: HTTP Inspect - encodings (Note: stream-reassembled packets included):
Sep 6 12:03:16 snort[57151]: HTTP Inspect - encodings (Note: stream-reassembled packets included):
Sep 6 12:03:16 snort[57151]: ===============================================================================
Sep 6 12:03:16 snort[57151]: ===============================================================================
Sep 6 12:03:16 snort[57151]: Tracked: 188225
Sep 6 12:03:16 snort[57151]: Tracked: 188225
Sep 6 12:03:16 snort[57151]: Inspected: 0
Sep 6 12:03:16 snort[57151]: Inspected: 0
Sep 6 12:03:16 snort[57151]: Dropped: 0
Sep 6 12:03:16 snort[57151]: Dropped: 0
Sep 6 12:03:16 snort[57151]: UDP Port Filter
Sep 6 12:03:16 snort[57151]: UDP Port Filter
Sep 6 12:03:16 snort[57151]: Tracked: 957187
Sep 6 12:03:16 snort[57151]: Tracked: 957187
Sep 6 12:03:16 snort[57151]: Inspected: 0
Sep 6 12:03:16 snort[57151]: Inspected: 0
Sep 6 12:03:16 snort[57151]: Dropped: 0
Sep 6 12:03:16 snort[57151]: Dropped: 0
Sep 6 12:03:16 snort[57151]: TCP Port Filter
Sep 6 12:03:16 snort[57151]: TCP Port Filter
Sep 6 12:03:16 snort[57151]: Internal Events: 0
Sep 6 12:03:16 snort[57151]: Internal Events: 0
Sep 6 12:03:16 snort[57151]: Events: 0
Sep 6 12:03:16 snort[57151]: Events: 0
Sep 6 12:03:16 snort[57151]: UDP Discards: 0
Sep 6 12:03:16 snort[57151]: UDP Discards: 0
Sep 6 12:03:16 snort[57151]: UDP Timeouts: 6359
Sep 6 12:03:16 snort[57151]: UDP Timeouts: 6359
Sep 6 12:03:16 snort[57151]: UDP Sessions Deleted: 45693
Sep 6 12:03:16 snort[57151]: UDP Sessions Deleted: 45693
Sep 6 12:03:16 snort[57151]: UDP Sessions Created: 45693
Sep 6 12:03:16 snort[57151]: UDP Sessions Created: 45693
Sep 6 12:03:16 snort[57151]: TCP Gaps: 5
Sep 6 12:03:16 snort[57151]: TCP Gaps: 5
Sep 6 12:03:16 snort[57151]: TCP Discards: 823877
Sep 6 12:03:16 snort[57151]: TCP Discards: 823877
Sep 6 12:03:16 snort[57151]: TCP Segments Used: 10
Sep 6 12:03:16 snort[57151]: TCP Segments Used: 10
Sep 6 12:03:16 snort[57151]: TCP Rebuilt Packets: 7
Sep 6 12:03:16 snort[57151]: TCP Rebuilt Packets: 7
Sep 6 12:03:16 snort[57151]: TCP Segments Released: 13
Sep 6 12:03:16 snort[57151]: TCP Segments Released: 13
Sep 6 12:03:16 snort[57151]: TCP Segments Queued: 13
Sep 6 12:03:16 snort[57151]: TCP Segments Queued: 13
Sep 6 12:03:16 snort[57151]: TCP Overlaps: 13
Sep 6 12:03:16 snort[57151]: TCP Overlaps: 13
Sep 6 12:03:16 snort[57151]: TCP Timeouts: 10170
Sep 6 12:03:16 snort[57151]: TCP Timeouts: 10170
Sep 6 12:03:16 snort[57151]: TCP StreamTrackers Deleted: 44311
Sep 6 12:03:16 snort[57151]: TCP StreamTrackers Deleted: 44311
Sep 6 12:03:16 snort[57151]: TCP StreamTrackers Created: 44311
Sep 6 12:03:16 snort[57151]: TCP StreamTrackers Created: 44311
Sep 6 12:03:16 snort[57151]: ICMP Prunes: 0
Sep 6 12:03:16 snort[57151]: ICMP Prunes: 0
Sep 6 12:03:16 snort[57151]: UDP Prunes: 0
Sep 6 12:03:16 snort[57151]: UDP Prunes: 0
Sep 6 12:03:16 snort[57151]: TCP Prunes: 0
Sep 6 12:03:16 snort[57151]: TCP Prunes: 0
Sep 6 12:03:16 snort[57151]: ICMP sessions: 0
Sep 6 12:03:16 snort[57151]: ICMP sessions: 0
Sep 6 12:03:16 snort[57151]: UDP sessions: 39334
Sep 6 12:03:16 snort[57151]: UDP sessions: 39334
Sep 6 12:03:16 snort[57151]: TCP sessions: 40508
Sep 6 12:03:16 snort[57151]: TCP sessions: 40508
Sep 6 12:03:16 snort[57151]: Total sessions: 79842
Sep 6 12:03:16 snort[57151]: Total sessions: 79842
Sep 6 12:03:16 snort[57151]: Stream5 statistics:
Sep 6 12:03:16 snort[57151]: Stream5 statistics:
Sep 6 12:03:16 snort[57151]: ===============================================================================
Sep 6 12:03:16 snort[57151]: ===============================================================================
Sep 6 12:03:16 snort[57151]: Frag Nodes Deleted: 269
Sep 6 12:03:16 snort[57151]: Frag Nodes Deleted: 269
Sep 6 12:03:16 snort[57151]: Frag Nodes Inserted: 269
Sep 6 12:03:16 snort[57151]: Frag Nodes Inserted: 269
Sep 6 12:03:16 snort[57151]: FragTrackers Auto Freed: 0
Sep 6 12:03:16 snort[57151]: FragTrackers Auto Freed: 0
Sep 6 12:03:16 snort[57151]: FragTrackers Dumped: 120
Sep 6 12:03:16 snort[57151]: FragTrackers Dumped: 120
Sep 6 12:03:16 snort[57151]: FragTrackers Added: 120
Sep 6 12:03:16 snort[57151]: FragTrackers Added: 120
Sep 6 12:03:16 snort[57151]: Drops: 0
Sep 6 12:03:16 snort[57151]: Drops: 0
Sep 6 12:03:16 snort[57151]: Alerts: 0
Sep 6 12:03:16 snort[57151]: Alerts: 0
Sep 6 12:03:16 snort[57151]: Anomalies: 0
Sep 6 12:03:16 snort[57151]: Anomalies: 0
Sep 6 12:03:16 snort[57151]: Overlaps: 0
Sep 6 12:03:16 snort[57151]: Overlaps: 0
Sep 6 12:03:16 snort[57151]: Timeouts: 0
Sep 6 12:03:16 snort[57151]: Timeouts: 0
Sep 6 12:03:16 snort[57151]: Memory Faults: 0
Sep 6 12:03:16 snort[57151]: Memory Faults: 0
Sep 6 12:03:16 snort[57151]: Discards: 0
Sep 6 12:03:16 snort[57151]: Discards: 0
Sep 6 12:03:16 snort[57151]: Frags Reassembled: 120
Sep 6 12:03:16 snort[57151]: Frags Reassembled: 120
Sep 6 12:03:16 snort[57151]: Total Fragments: 269
Sep 6 12:03:16 snort[57151]: Total Fragments: 269
Sep 6 12:03:16 snort[57151]: Frag3 statistics:
Sep 6 12:03:16 snort[57151]: Frag3 statistics:
Sep 6 12:03:16 snort[57151]: ===============================================================================
Sep 6 12:03:16 snort[57151]: ===============================================================================
Sep 6 12:03:16 snort[57151]: Ignore: 0 ( 0.000%)
Sep 6 12:03:16 snort[57151]: Ignore: 0 ( 0.000%)
Sep 6 12:03:16 snort[57151]: Blacklist: 0 ( 0.000%)
Sep 6 12:03:16 snort[57151]: Blacklist: 0 ( 0.000%)
Sep 6 12:03:16 snort[57151]: Whitelist: 0 ( 0.000%)
Sep 6 12:03:16 snort[57151]: Whitelist: 0 ( 0.000%)
Sep 6 12:03:16 snort[57151]: Replace: 0 ( 0.000%)
Sep 6 12:03:16 snort[57151]: Replace: 0 ( 0.000%)
Sep 6 12:03:16 snort[57151]: Block: 0 ( 0.000%)
Sep 6 12:03:16 snort[57151]: Block: 0 ( 0.000%)
Sep 6 12:03:16 snort[57151]: Allow: 2939788 ( 99.998%)
Sep 6 12:03:16 snort[57151]: Allow: 2939788 ( 99.998%)
Sep 6 12:03:16 snort[57151]: Verdicts:
Sep 6 12:03:16 snort[57151]: Verdicts:
Sep 6 12:03:16 snort[57151]: Event Limit: 0
Sep 6 12:03:16 snort[57151]: Event Limit: 0
Sep 6 12:03:16 snort[57151]: Log Limit: 0
Sep 6 12:03:16 snort[57151]: Log Limit: 0
Sep 6 12:03:16 snort[57151]: Queue Limit: 0
Sep 6 12:03:16 snort[57151]: Queue Limit: 0
Sep 6 12:03:16 snort[57151]: Match Limit: 0
Sep 6 12:03:16 snort[57151]: Match Limit: 0
Sep 6 12:03:16 snort[57151]: Passed: 0 ( 0.000%)
Sep 6 12:03:16 snort[57151]: Passed: 0 ( 0.000%)
Sep 6 12:03:16 snort[57151]: Logged: 281 ( 0.010%)
Sep 6 12:03:16 snort[57151]: Logged: 281 ( 0.010%)
Sep 6 12:03:16 snort[57151]: Alerts: 281 ( 0.010%)
Sep 6 12:03:16 snort[57151]: Alerts: 281 ( 0.010%)
Sep 6 12:03:16 snort[57151]: Action Stats:
Sep 6 12:03:16 snort[57151]: Action Stats:
Sep 6 12:03:16 snort[57151]: ===============================================================================
Sep 6 12:03:16 snort[57151]: ===============================================================================
Sep 6 12:03:16 snort[57151]: Total: 2939918
Sep 6 12:03:16 snort[57151]: Total: 2939918
Sep 6 12:03:16 snort[57151]: S5 G 2: 2 ( 0.000%)
Sep 6 12:03:16 snort[57151]: S5 G 2: 2 ( 0.000%)
Sep 6 12:03:16 snort[57151]: S5 G 1: 8 ( 0.000%)
Sep 6 12:03:16 snort[57151]: S5 G 1: 8 ( 0.000%)
Sep 6 12:03:16 snort[57151]: Bad TTL: 0 ( 0.000%)
Sep 6 12:03:16 snort[57151]: Bad TTL: 0 ( 0.000%)
Sep 6 12:03:16 snort[57151]: Bad Chk Sum: 1708504 ( 58.114%)
Sep 6 12:03:16 snort[57151]: Bad Chk Sum: 1708504 ( 58.114%)
Sep 6 12:03:16 snort[57151]: Other: 103668 ( 3.526%)
Sep 6 12:03:16 snort[57151]: Other: 103668 ( 3.526%)
Sep 6 12:03:16 snort[57151]: All Discard: 0 ( 0.000%)
Sep 6 12:03:16 snort[57151]: All Discard: 0 ( 0.000%)
Sep 6 12:03:16 snort[57151]: ICMP Disc: 0 ( 0.000%)
Sep 6 12:03:16 snort[57151]: ICMP Disc: 0 ( 0.000%)
Sep 6 12:03:16 snort[57151]: UDP Disc: 0 ( 0.000%)
Sep 6 12:03:16 snort[57151]: UDP Disc: 0 ( 0.000%)
Sep 6 12:03:16 snort[57151]: TCP Disc: 0 ( 0.000%)
Sep 6 12:03:16 snort[57151]: TCP Disc: 0 ( 0.000%)
Sep 6 12:03:16 snort[57151]: IP6 Disc: 0 ( 0.000%)
Sep 6 12:03:16 snort[57151]: IP6 Disc: 0 ( 0.000%)
Sep 6 12:03:16 snort[57151]: IP4 Disc: 0 ( 0.000%)
Sep 6 12:03:16 snort[57151]: IP4 Disc: 0 ( 0.000%)
Sep 6 12:03:16 snort[57151]: Eth Disc: 0 ( 0.000%)
Sep 6 12:03:16 snort[57151]: Eth Disc: 0 ( 0.000%)
Sep 6 12:03:16 snort[57151]: Eth Loop: 863 ( 0.029%)
Sep 6 12:03:16 snort[57151]: Eth Loop: 863 ( 0.029%)
Sep 6 12:03:16 snort[57151]: IPX: 0 ( 0.000%)
Sep 6 12:03:16 snort[57151]: IPX: 0 ( 0.000%)
Sep 6 12:03:16 snort[57151]: ARP: 36 ( 0.001%)
Sep 6 12:03:16 snort[57151]: ARP: 36 ( 0.001%)
Sep 6 12:03:16 snort[57151]: MPLS: 0 ( 0.000%)
Sep 6 12:03:16 snort[57151]: MPLS: 0 ( 0.000%)
Sep 6 12:03:16 snort[57151]: GRE Loop: 0 ( 0.000%)
Sep 6 12:03:16 snort[57151]: GRE Loop: 0 ( 0.000%)
Sep 6 12:03:16 snort[57151]: GRE IPX: 0 ( 0.000%)
Sep 6 12:03:16 snort[57151]: GRE IPX: 0 ( 0.000%)
Sep 6 12:03:16 snort[57151]: GRE ARP: 0 ( 0.000%)
Sep 6 12:03:16 snort[57151]: GRE ARP: 0 ( 0.000%)
Sep 6 12:03:16 snort[57151]: GRE PPTP: 216643 ( 7.369%)
Sep 6 12:03:16 snort[57151]: GRE PPTP: 216643 ( 7.369%)
Sep 6 12:03:16 snort[57151]: GRE IP6 Ext: 0 ( 0.000%)
Sep 6 12:03:16 snort[57151]: GRE IP6 Ext: 0 ( 0.000%)
Sep 6 12:03:16 snort[57151]: GRE IP6: 0 ( 0.000%)
Sep 6 12:03:16 snort[57151]: GRE IP6: 0 ( 0.000%)
Sep 6 12:03:16 snort[57151]: GRE IP4: 0 ( 0.000%)
Sep 6 12:03:16 snort[57151]: GRE IP4: 0 ( 0.000%)
Sep 6 12:03:16 snort[57151]: GRE VLAN: 0 ( 0.000%)
Sep 6 12:03:16 snort[57151]: GRE VLAN: 0 ( 0.000%)
Sep 6 12:03:16 snort[57151]: GRE Eth: 0 ( 0.000%)
Sep 6 12:03:16 snort[57151]: GRE Eth: 0 ( 0.000%)
Sep 6 12:03:16 snort[57151]: GRE: 216643 ( 7.369%)
Sep 6 12:03:16 snort[57151]: GRE: 216643 ( 7.369%)
Sep 6 12:03:16 snort[57151]: IP6/IP6: 0 ( 0.000%)
Sep 6 12:03:16 snort[57151]: IP6/IP6: 0 ( 0.000%)
Sep 6 12:03:16 snort[57151]: IP6/IP4: 0 ( 0.000%)
Sep 6 12:03:16 snort[57151]: IP6/IP4: 0 ( 0.000%)
Sep 6 12:03:16 snort[57151]: IP4/IP6: 0 ( 0.000%)
Sep 6 12:03:16 snort[57151]: IP4/IP6: 0 ( 0.000%)
Sep 6 12:03:16 snort[57151]: IP4/IP4: 0 ( 0.000%)
Sep 6 12:03:16 snort[57151]: IP4/IP4: 0 ( 0.000%)
Sep 6 12:03:16 snort[57151]: EAPOL: 0 ( 0.000%)
Sep 6 12:03:16 snort[57151]: EAPOL: 0 ( 0.000%)
Sep 6 12:03:16 snort[57151]: ICMP-IP: 0 ( 0.000%)
Sep 6 12:03:16 snort[57151]: ICMP-IP: 0 ( 0.000%)
Sep 6 12:03:16 snort[57151]: Teredo: 0 ( 0.000%)
Sep 6 12:03:16 snort[57151]: Teredo: 0 ( 0.000%)
Sep 6 12:03:16 snort[57151]: TCP6: 0 ( 0.000%)
Sep 6 12:03:16 snort[57151]: TCP6: 0 ( 0.000%)
Sep 6 12:03:16 snort[57151]: UDP6: 0 ( 0.000%)
Sep 6 12:03:16 snort[57151]: UDP6: 0 ( 0.000%)
Sep 6 12:03:16 snort[57151]: ICMP6: 0 ( 0.000%)
Sep 6 12:03:16 snort[57151]: ICMP6: 0 ( 0.000%)
Sep 6 12:03:16 snort[57151]: Frag6: 0 ( 0.000%)
Sep 6 12:03:16 snort[57151]: Frag6: 0 ( 0.000%)
Sep 6 12:03:16 snort[57151]: IP6 Opts: 0 ( 0.000%)
Sep 6 12:03:16 snort[57151]: IP6 Opts: 0 ( 0.000%)
Sep 6 12:03:16 snort[57151]: IP6 Ext: 0 ( 0.000%)
Sep 6 12:03:16 snort[57151]: IP6 Ext: 0 ( 0.000%)
Sep 6 12:03:16 snort[57151]: IP6: 0 ( 0.000%)
Sep 6 12:03:16 snort[57151]: IP6: 0 ( 0.000%)
Sep 6 12:03:16 snort[57151]: TCP: 2063769 ( 70.198%)
Sep 6 12:03:16 snort[57151]: TCP: 2063769 ( 70.198%)
Sep 6 12:03:16 snort[57151]: UDP: 554352 ( 18.856%)
Sep 6 12:03:16 snort[57151]: UDP: 554352 ( 18.856%)
Sep 6 12:03:16 snort[57151]: ICMP: 438 ( 0.015%)
Sep 6 12:03:16 snort[57151]: ICMP: 438 ( 0.015%)
Sep 6 12:03:16 snort[57151]: Frag: 269 ( 0.009%)
Sep 6 12:03:16 snort[57151]: Frag: 269 ( 0.009%)
Sep 6 12:03:16 snort[57151]: IP4: 2938875 ( 99.965%)
Sep 6 12:03:16 snort[57151]: IP4: 2938875 ( 99.965%)
Sep 6 12:03:16 snort[57151]: VLAN: 0 ( 0.000%)
Sep 6 12:03:16 snort[57151]: VLAN: 0 ( 0.000%)
Sep 6 12:03:16 snort[57151]: Eth: 2939918 (100.000%)
Sep 6 12:03:16 snort[57151]: Eth: 2939918 (100.000%)
Sep 6 12:03:16 snort[57151]: Breakdown by protocol (includes rebuilt packets):
Sep 6 12:03:16 snort[57151]: Breakdown by protocol (includes rebuilt packets):
Sep 6 12:03:16 snort[57151]: ===============================================================================
Sep 6 12:03:16 snort[57151]: ===============================================================================
Sep 6 12:03:16 snort[57151]: Injected: 0
Sep 6 12:03:16 snort[57151]: Injected: 0
Sep 6 12:03:16 snort[57151]: Outstanding: 70 ( 0.002%)
Sep 6 12:03:16 snort[57151]: Outstanding: 70 ( 0.002%)
Sep 6 12:03:16 snort[57151]: Filtered: 0 ( 0.000%)
Sep 6 12:03:16 snort[57151]: Filtered: 0 ( 0.000%)
Sep 6 12:03:16 snort[57151]: Dropped: 0 ( 0.000%)
Sep 6 12:03:16 snort[57151]: Dropped: 0 ( 0.000%)
Sep 6 12:03:16 snort[57151]: Analyzed: 2939788 ( 99.998%)
Sep 6 12:03:16 snort[57151]: Analyzed: 2939788 ( 99.998%)
Sep 6 12:03:16 snort[57151]: Received: 2939858
Sep 6 12:03:16 snort[57151]: Received: 2939858
Sep 6 12:03:16 snort[57151]: Packet I/O Totals:
Sep 6 12:03:16 snort[57151]: Packet I/O Totals:
Sep 6 12:03:16 snort[57151]: ===============================================================================
Sep 6 12:03:16 snort[57151]: ===============================================================================
Sep 6 12:03:15 snort[57151]: Pkts/sec: 340
Sep 6 12:03:15 snort[57151]: Pkts/sec: 340
Sep 6 12:03:15 snort[57151]: Pkts/min: 20557
Sep 6 12:03:15 snort[57151]: Pkts/min: 20557
Sep 6 12:03:15 snort[57151]: Pkts/hr: 1469894
Sep 6 12:03:15 snort[57151]: Pkts/hr: 1469894
Sep 6 12:03:15 snort[57151]: Snort ran for 0 days 2 hours 23 minutes 54 seconds
Sep 6 12:03:15 snort[57151]: Snort ran for 0 days 2 hours 23 minutes 54 seconds
Sep 6 12:03:15 snort[57151]: Snort processed 2939788 packets.
Sep 6 12:03:15 snort[57151]: Snort processed 2939788 packets.
Sep 6 12:03:15 snort[57151]: Run time for packet processing was 8634.912405 seconds
Sep 6 12:03:15 snort[57151]: Run time for packet processing was 8634.912405 seconds
Sep 6 12:03:15 snort[57151]: ===============================================================================
Sep 6 12:03:15 snort[57151]: ===============================================================================
Sep 6 12:03:15 snort[57151]: *** Caught Term-Signal
Sep 6 12:03:15 snort[57151]: *** Caught Term-Signal
Sep 6 12:03:14 SnortStartup[33583]: Snort HARD STOP For 29323_bge1…
Sep 6 09:39:21 SnortStartup[57167]: Interface Rule START for 0_29323_bge1…
Sep 6 09:39:20 snort[57151]: Commencing packet processing (pid=57151)
Sep 6 09:39:20 snort[57151]: Commencing packet processing (pid=57151)
Sep 6 09:39:20 snort[57151]: –== Initialization Complete ==--
Sep 6 09:39:20 snort[57151]: –== Initialization Complete ==--
Sep 6 09:39:20 snort[57151]:
Sep 6 09:39:20 snort[57151]:
Sep 6 09:39:20 snort[57151]: Set uid to 920
Sep 6 09:39:20 snort[57151]: Set uid to 920
Sep 6 09:39:20 snort[57151]: Set gid to 920
Sep 6 09:39:20 snort[57151]: Set gid to 920
Sep 6 09:39:20 snort[57151]: Writing PID "57151" to file "/var/log/snort/run/snort_bge129323.pid"
Sep 6 09:39:20 snort[57151]: Writing PID "57151" to file "/var/log/snort/run/snort_bge129323.pid"
Sep 6 09:39:20 snort[57151]: PID path stat checked out ok, PID path set to /var/log/snort/run
Sep 6 09:39:20 snort[57151]: PID path stat checked out ok, PID path set to /var/log/snort/run
Sep 6 09:39:20 snort[57151]: Checking PID path…
Sep 6 09:39:20 snort[57151]: Checking PID path…
Sep 6 09:39:20 snort[57151]: Decoding Ethernet
Sep 6 09:39:20 snort[57151]: Decoding Ethernet
Sep 6 09:39:20 snort[57151]: Reload thread started, thread 0xa4eae280 (57151)
Sep 6 09:39:20 snort[57151]: Reload thread started, thread 0xa4eae280 (57151)
Sep 6 09:39:20 snort[57151]: Reload thread starting…
Sep 6 09:39:20 snort[57151]: Reload thread starting…
Sep 6 09:39:20 snort[57151]: Daemon initialized, signaled parent pid: 51114
Sep 6 09:39:20 snort[57151]: Daemon initialized, signaled parent pid: 51114
Sep 6 09:39:20 snort[51114]: Initializing daemon mode
Sep 6 09:39:20 snort[51114]: Initializing daemon mode
Sep 6 09:39:20 snort[51114]: Acquiring network traffic from "bge1".
Sep 6 09:39:20 snort[51114]: Acquiring network traffic from "bge1".
Sep 6 09:39:20 snort[51114]: pcap DAQ configured to passive.
Sep 6 09:39:20 snort[51114]: pcap DAQ configured to passive.
Sep 6 09:39:20 snort[51114]: +–--------------------------------------------------------------
Sep 6 09:39:20 snort[51114]: +–--------------------------------------------------------------
Sep 6 09:39:20 snort[51114]: | DFA : 1669.88
Sep 6 09:39:20 snort[51114]: | DFA : 1669.88
Sep 6 09:39:20 snort[51114]: | Fail States : 8.04
Sep 6 09:39:20 snort[51114]: | Fail States : 8.04
Sep 6 09:39:20 snort[51114]: | Match Lists : 24.16
Sep 6 09:39:20 snort[51114]: | Match Lists : 24.16
Sep 6 09:39:20 snort[51114]: | Patterns : 15.88
Sep 6 09:39:20 snort[51114]: | Patterns : 15.88
Sep 6 09:39:20 snort[51114]: | Memory (MB) : 1718.40
Sep 6 09:39:20 snort[51114]: | Memory (MB) : 1718.40
Sep 6 09:39:20 snort[51114]: | Match States : 240112
Sep 6 09:39:20 snort[51114]: | Match States : 240112
Sep 6 09:39:20 snort[51114]: | Patterns : 229890
Sep 6 09:39:20 snort[51114]: | Patterns : 229890
Sep 6 09:39:20 snort[51114]: | State Density : 39.6%
Sep 6 09:39:20 snort[51114]: | State Density : 39.6%
Sep 6 09:39:20 snort[51114]: | Transitions : 213684136
Sep 6 09:39:20 snort[51114]: | Transitions : 213684136
Sep 6 09:39:20 snort[51114]: | States : 2108550
Sep 6 09:39:20 snort[51114]: | States : 2108550
Sep 6 09:39:20 snort[51114]: | Characters : 2807840
Sep 6 09:39:20 snort[51114]: | Characters : 2807840
Sep 6 09:39:20 snort[51114]: | Instances : 1514
Sep 6 09:39:20 snort[51114]: | Instances : 1514
Sep 6 09:39:20 snort[51114]: | Sizeof State : 4 bytes
Sep 6 09:39:20 snort[51114]: | Sizeof State : 4 bytes
Sep 6 09:39:20 snort[51114]: | Alphabet Size : 256 Chars
Sep 6 09:39:20 snort[51114]: | Alphabet Size : 256 Chars
Sep 6 09:39:20 snort[51114]: | Finite Automaton : DFA
Sep 6 09:39:20 snort[51114]: | Finite Automaton : DFA
Sep 6 09:39:20 snort[51114]: | Storage Format : Sparse-Bands
Sep 6 09:39:20 snort[51114]: | Storage Format : Sparse-Bands
Sep 6 09:39:20 snort[51114]: +- [ Aho-Corasick Summary ] –-----------------------------------
Sep 6 09:39:20 snort[51114]: +- [ Aho-Corasick Summary ] –-----------------------------------
Sep 6 09:39:20 snort[51114]: [ Port Based Pattern Matching Memory ]
Sep 6 09:39:20 snort[51114]: [ Port Based Pattern Matching Memory ]
Sep 6 09:39:20 snort[51114]:
Sep 6 09:39:20 snort[51114]:
Sep 6 09:35:26 snort[51114]: 406 out of 1024 flowbits in use.
Sep 6 09:35:26 snort[51114]: 406 out of 1024 flowbits in use.
Sep 6 09:35:26 snort[51114]: Warning: flowbits key 'http.pdf' is checked but not ever set.
Sep 6 09:35:26 snort[51114]: Warning: flowbits key 'http.pdf' is checked but not ever set.
Sep 6 09:35:26 snort[51114]: Warning: flowbits key 'PtakkS_Keepalive' is set but not ever checked.
Sep 6 09:35:26 snort[51114]: Warning: flowbits key 'PtakkS_Keepalive' is set but not ever checked.
Sep 6 09:35:26 snort[51114]: Warning: flowbits key 'http.exe' is checked but not ever set.
Sep 6 09:35:26 snort[51114]: Warning: flowbits key 'http.exe' is checked but not ever set.
Sep 6 09:35:26 snort[51114]: Warning: flowbits key 'vnc.auth' is checked but not ever set.
Sep 6 09:35:26 snort[51114]: Warning: flowbits key 'vnc.auth' is checked but not ever set.
Sep 6 09:35:26 snort[51114]: Warning: flowbits key 'ET.RBN' is set but not ever checked.
Sep 6 09:35:26 snort[51114]: Warning: flowbits key 'ET.RBN' is set but not ever checked.
Sep 6 09:35:26 snort[51114]: Warning: flowbits key 'ET.RBN.Malvertiser' is set but not ever checked.
Sep 6 09:35:26 snort[51114]: Warning: flowbits key 'ET.RBN.Malvertiser' is set but not ever checked.
Sep 6 09:35:26 snort[51114]: Warning: flowbits key 'http.realplayer' is checked but not ever set.
Sep 6 09:35:26 snort[51114]: Warning: flowbits key 'http.realplayer' is checked but not ever set.
Sep 6 09:35:26 snort[51114]: Warning: flowbits key 'http.swf' is checked but not ever set.
Sep 6 09:35:26 snort[51114]: Warning: flowbits key 'http.swf' is checked but not ever set.
Sep 6 09:35:26 snort[51114]: Warning: flowbits key 'sslv2.server_hello.request' is checked but not ever set.
Sep 6 09:35:26 snort[51114]: Warning: flowbits key 'sslv2.server_hello.request' is checked but not ever set.
Sep 6 09:35:26 snort[51114]: Warning: flowbits key 'download.pecompact.binary' is checked but not ever set.
Sep 6 09:35:26 snort[51114]: Warning: flowbits key 'download.pecompact.binary' is checked but not ever set.
Sep 6 09:35:26 snort[51114]: Warning: flowbits key 'Netspy_Command_Pattern' is set but not ever checked.
Sep 6 09:35:26 snort[51114]: Warning: flowbits key 'Netspy_Command_Pattern' is set but not ever checked.
Sep 6 09:35:26 snort[51114]: Warning: flowbits key 'java_class_file.request' is checked but not ever set.
Sep 6 09:35:26 snort[51114]: Warning: flowbits key 'java_class_file.request' is checked but not ever set.
Sep 6 09:35:26 snort[51114]: Warning: flowbits key '4xm.request' is checked but not ever set.
Sep 6 09:35:26 snort[51114]: Warning: flowbits key '4xm.request' is checked but not ever set.
Sep 6 09:35:26 snort[51114]: Warning: flowbits key 'tlsv1.client_hello.request' is checked but not ever set.
Sep 6 09:35:26 snort[51114]: Warning: flowbits key 'tlsv1.client_hello.request' is checked but not ever set.
Sep 6 09:35:26 snort[51114]: Warning: flowbits key 'http.xpm' is checked but not ever set.
Sep 6 09:35:26 snort[51114]: Warning: flowbits key 'http.xpm' is checked but not ever set.
Sep 6 09:35:26 snort[51114]: Warning: flowbits key 'http.torrent' is checked but not ever set.
Sep 6 09:35:26 snort[51114]: Warning: flowbits key 'http.torrent' is checked but not ever set.
Sep 6 09:35:26 snort[51114]: Warning: flowbits key 'tlsv1.server_hello.request' is checked but not ever set.
Sep 6 09:35:26 snort[51114]: Warning: flowbits key 'tlsv1.server_hello.request' is checked but not ever set.
Sep 6 09:35:26 snort[51114]: Warning: flowbits key 'ET.Evil' is set but not ever checked.
Sep 6 09:35:26 snort[51114]: Warning: flowbits key 'ET.Evil' is set but not ever checked.
Sep 6 09:35:26 snort[51114]: Warning: flowbits key 'eot.download' is checked but not ever set.
Sep 6 09:35:26 snort[51114]: Warning: flowbits key 'eot.download' is checked but not ever set.
Sep 6 09:35:26 snort[51114]: Warning: flowbits key 'http.search-ms' is checked but not ever set.
Sep 6 09:35:26 snort[51114]: Warning: flowbits key 'http.search-ms' is checked but not ever set.
Sep 6 09:35:26 snort[51114]: Warning: flowbits key 'http.ttf' is checked but not ever set.
Sep 6 09:35:26 snort[51114]: Warning: flowbits key 'http.ttf' is checked but not ever set.
Sep 6 09:35:26 snort[51114]: Warning: flowbits key 'http.pct' is checked but not ever set.
Sep 6 09:35:26 snort[51114]: Warning: flowbits key 'http.pct' is checked but not ever set.
Sep 6 09:35:26 snort[51114]: Warning: flowbits key 'http.jpeg' is checked but not ever set.
Sep 6 09:35:26 snort[51114]: Warning: flowbits key 'http.jpeg' is checked but not ever set.
Sep 6 09:35:26 snort[51114]: Warning: flowbits key 'ET.http.javaclient.vulnerable' is checked but not ever set.
Sep 6 09:35:26 snort[51114]: Warning: flowbits key 'ET.http.javaclient.vulnerable' is checked but not ever set.
Sep 6 09:35:26 snort[51114]: Warning: flowbits key 'Backdoor.Bersek.Init' is set but not ever checked.
Sep 6 09:35:26 snort[51114]: Warning: flowbits key 'Backdoor.Bersek.Init' is set but not ever checked.
Sep 6 09:35:26 snort[51114]: Warning: flowbits key 'http.cov' is checked but not ever set.
Sep 6 09:35:26 snort[51114]: Warning: flowbits key 'http.cov' is checked but not ever set.
Sep 6 09:35:26 snort[51114]: Warning: flowbits key 'ipp.application' is checked but not ever set.
Sep 6 09:35:26 snort[51114]: Warning: flowbits key 'ipp.application' is checked but not ever set.
Sep 6 09:35:26 snort[51114]: Warning: flowbits key 'http.pub' is checked but not ever set.
Sep 6 09:35:26 snort[51114]: Warning: flowbits key 'http.pub' is checked but not ever set.
Sep 6 09:35:26 snort[51114]: Warning: flowbits key 'wav_file.request' is checked but not ever set.
Sep 6 09:35:26 snort[51114]: Warning: flowbits key 'wav_file.request' is checked but not ever set.
Sep 6 09:35:26 snort[51114]: Warning: flowbits key 'http.manifest' is checked but not ever set.
Sep 6 09:35:26 snort[51114]: Warning: flowbits key 'http.manifest' is checked but not ever set.
Sep 6 09:35:26 snort[51114]: Warning: flowbits key 'http.fpx' is checked but not ever set.
Sep 6 09:35:26 snort[51114]: Warning: flowbits key 'http.fpx' is checked but not ever set.
Sep 6 09:35:26 snort[51114]: Warning: flowbits key 'ms.publisher.file' is set but not ever checked.
Sep 6 09:35:26 snort[51114]: Warning: flowbits key 'ms.publisher.file' is set but not ever checked.
Sep 6 09:35:26 snort[51114]: Warning: flowbits key 'arj_file.request' is checked but not ever set.
Sep 6 09:35:26 snort[51114]: Warning: flowbits key 'arj_file.request' is checked but not ever set.
Sep 6 09:35:26 snort[51114]: Warning: flowbits key 'xspf_file.request' is checked but not ever set.
Sep 6 09:35:26 snort[51114]: Warning: flowbits key 'xspf_file.request' is checked but not ever set.
Sep 6 09:35:26 snort[51114]: Warning: flowbits key 'asp.upload' is set but not ever checked.
Sep 6 09:35:26 snort[51114]: Warning: flowbits key 'asp.upload' is set but not ever checked.
Sep 6 09:35:26 snort[51114]: Warning: flowbits key 'csv.download' is checked but not ever set.
Sep 6 09:35:26 snort[51114]: Warning: flowbits key 'csv.download' is checked but not ever set.
Sep 6 09:35:26 snort[51114]: Warning: flowbits key 'http.dxf' is checked but not ever set.
Sep 6 09:35:26 snort[51114]: Warning: flowbits key 'http.dxf' is checked but not ever set.
Sep 6 09:35:26 snort[51114]: Warning: flowbits key 'http.plf' is set but not ever checked.
Sep 6 09:35:26 snort[51114]: Warning: flowbits key 'http.plf' is set but not ever checked.
Sep 6 09:35:26 snort[51114]: Warning: flowbits key 'realplayer.playlist' is checked but not ever set.
Sep 6 09:35:26 snort[51114]: Warning: flowbits key 'realplayer.playlist' is checked but not ever set.
Sep 6 09:35:26 snort[51114]: Warning: flowbits key 'http.rat' is set but not ever checked.
Sep 6 09:35:26 snort[51114]: Warning: flowbits key 'http.rat' is set but not ever checked.
Sep 6 09:35:26 snort[51114]: Warning: flowbits key 'http.xlw' is checked but not ever set.
Sep 6 09:35:26 snort[51114]: Warning: flowbits key 'http.xlw' is checked but not ever set.
Sep 6 09:35:26 snort[51114]: Warning: flowbits key 'snipernet' is set but not ever checked.
Sep 6 09:35:26 snort[51114]: Warning: flowbits key 'snipernet' is set but not ever checked.
Sep 6 09:35:26 snort[51114]: Warning: flowbits key 'ET.gadu.loggedin' is checked but not ever set.
Sep 6 09:35:26 snort[51114]: Warning: flowbits key 'ET.gadu.loggedin' is checked but not ever set.
Sep 6 09:35:26 snort[51114]: Warning: flowbits key 'svg_file.request' is checked but not ever set.
Sep 6 09:35:26 snort[51114]: Warning: flowbits key 'svg_file.request' is checked but not ever set.
Sep 6 09:35:26 snort[51114]: Warning: flowbits key 'BrAin_Wiper_Chat' is set but not ever checked.
Sep 6 09:35:26 snort[51114]: Warning: flowbits key 'BrAin_Wiper_Chat' is set but not ever checked.
Sep 6 09:35:26 snort[51114]: Warning: flowbits key 'http.stat_code_407' is checked but not ever set.
Sep 6 09:35:26 snort[51114]: Warning: flowbits key 'http.stat_code_407' is checked but not ever set.
Sep 6 09:35:26 snort[51114]: Warning: flowbits key 'http.bmp' is checked but not ever set.
Sep 6 09:35:26 snort[51114]: Warning: flowbits key 'http.bmp' is checked but not ever set.
Sep 6 09:35:26 snort[51114]: Warning: flowbits key 'http.chm' is set but not ever checked.
Sep 6 09:35:26 snort[51114]: Warning: flowbits key 'http.chm' is set but not ever checked.
Sep 6 09:35:26 snort[51114]: Warning: flowbits key 'ET.http.binary' is checked but not ever set.
Sep 6 09:35:26 snort[51114]: Warning: flowbits key 'ET.http.binary' is checked but not ever set.
Sep 6 09:35:26 snort[51114]: Warning: 'ignore_any_rules' option for Stream5 UDP disabled because of UDP rule with flow or flowbits option
Sep 6 09:35:26 snort[51114]: Warning: 'ignore_any_rules' option for Stream5 UDP disabled because of UDP rule with flow or flowbits option
Sep 6 09:35:26 snort[51114]: Verifying Preprocessor Configurations!
Sep 6 09:35:26 snort[51114]: Verifying Preprocessor Configurations!
Sep 6 09:35:26 snort[51114]: Rule application order: activation->dynamic->pass->drop->sdrop->reject->alert->log
Sep 6 09:35:26 snort[51114]: Rule application order: activation->dynamic->pass->drop->sdrop->reject->alert->log
Sep 6 09:35:26 snort[51114]: –-----------------------------------------------------------------------------
Sep 6 09:35:26 snort[51114]: –-----------------------------------------------------------------------------
Sep 6 09:35:26 snort[51114]: | none
Sep 6 09:35:26 snort[51114]: | none
Sep 6 09:35:26 snort[51114]: +–---------------------[suppression]–----------------------------------------
Sep 6 09:35:26 snort[51114]: +–---------------------[suppression]–----------------------------------------
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2008215 type=Limit tracking=src count=2 seconds=300
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2008215 type=Limit tracking=src count=2 seconds=300
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406161 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406161 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406024 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406024 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406508 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406508 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406452 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406452 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406072 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406072 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406529 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406529 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406428 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406428 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2003275 type=Both tracking=src count=1 seconds=900
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2003275 type=Both tracking=src count=1 seconds=900
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406449 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406449 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406536 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406536 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406145 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406145 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406824 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406824 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2008454 type=Threshold tracking=src count=30 seconds=30
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2008454 type=Threshold tracking=src count=30 seconds=30
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406124 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406124 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2408006 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2408006 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406116 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406116 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406332 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406332 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2408040 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2408040 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406036 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406036 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406286 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406286 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2001219 type=Threshold tracking=src count=5 seconds=120
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2001219 type=Threshold tracking=src count=5 seconds=120
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406044 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406044 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406199 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406199 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406758 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406758 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406678 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406678 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406651 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406651 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2013515 type=Both tracking=src count=10 seconds=300
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2013515 type=Both tracking=src count=10 seconds=300
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406114 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406114 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2003268 type=Both tracking=src count=1 seconds=900
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2003268 type=Both tracking=src count=1 seconds=900
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406241 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406241 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406518 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406518 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2008097 type=Limit tracking=src count=2 seconds=300
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2008097 type=Limit tracking=src count=2 seconds=300
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2003622 type=Limit tracking=src count=3 seconds=300
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2003622 type=Limit tracking=src count=3 seconds=300
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406110 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406110 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406595 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406595 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2408046 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2408046 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406034 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406034 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406374 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406374 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406438 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406438 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2009202 type=Limit tracking=src count=1 seconds=300
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2009202 type=Limit tracking=src count=1 seconds=300
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406515 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406515 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2408048 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2408048 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406897 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406897 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406058 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406058 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406398 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406398 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406331 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406331 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406341 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406341 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406134 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406134 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406702 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406702 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406817 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406817 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2008460 type=Limit tracking=src count=2 seconds=300
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2008460 type=Limit tracking=src count=2 seconds=300
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406342 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406342 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406046 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406046 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2008579 type=Threshold tracking=dst count=20 seconds=15
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2008579 type=Threshold tracking=dst count=20 seconds=15
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406718 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406718 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406289 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406289 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406584 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406584 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406102 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406102 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406279 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406279 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406720 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406720 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406209 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406209 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2008422 type=Limit tracking=src count=2 seconds=300
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2008422 type=Limit tracking=src count=2 seconds=300
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2408019 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2408019 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2408036 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2408036 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2003497 type=Limit tracking=src count=3 seconds=300
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2003497 type=Limit tracking=src count=3 seconds=300
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2408026 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2408026 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2012409 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2012409 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406664 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406664 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2009547 type=Limit tracking=src count=2 seconds=300
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2009547 type=Limit tracking=src count=2 seconds=300
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2008643 type=Limit tracking=src count=2 seconds=300
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2008643 type=Limit tracking=src count=2 seconds=300
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406211 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406211 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406287 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406287 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406480 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406480 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406207 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406207 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2008211 type=Limit tracking=src count=2 seconds=300
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2008211 type=Limit tracking=src count=2 seconds=300
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406113 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406113 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406613 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406613 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406883 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406883 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406400 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406400 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406103 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406103 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406355 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406355 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2008440 type=Limit tracking=src count=2 seconds=300
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2008440 type=Limit tracking=src count=2 seconds=300
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406844 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406844 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2003171 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2003171 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406533 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406533 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406605 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406605 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406275 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406275 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406360 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406360 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406764 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406764 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406581 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406581 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406525 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406525 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406384 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406384 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2408034 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2408034 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406910 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406910 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406231 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406231 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406688 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406688 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406065 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406065 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406277 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406277 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406712 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406712 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406788 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406788 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406151 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406151 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406054 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406054 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2008231 type=Limit tracking=src count=2 seconds=300
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2008231 type=Limit tracking=src count=2 seconds=300
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406251 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406251 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406827 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406827 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2009480 type=Threshold tracking=dst count=50 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2009480 type=Threshold tracking=dst count=50 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2008560 type=Threshold tracking=dst count=4 seconds=15
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2008560 type=Threshold tracking=dst count=4 seconds=15
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2011975 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2011975 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406171 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406171 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406601 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406601 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406304 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406304 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406798 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406798 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406754 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406754 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406362 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406362 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406851 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406851 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406708 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406708 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406297 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406297 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406546 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406546 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2008253 type=Limit tracking=src count=2 seconds=300
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2008253 type=Limit tracking=src count=2 seconds=300
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2010643 type=Threshold tracking=src count=5 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2010643 type=Threshold tracking=src count=5 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2408029 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2408029 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406547 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406547 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406221 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406221 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406217 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406217 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406466 type=Limit tracking=src count=1 seconds=60
Sep 6 09:35:26 snort[51114]: | gen-id=1 sig-id=2406466 type=Limit tracking=src count=1 seconds=60
-
And again… Xeon system - if I tell it to start again it will.
Sep 6 18:04:24 snort[6271]: Snort exiting
Sep 6 18:04:24 snort[6271]: Snort exiting
Sep 6 18:03:38 SnortStartup[6821]: Snort Soft Reload For 29323_bge1…
Sep 6 18:03:38 SnortStartup[6176]: Snort already running, soft restart
Sep 6 18:03:38 SnortStartup[3611]: Snort Startup files Sync…
Sep 6 18:03:35 snort[6271]: | gen-id=1 sig-id=2001219 type=Threshold tracking=src count=5 seconds=120 filtered=16
Sep 6 18:03:35 snort[6271]: | gen-id=1 sig-id=2001219 type=Threshold tracking=src count=5 seconds=120 filtered=16
Sep 6 18:03:35 snort[6271]: | gen-id=1 sig-id=2406710 type=Limit tracking=src count=1 seconds=60 filtered=3
Sep 6 18:03:35 snort[6271]: | gen-id=1 sig-id=2406710 type=Limit tracking=src count=1 seconds=60 filtered=3
Sep 6 18:03:35 snort[6271]: | gen-id=1 sig-id=2002911 type=Threshold tracking=src count=5 seconds=60 filtered=21
Sep 6 18:03:35 snort[6271]: | gen-id=1 sig-id=2002911 type=Threshold tracking=src count=5 seconds=60 filtered=21
Sep 6 18:03:35 snort[6271]: +–---------------------[filtered events]–------------------------------------
Sep 6 18:03:35 snort[6271]: +–---------------------[filtered events]–------------------------------------
Sep 6 18:03:35 snort[6271]: ===============================================================================
Sep 6 18:03:35 snort[6271]: ===============================================================================
Sep 6 18:03:35 snort[6271]: Detection disabled: 466
Sep 6 18:03:35 snort[6271]: Detection disabled: 466
Sep 6 18:03:35 snort[6271]: Sessions ignored: 3272
Sep 6 18:03:35 snort[6271]: Sessions ignored: 3272
Sep 6 18:03:35 snort[6271]: Bad handshakes: 0
Sep 6 18:03:35 snort[6271]: Bad handshakes: 0
Sep 6 18:03:35 snort[6271]: Completed handshakes: 0
Sep 6 18:03:35 snort[6271]: Completed handshakes: 0
Sep 6 18:03:35 snort[6271]: Unrecognized records: 7845
Sep 6 18:03:35 snort[6271]: Unrecognized records: 7845
Sep 6 18:03:35 snort[6271]: Alert: 915
Sep 6 18:03:35 snort[6271]: Alert: 915
Sep 6 18:03:35 snort[6271]: Server Application: 3272
Sep 6 18:03:35 snort[6271]: Server Application: 3272
Sep 6 18:03:35 snort[6271]: Client Application: 1406
Sep 6 18:03:35 snort[6271]: Client Application: 1406
Sep 6 18:03:35 snort[6271]: Finished: 0
Sep 6 18:03:35 snort[6271]: Finished: 0
Sep 6 18:03:35 snort[6271]: Change Cipher: 3689
Sep 6 18:03:35 snort[6271]: Change Cipher: 3689
Sep 6 18:03:35 snort[6271]: Server Key Exchange: 8
Sep 6 18:03:35 snort[6271]: Server Key Exchange: 8
Sep 6 18:03:35 snort[6271]: Client Key Exchange: 254
Sep 6 18:03:35 snort[6271]: Client Key Exchange: 254
Sep 6 18:03:35 snort[6271]: Server Done: 3208
Sep 6 18:03:35 snort[6271]: Server Done: 3208
Sep 6 18:03:35 snort[6271]: Certificate: 1739
Sep 6 18:03:35 snort[6271]: Certificate: 1739
Sep 6 18:03:35 snort[6271]: Server Hello: 3066
Sep 6 18:03:35 snort[6271]: Server Hello: 3066
Sep 6 18:03:35 snort[6271]: Client Hello: 487
Sep 6 18:03:35 snort[6271]: Client Hello: 487
Sep 6 18:03:35 snort[6271]: SSL packets decoded: 17261
Sep 6 18:03:35 snort[6271]: SSL packets decoded: 17261
Sep 6 18:03:35 snort[6271]: SSL Preprocessor:
Sep 6 18:03:35 snort[6271]: SSL Preprocessor:
Sep 6 18:03:35 snort[6271]: ===============================================================================
Sep 6 18:03:35 snort[6271]: ===============================================================================
Sep 6 18:03:35 snort[6271]: Total sessions: 0
Sep 6 18:03:35 snort[6271]: Total sessions: 0
Sep 6 18:03:35 snort[6271]: dcerpc2 Preprocessor Statistics
Sep 6 18:03:35 snort[6271]: dcerpc2 Preprocessor Statistics
Sep 6 18:03:35 snort[6271]: ===============================================================================
Sep 6 18:03:35 snort[6271]: ===============================================================================
Sep 6 18:03:35 snort[6271]: Total packets processed: 534654
Sep 6 18:03:35 snort[6271]: Total packets processed: 534654
Sep 6 18:03:35 snort[6271]: Gzip Decompressed Data Processed: n/a
Sep 6 18:03:35 snort[6271]: Gzip Decompressed Data Processed: n/a
Sep 6 18:03:35 snort[6271]: Gzip Compressed Data Processed: n/a
Sep 6 18:03:35 snort[6271]: Gzip Compressed Data Processed: n/a
Sep 6 18:03:35 snort[6271]: HTTP Response Gzip packets extracted: 0
Sep 6 18:03:35 snort[6271]: HTTP Response Gzip packets extracted: 0
Sep 6 18:03:35 snort[6271]: Self-referencing paths ("./"): 0
Sep 6 18:03:35 snort[6271]: Self-referencing paths ("./"): 0
Sep 6 18:03:35 snort[6271]: Extra slashes ("//"): 0
Sep 6 18:03:35 snort[6271]: Extra slashes ("//"): 0
Sep 6 18:03:35 snort[6271]: Directory traversals: 0
Sep 6 18:03:35 snort[6271]: Directory traversals: 0
Sep 6 18:03:35 snort[6271]: Base 36: 0
Sep 6 18:03:35 snort[6271]: Base 36: 0
Sep 6 18:03:35 snort[6271]: Non-ASCII representable: 0
Sep 6 18:03:35 snort[6271]: Non-ASCII representable: 0
Sep 6 18:03:35 snort[6271]: Double unicode: 0
Sep 6 18:03:35 snort[6271]: Double unicode: 0
Sep 6 18:03:35 snort[6271]: Unicode: 0
Sep 6 18:03:35 snort[6271]: Unicode: 0
Sep 6 18:03:35 snort[6271]: HTTP Response Cookies extracted: 0
Sep 6 18:03:35 snort[6271]: HTTP Response Cookies extracted: 0
Sep 6 18:03:35 snort[6271]: HTTP response Headers extracted: 0
Sep 6 18:03:35 snort[6271]: HTTP response Headers extracted: 0
Sep 6 18:03:35 snort[6271]: Post parameters extracted: 0
Sep 6 18:03:35 snort[6271]: Post parameters extracted: 0
Sep 6 18:03:35 snort[6271]: HTTP Request Cookies extracted: 0
Sep 6 18:03:35 snort[6271]: HTTP Request Cookies extracted: 0
Sep 6 18:03:35 snort[6271]: HTTP Request Headers extracted: 2
Sep 6 18:03:35 snort[6271]: HTTP Request Headers extracted: 2
Sep 6 18:03:35 snort[6271]: GET methods: 2
Sep 6 18:03:35 snort[6271]: GET methods: 2
Sep 6 18:03:35 snort[6271]: POST methods: 0
Sep 6 18:03:35 snort[6271]: POST methods: 0
Sep 6 18:03:35 snort[6271]: HTTP Inspect - encodings (Note: stream-reassembled packets included):
Sep 6 18:03:35 snort[6271]: HTTP Inspect - encodings (Note: stream-reassembled packets included):
Sep 6 18:03:35 snort[6271]: ===============================================================================
Sep 6 18:03:35 snort[6271]: ===============================================================================
Sep 6 18:03:35 snort[6271]: Tracked: 33886
Sep 6 18:03:35 snort[6271]: Tracked: 33886
Sep 6 18:03:35 snort[6271]: Inspected: 0
Sep 6 18:03:35 snort[6271]: Inspected: 0
Sep 6 18:03:35 snort[6271]: Dropped: 0
Sep 6 18:03:35 snort[6271]: Dropped: 0
Sep 6 18:03:35 snort[6271]: UDP Port Filter
Sep 6 18:03:35 snort[6271]: UDP Port Filter
Sep 6 18:03:35 snort[6271]: Tracked: 805916
Sep 6 18:03:35 snort[6271]: Tracked: 805916
Sep 6 18:03:35 snort[6271]: Inspected: 0
Sep 6 18:03:35 snort[6271]: Inspected: 0
Sep 6 18:03:35 snort[6271]: Dropped: 0
Sep 6 18:03:35 snort[6271]: Dropped: 0
Sep 6 18:03:35 snort[6271]: TCP Port Filter
Sep 6 18:03:35 snort[6271]: TCP Port Filter
Sep 6 18:03:35 snort[6271]: Internal Events: 0
Sep 6 18:03:35 snort[6271]: Internal Events: 0
Sep 6 18:03:35 snort[6271]: Events: 0
Sep 6 18:03:35 snort[6271]: Events: 0
Sep 6 18:03:35 snort[6271]: UDP Discards: 0
Sep 6 18:03:35 snort[6271]: UDP Discards: 0
Sep 6 18:03:35 snort[6271]: UDP Timeouts: 3584
Sep 6 18:03:35 snort[6271]: UDP Timeouts: 3584
Sep 6 18:03:35 snort[6271]: UDP Sessions Deleted: 33199
Sep 6 18:03:35 snort[6271]: UDP Sessions Deleted: 33199
Sep 6 18:03:35 snort[6271]: UDP Sessions Created: 33199
Sep 6 18:03:35 snort[6271]: UDP Sessions Created: 33199
Sep 6 18:03:35 snort[6271]: TCP Gaps: 7
Sep 6 18:03:35 snort[6271]: TCP Gaps: 7
Sep 6 18:03:35 snort[6271]: TCP Discards: 621217
Sep 6 18:03:35 snort[6271]: TCP Discards: 621217
Sep 6 18:03:35 snort[6271]: TCP Segments Used: 19
Sep 6 18:03:35 snort[6271]: TCP Segments Used: 19
Sep 6 18:03:35 snort[6271]: TCP Rebuilt Packets: 18
Sep 6 18:03:35 snort[6271]: TCP Rebuilt Packets: 18
Sep 6 18:03:35 snort[6271]: TCP Segments Released: 31
Sep 6 18:03:35 snort[6271]: TCP Segments Released: 31
Sep 6 18:03:35 snort[6271]: TCP Segments Queued: 31
Sep 6 18:03:35 snort[6271]: TCP Segments Queued: 31
Sep 6 18:03:35 snort[6271]: TCP Overlaps: 45
Sep 6 18:03:35 snort[6271]: TCP Overlaps: 45
Sep 6 18:03:35 snort[6271]: TCP Timeouts: 11012
Sep 6 18:03:35 snort[6271]: TCP Timeouts: 11012
Sep 6 18:03:35 snort[6271]: TCP StreamTrackers Deleted: 29385
Sep 6 18:03:35 snort[6271]: TCP StreamTrackers Deleted: 29385
Sep 6 18:03:35 snort[6271]: TCP StreamTrackers Created: 29385
Sep 6 18:03:35 snort[6271]: TCP StreamTrackers Created: 29385
Sep 6 18:03:35 snort[6271]: ICMP Prunes: 0
Sep 6 18:03:35 snort[6271]: ICMP Prunes: 0
Sep 6 18:03:35 snort[6271]: UDP Prunes: 0
Sep 6 18:03:35 snort[6271]: UDP Prunes: 0
Sep 6 18:03:35 snort[6271]: TCP Prunes: 0
Sep 6 18:03:35 snort[6271]: TCP Prunes: 0
Sep 6 18:03:35 snort[6271]: ICMP sessions: 0
Sep 6 18:03:35 snort[6271]: ICMP sessions: 0
Sep 6 18:03:35 snort[6271]: UDP sessions: 29615
Sep 6 18:03:35 snort[6271]: UDP sessions: 29615
Sep 6 18:03:35 snort[6271]: TCP sessions: 25075
Sep 6 18:03:35 snort[6271]: TCP sessions: 25075
Sep 6 18:03:35 snort[6271]: Total sessions: 54690
Sep 6 18:03:35 snort[6271]: Total sessions: 54690
Sep 6 18:03:35 snort[6271]: Stream5 statistics:
Sep 6 18:03:35 snort[6271]: Stream5 statistics:
Sep 6 18:03:35 snort[6271]: ===============================================================================
Sep 6 18:03:35 snort[6271]: ===============================================================================
Sep 6 18:03:35 snort[6271]: Frag Nodes Deleted: 38
Sep 6 18:03:35 snort[6271]: Frag Nodes Deleted: 38
Sep 6 18:03:35 snort[6271]: Frag Nodes Inserted: 38
Sep 6 18:03:35 snort[6271]: Frag Nodes Inserted: 38
Sep 6 18:03:35 snort[6271]: FragTrackers Auto Freed: 0
Sep 6 18:03:35 snort[6271]: FragTrackers Auto Freed: 0
Sep 6 18:03:35 snort[6271]: FragTrackers Dumped: 19
Sep 6 18:03:35 snort[6271]: FragTrackers Dumped: 19
Sep 6 18:03:35 snort[6271]: FragTrackers Added: 19
Sep 6 18:03:35 snort[6271]: FragTrackers Added: 19
Sep 6 18:03:35 snort[6271]: Drops: 0
Sep 6 18:03:35 snort[6271]: Drops: 0
Sep 6 18:03:35 snort[6271]: Alerts: 0
Sep 6 18:03:35 snort[6271]: Alerts: 0
Sep 6 18:03:35 snort[6271]: Anomalies: 0
Sep 6 18:03:35 snort[6271]: Anomalies: 0
Sep 6 18:03:35 snort[6271]: Overlaps: 0
Sep 6 18:03:35 snort[6271]: Overlaps: 0
Sep 6 18:03:35 snort[6271]: Timeouts: 0
Sep 6 18:03:35 snort[6271]: Timeouts: 0
Sep 6 18:03:35 snort[6271]: Memory Faults: 0
Sep 6 18:03:35 snort[6271]: Memory Faults: 0
Sep 6 18:03:35 snort[6271]: Discards: 0
Sep 6 18:03:35 snort[6271]: Discards: 0
Sep 6 18:03:35 snort[6271]: Frags Reassembled: 19
Sep 6 18:03:35 snort[6271]: Frags Reassembled: 19
Sep 6 18:03:35 snort[6271]: Total Fragments: 38
Sep 6 18:03:35 snort[6271]: Total Fragments: 38
Sep 6 18:03:35 snort[6271]: Frag3 statistics:
Sep 6 18:03:35 snort[6271]: Frag3 statistics:
Sep 6 18:03:35 snort[6271]: ===============================================================================
Sep 6 18:03:35 snort[6271]: ===============================================================================
Sep 6 18:03:35 snort[6271]: Ignore: 0 ( 0.000%)
Sep 6 18:03:35 snort[6271]: Ignore: 0 ( 0.000%)
Sep 6 18:03:35 snort[6271]: Blacklist: 0 ( 0.000%)
Sep 6 18:03:35 snort[6271]: Blacklist: 0 ( 0.000%)
Sep 6 18:03:35 snort[6271]: Whitelist: 0 ( 0.000%)
Sep 6 18:03:35 snort[6271]: Whitelist: 0 ( 0.000%)
Sep 6 18:03:35 snort[6271]: Replace: 0 ( 0.000%)
Sep 6 18:03:35 snort[6271]: Replace: 0 ( 0.000%)
Sep 6 18:03:35 snort[6271]: Block: 0 ( 0.000%)
Sep 6 18:03:35 snort[6271]: Block: 0 ( 0.000%)
Sep 6 18:03:35 snort[6271]: Allow: 1971570 ( 99.999%)
Sep 6 18:03:35 snort[6271]: Allow: 1971570 ( 99.999%)
Sep 6 18:03:35 snort[6271]: Verdicts:
Sep 6 18:03:35 snort[6271]: Verdicts:
Sep 6 18:03:35 snort[6271]: Event Limit: 40
Sep 6 18:03:35 snort[6271]: Event Limit: 40
Sep 6 18:03:35 snort[6271]: Log Limit: 0
Sep 6 18:03:35 snort[6271]: Log Limit: 0
Sep 6 18:03:35 snort[6271]: Queue Limit: 0
Sep 6 18:03:35 snort[6271]: Queue Limit: 0
Sep 6 18:03:35 snort[6271]: Match Limit: 0
Sep 6 18:03:35 snort[6271]: Match Limit: 0
Sep 6 18:03:35 snort[6271]: Passed: 0 ( 0.000%)
Sep 6 18:03:35 snort[6271]: Passed: 0 ( 0.000%)
Sep 6 18:03:35 snort[6271]: Logged: 43 ( 0.002%)
Sep 6 18:03:35 snort[6271]: Logged: 43 ( 0.002%)
Sep 6 18:03:35 snort[6271]: Alerts: 43 ( 0.002%)
Sep 6 18:03:35 snort[6271]: Alerts: 43 ( 0.002%)
Sep 6 18:03:35 snort[6271]: Action Stats:
Sep 6 18:03:35 snort[6271]: Action Stats:
Sep 6 18:03:35 snort[6271]: ===============================================================================
Sep 6 18:03:35 snort[6271]: ===============================================================================
Sep 6 18:03:35 snort[6271]: Total: 1971609
Sep 6 18:03:35 snort[6271]: Total: 1971609
Sep 6 18:03:35 snort[6271]: S5 G 2: 1 ( 0.000%)
Sep 6 18:03:35 snort[6271]: S5 G 2: 1 ( 0.000%)
Sep 6 18:03:35 snort[6271]: S5 G 1: 19 ( 0.001%)
Sep 6 18:03:35 snort[6271]: S5 G 1: 19 ( 0.001%)
Sep 6 18:03:35 snort[6271]: Bad TTL: 0 ( 0.000%)
Sep 6 18:03:35 snort[6271]: Bad TTL: 0 ( 0.000%)
Sep 6 18:03:35 snort[6271]: Bad Chk Sum: 1129487 ( 57.288%)
Sep 6 18:03:35 snort[6271]: Bad Chk Sum: 1129487 ( 57.288%)
Sep 6 18:03:35 snort[6271]: Other: 184986 ( 9.382%)
Sep 6 18:03:35 snort[6271]: Other: 184986 ( 9.382%)
Sep 6 18:03:35 snort[6271]: All Discard: 0 ( 0.000%)
Sep 6 18:03:35 snort[6271]: All Discard: 0 ( 0.000%)
Sep 6 18:03:35 snort[6271]: ICMP Disc: 0 ( 0.000%)
Sep 6 18:03:35 snort[6271]: ICMP Disc: 0 ( 0.000%)
Sep 6 18:03:35 snort[6271]: UDP Disc: 0 ( 0.000%)
Sep 6 18:03:35 snort[6271]: UDP Disc: 0 ( 0.000%)
Sep 6 18:03:35 snort[6271]: TCP Disc: 0 ( 0.000%)
Sep 6 18:03:35 snort[6271]: TCP Disc: 0 ( 0.000%)
Sep 6 18:03:35 snort[6271]: IP6 Disc: 0 ( 0.000%)
Sep 6 18:03:35 snort[6271]: IP6 Disc: 0 ( 0.000%)
Sep 6 18:03:35 snort[6271]: IP4 Disc: 0 ( 0.000%)
Sep 6 18:03:35 snort[6271]: IP4 Disc: 0 ( 0.000%)
Sep 6 18:03:35 snort[6271]: Eth Disc: 0 ( 0.000%)
Sep 6 18:03:35 snort[6271]: Eth Disc: 0 ( 0.000%)
Sep 6 18:03:35 snort[6271]: Eth Loop: 1540 ( 0.078%)
Sep 6 18:03:35 snort[6271]: Eth Loop: 1540 ( 0.078%)
Sep 6 18:03:35 snort[6271]: IPX: 0 ( 0.000%)
Sep 6 18:03:35 snort[6271]: IPX: 0 ( 0.000%)
Sep 6 18:03:35 snort[6271]: ARP: 50 ( 0.003%)
Sep 6 18:03:35 snort[6271]: ARP: 50 ( 0.003%)
Sep 6 18:03:35 snort[6271]: MPLS: 0 ( 0.000%)
Sep 6 18:03:35 snort[6271]: MPLS: 0 ( 0.000%)
Sep 6 18:03:35 snort[6271]: GRE Loop: 0 ( 0.000%)
Sep 6 18:03:35 snort[6271]: GRE Loop: 0 ( 0.000%)
Sep 6 18:03:35 snort[6271]: GRE IPX: 0 ( 0.000%)
Sep 6 18:03:35 snort[6271]: GRE IPX: 0 ( 0.000%)
Sep 6 18:03:35 snort[6271]: GRE ARP: 0 ( 0.000%)
Sep 6 18:03:35 snort[6271]: GRE ARP: 0 ( 0.000%)
Sep 6 18:03:35 snort[6271]: GRE PPTP: 0 ( 0.000%)
Sep 6 18:03:35 snort[6271]: GRE PPTP: 0 ( 0.000%)
Sep 6 18:03:35 snort[6271]: GRE IP6 Ext: 0 ( 0.000%)
Sep 6 18:03:35 snort[6271]: GRE IP6 Ext: 0 ( 0.000%)
Sep 6 18:03:35 snort[6271]: GRE IP6: 0 ( 0.000%)
Sep 6 18:03:35 snort[6271]: GRE IP6: 0 ( 0.000%)
Sep 6 18:03:35 snort[6271]: GRE IP4: 0 ( 0.000%)
Sep 6 18:03:35 snort[6271]: GRE IP4: 0 ( 0.000%)
Sep 6 18:03:35 snort[6271]: GRE VLAN: 0 ( 0.000%)
Sep 6 18:03:35 snort[6271]: GRE VLAN: 0 ( 0.000%)
Sep 6 18:03:35 snort[6271]: GRE Eth: 0 ( 0.000%)
Sep 6 18:03:35 snort[6271]: GRE Eth: 0 ( 0.000%)
Sep 6 18:03:35 snort[6271]: GRE: 0 ( 0.000%)
Sep 6 18:03:35 snort[6271]: GRE: 0 ( 0.000%)
Sep 6 18:03:35 snort[6271]: IP6/IP6: 0 ( 0.000%)
Sep 6 18:03:35 snort[6271]: IP6/IP6: 0 ( 0.000%)
Sep 6 18:03:35 snort[6271]: IP6/IP4: 0 ( 0.000%)
Sep 6 18:03:35 snort[6271]: IP6/IP4: 0 ( 0.000%)
Sep 6 18:03:35 snort[6271]: IP4/IP6: 0 ( 0.000%)
Sep 6 18:03:35 snort[6271]: IP4/IP6: 0 ( 0.000%)
Sep 6 18:03:35 snort[6271]: IP4/IP4: 0 ( 0.000%)
Sep 6 18:03:35 snort[6271]: IP4/IP4: 0 ( 0.000%)
Sep 6 18:03:35 snort[6271]: EAPOL: 0 ( 0.000%)
Sep 6 18:03:35 snort[6271]: EAPOL: 0 ( 0.000%)
Sep 6 18:03:35 snort[6271]: ICMP-IP: 0 ( 0.000%)
Sep 6 18:03:35 snort[6271]: ICMP-IP: 0 ( 0.000%)
Sep 6 18:03:35 snort[6271]: Teredo: 0 ( 0.000%)
Sep 6 18:03:35 snort[6271]: Teredo: 0 ( 0.000%)
Sep 6 18:03:35 snort[6271]: TCP6: 0 ( 0.000%)
Sep 6 18:03:35 snort[6271]: TCP6: 0 ( 0.000%)
Sep 6 18:03:35 snort[6271]: UDP6: 0 ( 0.000%)
Sep 6 18:03:35 snort[6271]: UDP6: 0 ( 0.000%)
Sep 6 18:03:35 snort[6271]: ICMP6: 0 ( 0.000%)
Sep 6 18:03:35 snort[6271]: ICMP6: 0 ( 0.000%)
Sep 6 18:03:35 snort[6271]: Frag6: 0 ( 0.000%)
Sep 6 18:03:35 snort[6271]: Frag6: 0 ( 0.000%)
Sep 6 18:03:35 snort[6271]: IP6 Opts: 0 ( 0.000%)
Sep 6 18:03:35 snort[6271]: IP6 Opts: 0 ( 0.000%)
Sep 6 18:03:35 snort[6271]: IP6 Ext: 0 ( 0.000%)
Sep 6 18:03:35 snort[6271]: IP6 Ext: 0 ( 0.000%)
Sep 6 18:03:35 snort[6271]: IP6: 0 ( 0.000%)
Sep 6 18:03:35 snort[6271]: IP6: 0 ( 0.000%)
Sep 6 18:03:35 snort[6271]: TCP: 1714726 ( 86.971%)
Sep 6 18:03:35 snort[6271]: TCP: 1714726 ( 86.971%)
Sep 6 18:03:35 snort[6271]: UDP: 69841 ( 3.542%)
Sep 6 18:03:35 snort[6271]: UDP: 69841 ( 3.542%)
Sep 6 18:03:35 snort[6271]: ICMP: 447 ( 0.023%)
Sep 6 18:03:35 snort[6271]: ICMP: 447 ( 0.023%)
Sep 6 18:03:35 snort[6271]: Frag: 38 ( 0.002%)
Sep 6 18:03:35 snort[6271]: Frag: 38 ( 0.002%)
Sep 6 18:03:35 snort[6271]: IP4: 1969763 ( 99.906%)
Sep 6 18:03:35 snort[6271]: IP4: 1969763 ( 99.906%)
Sep 6 18:03:35 snort[6271]: VLAN: 0 ( 0.000%)
Sep 6 18:03:35 snort[6271]: VLAN: 0 ( 0.000%)
Sep 6 18:03:35 snort[6271]: Eth: 1971609 (100.000%)
Sep 6 18:03:35 snort[6271]: Eth: 1971609 (100.000%)
Sep 6 18:03:35 snort[6271]: Breakdown by protocol (includes rebuilt packets):
Sep 6 18:03:35 snort[6271]: Breakdown by protocol (includes rebuilt packets):
Sep 6 18:03:35 snort[6271]: ===============================================================================
Sep 6 18:03:35 snort[6271]: ===============================================================================
Sep 6 18:03:35 snort[6271]: Injected: 0
Sep 6 18:03:35 snort[6271]: Injected: 0
Sep 6 18:03:35 snort[6271]: Outstanding: 11 ( 0.001%)
Sep 6 18:03:35 snort[6271]: Outstanding: 11 ( 0.001%)
Sep 6 18:03:35 snort[6271]: Filtered: 0 ( 0.000%)
Sep 6 18:03:35 snort[6271]: Filtered: 0 ( 0.000%)
Sep 6 18:03:35 snort[6271]: Dropped: 0 ( 0.000%)
Sep 6 18:03:35 snort[6271]: Dropped: 0 ( 0.000%)
Sep 6 18:03:35 snort[6271]: Analyzed: 1971570 ( 99.999%)
Sep 6 18:03:35 snort[6271]: Analyzed: 1971570 ( 99.999%)
Sep 6 18:03:35 snort[6271]: Received: 1971581
Sep 6 18:03:35 snort[6271]: Received: 1971581
Sep 6 18:03:35 snort[6271]: Packet I/O Totals:
Sep 6 18:03:35 snort[6271]: Packet I/O Totals:
Sep 6 18:03:35 snort[6271]: ===============================================================================
Sep 6 18:03:35 snort[6271]: ===============================================================================
Sep 6 18:03:34 snort[6271]: Pkts/sec: 127
Sep 6 18:03:34 snort[6271]: Pkts/sec: 127
Sep 6 18:03:34 snort[6271]: Pkts/min: 7701
Sep 6 18:03:34 snort[6271]: Pkts/min: 7701
Sep 6 18:03:34 snort[6271]: Pkts/hr: 492892
Sep 6 18:03:34 snort[6271]: Pkts/hr: 492892
Sep 6 18:03:34 snort[6271]: Snort ran for 0 days 4 hours 16 minutes 46 seconds
Sep 6 18:03:34 snort[6271]: Snort ran for 0 days 4 hours 16 minutes 46 seconds
Sep 6 18:03:34 snort[6271]: Snort processed 1971570 packets.
Sep 6 18:03:34 snort[6271]: Snort processed 1971570 packets.
Sep 6 18:03:34 snort[6271]: Run time for packet processing was 15406.833364 seconds
Sep 6 18:03:34 snort[6271]: Run time for packet processing was 15406.833364 seconds
Sep 6 18:03:34 snort[6271]: ===============================================================================
Sep 6 18:03:34 snort[6271]: ===============================================================================
Sep 6 18:03:34 snort[6271]: *** Caught Term-Signal
Sep 6 18:03:34 snort[6271]: *** Caught Term-Signal
Sep 6 18:03:33 SnortStartup[41933]: Snort HARD STOP For 29323_bge1…
-
What event happened on the system?
IP renew? Interface up down or anything else?
-
Nope - IP is static and it was during the day when people were using the Internet; I didn't hear any complaints about getting to websites. I also thought it through and the times don't make sense for rule updates happening around the time of the issue. Maybe I need to cut back on my rules and see if it runs better after that. I've checked the system this morning and it is still running … here are the most recent logs, but it still says Hard Reload... upgraded to 2.0-RC3 (i386) built on Tue Sep 6 17:44:31 EDT 2011 last night, so I don't know if that made a difference.
Sep 7 06:07:27 SnortStartup[1746]: Snort HARD Reload For 29323_bge1…
Sep 7 06:07:26 snort[1447]: Commencing packet processing (pid=1447)
Sep 7 06:07:26 snort[1447]: Commencing packet processing (pid=1447)
Sep 7 06:07:26 snort[1447]: –== Initialization Complete ==--
Sep 7 06:07:26 snort[1447]: –== Initialization Complete ==--
Sep 7 06:07:26 snort[1447]:
Sep 7 06:07:26 snort[1447]:
Sep 7 06:07:26 snort[1447]: Set uid to 920
Sep 7 06:07:26 snort[1447]: Set uid to 920
Sep 7 06:07:26 snort[1447]: Set gid to 920
Sep 7 06:07:26 snort[1447]: Set gid to 920
Sep 7 06:07:26 snort[1447]: Writing PID "1447" to file "/var/log/snort/run/snort_bge129323.pid"
Sep 7 06:07:26 snort[1447]: Writing PID "1447" to file "/var/log/snort/run/snort_bge129323.pid"
Sep 7 06:07:26 snort[1447]: PID path stat checked out ok, PID path set to /var/log/snort/run
Sep 7 06:07:26 snort[1447]: PID path stat checked out ok, PID path set to /var/log/snort/run
Sep 7 06:07:26 snort[1447]: Checking PID path…
Sep 7 06:07:26 snort[1447]: Checking PID path…
Sep 7 06:07:26 snort[1447]: Decoding Ethernet
Sep 7 06:07:26 snort[1447]: Decoding Ethernet
Sep 7 06:07:26 snort[1447]: Reload thread started, thread 0xbb9fda80 (1447)
Sep 7 06:07:26 snort[1447]: Reload thread started, thread 0xbb9fda80 (1447)
Sep 7 06:07:26 snort[1447]: Reload thread starting…
Sep 7 06:07:26 snort[1447]: Reload thread starting…
Sep 7 06:07:26 snort[1447]: Daemon initialized, signaled parent pid: 55678
Sep 7 06:07:26 snort[1447]: Daemon initialized, signaled parent pid: 55678
Sep 7 06:07:26 snort[55678]: Initializing daemon mode
Sep 7 06:07:26 snort[55678]: Initializing daemon mode
Sep 7 06:07:26 snort[55678]: Acquiring network traffic from "bge1".
Sep 7 06:07:26 snort[55678]: Acquiring network traffic from "bge1".
Sep 7 06:07:26 snort[55678]: pcap DAQ configured to passive.
Sep 7 06:07:26 snort[55678]: pcap DAQ configured to passive.
Sep 7 06:07:26 snort[55678]: +–--------------------------------------------------------------
Sep 7 06:07:26 snort[55678]: +–--------------------------------------------------------------
Sep 7 06:07:26 snort[55678]: | DFA : 1674.20
Sep 7 06:07:26 snort[55678]: | DFA : 1674.20
Sep 7 06:07:26 snort[55678]: | Fail States : 8.06
Sep 7 06:07:26 snort[55678]: | Fail States : 8.06
Sep 7 06:07:26 snort[55678]: | Match Lists : 24.22
Sep 7 06:07:26 snort[55678]: | Match Lists : 24.22
Sep 7 06:07:26 snort[55678]: | Patterns : 15.92
Sep 7 06:07:26 snort[55678]: | Patterns : 15.92
Sep 7 06:07:26 snort[55678]: | Memory (MB) : 1722.84
Sep 7 06:07:26 snort[55678]: | Memory (MB) : 1722.84
Sep 7 06:07:26 snort[55678]: | Match States : 240717
Sep 7 06:07:26 snort[55678]: | Match States : 240717
Sep 7 06:07:26 snort[55678]: | Patterns : 230495
Sep 7 06:07:26 snort[55678]: | Patterns : 230495
Sep 7 06:07:26 snort[55678]: | State Density : 39.6%
Sep 7 06:07:26 snort[55678]: | State Density : 39.6%
Sep 7 06:07:26 snort[55678]: | Transitions : 214230506
Sep 7 06:07:26 snort[55678]: | Transitions : 214230506
Sep 7 06:07:26 snort[55678]: | States : 2113969
Sep 7 06:07:26 snort[55678]: | States : 2113969
Sep 7 06:07:26 snort[55678]: | Characters : 2815103
Sep 7 06:07:26 snort[55678]: | Characters : 2815103
Sep 7 06:07:26 snort[55678]: | Instances : 1518
Sep 7 06:07:26 snort[55678]: | Instances : 1518
Sep 7 06:07:26 snort[55678]: | Sizeof State : 4 bytes
Sep 7 06:07:26 snort[55678]: | Sizeof State : 4 bytes
Sep 7 06:07:26 snort[55678]: | Alphabet Size : 256 Chars
Sep 7 06:07:26 snort[55678]: | Alphabet Size : 256 Chars
Sep 7 06:07:26 snort[55678]: | Finite Automaton : DFA
Sep 7 06:07:26 snort[55678]: | Finite Automaton : DFA
Sep 7 06:07:26 snort[55678]: | Storage Format : Sparse-Bands
Sep 7 06:07:26 snort[55678]: | Storage Format : Sparse-Bands
Sep 7 06:07:26 snort[55678]: +- [ Aho-Corasick Summary ] –-----------------------------------
Sep 7 06:07:26 snort[55678]: +- [ Aho-Corasick Summary ] –-----------------------------------
Sep 7 06:07:26 snort[55678]: [ Port Based Pattern Matching Memory ]
Sep 7 06:07:26 snort[55678]: [ Port Based Pattern Matching Memory ]
Sep 7 06:07:26 snort[55678]:
Sep 7 06:07:26 snort[55678]:
Sep 7 06:03:34 snort[55678]: 406 out of 1024 flowbits in use.
Sep 7 06:03:34 snort[55678]: 406 out of 1024 flowbits in use.
Sep 7 06:03:34 snort[55678]: Warning: flowbits key 'http.dxf' is checked but not ever set.
Sep 7 06:03:34 snort[55678]: Warning: flowbits key 'http.dxf' is checked but not ever set.
Sep 7 06:03:34 snort[55678]: Warning: flowbits key 'http.plf' is set but not ever checked.
Sep 7 06:03:34 snort[55678]: Warning: flowbits key 'http.plf' is set but not ever checked.
Sep 7 06:03:34 snort[55678]: Warning: flowbits key 'ET.http.binary' is checked but not ever set.
Sep 7 06:03:34 snort[55678]: Warning: flowbits key 'ET.http.binary' is checked but not ever set.
Sep 7 06:03:34 snort[55678]: Warning: flowbits key 'csv.download' is checked but not ever set.
Sep 7 06:03:34 snort[55678]: Warning: flowbits key 'csv.download' is checked but not ever set.
Sep 7 06:03:34 snort[55678]: Warning: flowbits key 'http.manifest' is checked but not ever set.
Sep 7 06:03:34 snort[55678]: Warning: flowbits key 'http.manifest' is checked but not ever set.
Sep 7 06:03:34 snort[55678]: Warning: flowbits key 'http.pct' is checked but not ever set.
Sep 7 06:03:34 snort[55678]: Warning: flowbits key 'http.pct' is checked but not ever set.
Sep 7 06:03:34 snort[55678]: Warning: flowbits key 'http.fpx' is checked but not ever set.
Sep 7 06:03:34 snort[55678]: Warning: flowbits key 'http.fpx' is checked but not ever set.
Sep 7 06:03:34 snort[55678]: Warning: flowbits key 'http.cov' is checked but not ever set.
Sep 7 06:03:34 snort[55678]: Warning: flowbits key 'http.cov' is checked but not ever set.
Sep 7 06:03:34 snort[55678]: Warning: flowbits key 'Backdoor.Bersek.Init' is set but not ever checked.
Sep 7 06:03:34 snort[55678]: Warning: flowbits key 'Backdoor.Bersek.Init' is set but not ever checked.
Sep 7 06:03:34 snort[55678]: Warning: flowbits key '4xm.request' is checked but not ever set.
Sep 7 06:03:34 snort[55678]: Warning: flowbits key '4xm.request' is checked but not ever set.
Sep 7 06:03:34 snort[55678]: Warning: flowbits key 'java_class_file.request' is checked but not ever set.
Sep 7 06:03:34 snort[55678]: Warning: flowbits key 'java_class_file.request' is checked but not ever set.
Sep 7 06:03:34 snort[55678]: Warning: flowbits key 'ET.gadu.loggedin' is checked but not ever set.
Sep 7 06:03:34 snort[55678]: Warning: flowbits key 'ET.gadu.loggedin' is checked but not ever set.
Sep 7 06:03:34 snort[55678]: Warning: flowbits key 'http.stat_code_407' is checked but not ever set.
Sep 7 06:03:34 snort[55678]: Warning: flowbits key 'http.stat_code_407' is checked but not ever set.
Sep 7 06:03:34 snort[55678]: Warning: flowbits key 'http.xpm' is checked but not ever set.
Sep 7 06:03:34 snort[55678]: Warning: flowbits key 'http.xpm' is checked but not ever set.
Sep 7 06:03:34 snort[55678]: Warning: flowbits key 'vnc.auth' is checked but not ever set.
Sep 7 06:03:34 snort[55678]: Warning: flowbits key 'vnc.auth' is checked but not ever set.
Sep 7 06:03:34 snort[55678]: Warning: flowbits key 'download.pecompact.binary' is checked but not ever set.
Sep 7 06:03:34 snort[55678]: Warning: flowbits key 'download.pecompact.binary' is checked but not ever set.
Sep 7 06:03:34 snort[55678]: Warning: flowbits key 'svg_file.request' is checked but not ever set.
Sep 7 06:03:34 snort[55678]: Warning: flowbits key 'svg_file.request' is checked but not ever set.
Sep 7 06:03:34 snort[55678]: Warning: flowbits key 'ET.http.javaclient.vulnerable' is checked but not ever set.
Sep 7 06:03:34 snort[55678]: Warning: flowbits key 'ET.http.javaclient.vulnerable' is checked but not ever set.
Sep 7 06:03:34 snort[55678]: Warning: flowbits key 'http.realplayer' is checked but not ever set.
Sep 7 06:03:34 snort[55678]: Warning: flowbits key 'http.realplayer' is checked but not ever set.
Sep 7 06:03:34 snort[55678]: Warning: flowbits key 'ET.RBN' is set but not ever checked.
Sep 7 06:03:34 snort[55678]: Warning: flowbits key 'ET.RBN' is set but not ever checked.
Sep 7 06:03:34 snort[55678]: Warning: flowbits key 'http.swf' is checked but not ever set.
Sep 7 06:03:34 snort[55678]: Warning: flowbits key 'http.swf' is checked but not ever set.
Sep 7 06:03:34 snort[55678]: Warning: flowbits key 'realplayer.playlist' is checked but not ever set.
Sep 7 06:03:34 snort[55678]: Warning: flowbits key 'realplayer.playlist' is checked but not ever set.
Sep 7 06:03:34 snort[55678]: Warning: flowbits key 'http.jpeg' is checked but not ever set.
Sep 7 06:03:34 snort[55678]: Warning: flowbits key 'http.jpeg' is checked but not ever set.
Sep 7 06:03:34 snort[55678]: Warning: flowbits key 'xspf_file.request' is checked but not ever set.
Sep 7 06:03:34 snort[55678]: Warning: flowbits key 'xspf_file.request' is checked but not ever set.
Sep 7 06:03:34 snort[55678]: Warning: flowbits key 'wav_file.request' is checked but not ever set.
Sep 7 06:03:34 snort[55678]: Warning: flowbits key 'wav_file.request' is checked but not ever set.
Sep 7 06:03:34 snort[55678]: Warning: flowbits key 'http.pdf' is checked but not ever set.
Sep 7 06:03:34 snort[55678]: Warning: flowbits key 'http.pdf' is checked but not ever set.
Sep 7 06:03:34 snort[55678]: Warning: flowbits key 'ms.publisher.file' is set but not ever checked.
Sep 7 06:03:34 snort[55678]: Warning: flowbits key 'ms.publisher.file' is set but not ever checked.
Sep 7 06:03:34 snort[55678]: Warning: flowbits key 'http.xlw' is checked but not ever set.
Sep 7 06:03:34 snort[55678]: Warning: flowbits key 'http.xlw' is checked but not ever set.
Sep 7 06:03:34 snort[55678]: Warning: flowbits key 'sslv2.server_hello.request' is checked but not ever set.
Sep 7 06:03:34 snort[55678]: Warning: flowbits key 'sslv2.server_hello.request' is checked but not ever set.
Sep 7 06:03:34 snort[55678]: Warning: flowbits key 'Netspy_Command_Pattern' is set but not ever checked.
Sep 7 06:03:34 snort[55678]: Warning: flowbits key 'Netspy_Command_Pattern' is set but not ever checked.
Sep 7 06:03:34 snort[55678]: Warning: flowbits key 'http.torrent' is checked but not ever set.
Sep 7 06:03:34 snort[55678]: Warning: flowbits key 'http.torrent' is checked but not ever set.
Sep 7 06:03:34 snort[55678]: Warning: flowbits key 'ipp.application' is checked but not ever set.
Sep 7 06:03:34 snort[55678]: Warning: flowbits key 'ipp.application' is checked but not ever set.
Sep 7 06:03:34 snort[55678]: Warning: flowbits key 'arj_file.request' is checked but not ever set.
Sep 7 06:03:34 snort[55678]: Warning: flowbits key 'arj_file.request' is checked but not ever set.
Sep 7 06:03:34 snort[55678]: Warning: flowbits key 'http.chm' is set but not ever checked.
Sep 7 06:03:34 snort[55678]: Warning: flowbits key 'http.chm' is set but not ever checked.
Sep 7 06:03:34 snort[55678]: Warning: flowbits key 'http.search-ms' is checked but not ever set.
Sep 7 06:03:34 snort[55678]: Warning: flowbits key 'http.search-ms' is checked but not ever set.
Sep 7 06:03:34 snort[55678]: Warning: flowbits key 'ET.Evil' is set but not ever checked.
Sep 7 06:03:34 snort[55678]: Warning: flowbits key 'ET.Evil' is set but not ever checked.
Sep 7 06:03:34 snort[55678]: Warning: flowbits key 'http.ttf' is checked but not ever set.
Sep 7 06:03:34 snort[55678]: Warning: flowbits key 'http.ttf' is checked but not ever set.
Sep 7 06:03:34 snort[55678]: Warning: flowbits key 'http.pub' is checked but not ever set.
Sep 7 06:03:34 snort[55678]: Warning: flowbits key 'http.pub' is checked but not ever set.
Sep 7 06:03:34 snort[55678]: Warning: flowbits key 'BrAin_Wiper_Chat' is set but not ever checked.
Sep 7 06:03:34 snort[55678]: Warning: flowbits key 'BrAin_Wiper_Chat' is set but not ever checked.
Sep 7 06:03:34 snort[55678]: Warning: flowbits key 'eot.download' is checked but not ever set.
Sep 7 06:03:34 snort[55678]: Warning: flowbits key 'eot.download' is checked but not ever set.
Sep 7 06:03:34 snort[55678]: Warning: flowbits key 'snipernet' is set but not ever checked.
Sep 7 06:03:34 snort[55678]: Warning: flowbits key 'snipernet' is set but not ever checked.
Sep 7 06:03:34 snort[55678]: Warning: flowbits key 'PtakkS_Keepalive' is set but not ever checked.
Sep 7 06:03:34 snort[55678]: Warning: flowbits key 'PtakkS_Keepalive' is set but not ever checked.
Sep 7 06:03:34 snort[55678]: Warning: flowbits key 'tlsv1.client_hello.request' is checked but not ever set.
Sep 7 06:03:34 snort[55678]: Warning: flowbits key 'tlsv1.client_hello.request' is checked but not ever set.
Sep 7 06:03:34 snort[55678]: Warning: flowbits key 'http.bmp' is checked but not ever set.
Sep 7 06:03:34 snort[55678]: Warning: flowbits key 'http.bmp' is checked but not ever set.
Sep 7 06:03:34 snort[55678]: Warning: flowbits key 'http.exe' is checked but not ever set.
Sep 7 06:03:34 snort[55678]: Warning: flowbits key 'http.exe' is checked but not ever set.
Sep 7 06:03:34 snort[55678]: Warning: flowbits key 'tlsv1.server_hello.request' is checked but not ever set.
Sep 7 06:03:34 snort[55678]: Warning: flowbits key 'tlsv1.server_hello.request' is checked but not ever set.
Sep 7 06:03:34 snort[55678]: Warning: flowbits key 'asp.upload' is set but not ever checked.
Sep 7 06:03:34 snort[55678]: Warning: flowbits key 'asp.upload' is set but not ever checked.
Sep 7 06:03:34 snort[55678]: Warning: flowbits key 'http.rat' is set but not ever checked.
Sep 7 06:03:34 snort[55678]: Warning: flowbits key 'http.rat' is set but not ever checked.
Sep 7 06:03:34 snort[55678]: Warning: flowbits key 'ET.RBN.Malvertiser' is set but not ever checked.
Sep 7 06:03:34 snort[55678]: Warning: flowbits key 'ET.RBN.Malvertiser' is set but not ever checked.
Sep 7 06:03:34 snort[55678]: Warning: 'ignore_any_rules' option for Stream5 UDP disabled because of UDP rule with flow or flowbits option
Sep 7 06:03:34 snort[55678]: Warning: 'ignore_any_rules' option for Stream5 UDP disabled because of UDP rule with flow or flowbits option
Sep 7 06:03:34 snort[55678]: Verifying Preprocessor Configurations!
Sep 7 06:03:34 snort[55678]: Verifying Preprocessor Configurations!
Sep 7 06:03:34 snort[55678]: Rule application order: activation->dynamic->pass->drop->sdrop->reject->alert->log
Sep 7 06:03:34 snort[55678]: Rule application order: activation->dynamic->pass->drop->sdrop->reject->alert->log
Sep 7 06:03:34 snort[55678]: –-----------------------------------------------------------------------------
Sep 7 06:03:34 snort[55678]: –-----------------------------------------------------------------------------
Sep 7 06:03:34 snort[55678]: | none
Sep 7 06:03:34 snort[55678]: | none
Sep 7 06:03:34 snort[55678]: +–---------------------[suppression]–----------------------------------------
Sep 7 06:03:34 snort[55678]: +–---------------------[suppression]–----------------------------------------
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406211 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406211 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406785 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406785 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2001219 type=Threshold tracking=src count=5 seconds=120
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2001219 type=Threshold tracking=src count=5 seconds=120
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2003387 type=Limit tracking=src count=5 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2003387 type=Limit tracking=src count=5 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406619 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406619 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2008378 type=Limit tracking=src count=2 seconds=300
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2008378 type=Limit tracking=src count=2 seconds=300
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406188 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406188 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2001582 type=Both tracking=src count=40 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2001582 type=Both tracking=src count=40 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406210 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406210 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406322 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406322 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406379 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406379 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406382 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406382 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406750 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406750 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406191 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406191 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406903 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406903 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406153 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406153 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406686 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406686 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406674 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406674 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406734 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406734 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406494 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406494 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406066 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406066 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2408050 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2408050 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406797 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406797 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2008428 type=Limit tracking=src count=2 seconds=300
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2008428 type=Limit tracking=src count=2 seconds=300
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406005 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406005 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406200 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406200 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406845 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406845 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406807 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406807 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406065 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406065 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406605 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406605 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406627 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406627 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406008 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406008 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406203 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406203 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2003622 type=Limit tracking=src count=3 seconds=300
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2003622 type=Limit tracking=src count=3 seconds=300
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2408062 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2408062 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406854 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406854 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2008257 type=Limit tracking=src count=2 seconds=300
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2008257 type=Limit tracking=src count=2 seconds=300
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406423 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406423 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406055 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406055 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2003171 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2003171 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406445 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406445 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406426 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406426 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406850 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406850 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2008440 type=Limit tracking=src count=2 seconds=300
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2008440 type=Limit tracking=src count=2 seconds=300
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406017 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406017 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406077 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406077 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406617 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406617 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406857 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406857 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406058 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406058 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2008912 type=Limit tracking=src count=2 seconds=300
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2008912 type=Limit tracking=src count=2 seconds=300
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406253 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406253 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406020 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406020 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406196 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406196 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2008544 type=Limit tracking=src count=2 seconds=300
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2008544 type=Limit tracking=src count=2 seconds=300
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2009512 type=Limit tracking=src count=2 seconds=300
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2009512 type=Limit tracking=src count=2 seconds=300
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2011030 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2011030 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2008663 type=Limit tracking=src count=2 seconds=300
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2008663 type=Limit tracking=src count=2 seconds=300
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2408067 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2408067 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2002842 type=Both tracking=src count=5 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2002842 type=Both tracking=src count=5 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406840 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406840 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2003258 type=Both tracking=src count=1 seconds=900
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2003258 type=Both tracking=src count=1 seconds=900
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406859 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406859 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406300 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406300 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406067 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406067 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406862 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406862 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406127 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406127 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406483 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406483 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406438 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406438 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406243 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406243 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406907 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406907 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406303 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406303 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406115 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406115 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406205 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406205 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406265 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406265 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406010 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406010 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406208 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406208 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2003260 type=Both tracking=src count=1 seconds=900
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2003260 type=Both tracking=src count=1 seconds=900
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406909 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406909 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2003068 type=Threshold tracking=src count=5 seconds=120
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2003068 type=Threshold tracking=src count=5 seconds=120
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2003270 type=Both tracking=src count=1 seconds=900
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2003270 type=Both tracking=src count=1 seconds=900
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406668 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406668 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406728 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406728 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406897 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406897 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406661 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406661 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406060 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406060 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406900 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406900 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406312 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406312 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2011975 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2011975 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406293 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406293 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406495 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406495 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406683 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406683 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406488 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406488 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406255 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406255 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406315 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406315 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406671 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406671 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406431 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406431 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406120 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406120 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406063 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406063 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2008549 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2008549 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2001569 type=Both tracking=src count=70 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2001569 type=Both tracking=src count=70 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406718 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406718 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406197 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406197 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406673 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406673 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406680 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406680 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406110 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406110 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406740 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406740 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406350 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406350 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406072 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406072 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406916 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406916 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406538 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406538 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406721 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406721 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406443 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406443 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2003259 type=Both tracking=src count=1 seconds=900
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2003259 type=Both tracking=src count=1 seconds=900
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406500 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406500 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406132 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406132 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406503 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406503 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406075 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406075 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406052 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406052 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406535 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406535 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406547 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406547 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406723 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406723 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406730 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406730 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406595 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406595 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406355 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406355 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2408046 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2408046 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406550 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406550 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406298 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406298 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406726 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406726 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406358 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406358 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2008657 type=Limit tracking=src count=2 seconds=300
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2008657 type=Limit tracking=src count=2 seconds=300
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2007701 type=Both tracking=src count=2 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2007701 type=Both tracking=src count=2 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406377 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406377 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406061 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406061 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406121 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406121 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406432 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406432 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2008363 type=Limit tracking=src count=2 seconds=300
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2008363 type=Limit tracking=src count=2 seconds=300
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406004 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406004 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406064 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406064 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2001864 type=Limit tracking=src count=1 seconds=360
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2001864 type=Limit tracking=src count=1 seconds=360
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406109 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406109 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2008423 type=Limit tracking=src count=2 seconds=300
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2008423 type=Limit tracking=src count=2 seconds=300
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406735 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406735 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406918 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406918 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406176 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406176 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406607 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406607 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2003254 type=Both tracking=src count=1 seconds=900
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2003254 type=Both tracking=src count=1 seconds=900
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406783 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406783 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406367 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406367 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406738 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406738 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2408035 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2408035 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406489 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406489 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406906 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406906 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406894 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406894 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406287 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406287 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2408038 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2408038 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406249 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406249 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406830 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406830 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406309 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406309 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2408000 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2408000 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2011668 type=Limit tracking=src count=1 seconds=300
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2011668 type=Limit tracking=src count=1 seconds=300
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406057 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406057 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406773 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406773 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2002400 type=Limit tracking=src count=2 seconds=360
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2002400 type=Limit tracking=src count=2 seconds=360
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406600 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406600 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406612 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406612 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406795 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406795 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2008352 type=Limit tracking=src count=1 seconds=3600
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2008352 type=Limit tracking=src count=1 seconds=3600
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2008914 type=Limit tracking=src count=2 seconds=300
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2008914 type=Limit tracking=src count=2 seconds=300
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2010643 type=Threshold tracking=src count=5 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2010643 type=Threshold tracking=src count=5 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406667 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406667 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2408047 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2408047 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406344 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406344 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406104 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406104 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406715 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406715 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2013492 type=Both tracking=src count=2 seconds=120
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2013492 type=Both tracking=src count=2 seconds=120
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2008658 type=Limit tracking=src count=2 seconds=300
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2008658 type=Limit tracking=src count=2 seconds=300
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406677 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406677 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406299 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406299 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406437 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406437 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406126 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406126 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406497 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406497 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406842 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406842 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406069 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406069 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406181 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406181 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406650 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406650 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406053 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406053 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406421 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406421 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406541 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406541 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406522 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406522 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406241 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406241 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2008536 type=Threshold tracking=src count=40 seconds=15
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2008536 type=Threshold tracking=src count=40 seconds=15
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406349 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406349 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406724 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406724 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406784 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406784 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2408052 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2408052 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406589 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406589 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406356 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406356 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406544 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406544 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406116 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406116 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2408040 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2408040 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2408055 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2408055 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406727 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406727 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406720 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406720 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406292 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406292 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406532 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406532 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2408043 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2408043 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2004443 type=Limit tracking=src count=2 seconds=300
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2004443 type=Limit tracking=src count=2 seconds=300
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406847 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406847 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406352 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406352 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406835 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406835 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2011497 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2011497 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406895 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406895 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406193 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406193 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406838 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406838 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2000031 type=Limit tracking=dst count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2000031 type=Limit tracking=dst count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406433 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406433 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406579 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406579 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406399 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406399 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2008184 type=Limit tracking=src count=2 seconds=300
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2008184 type=Limit tracking=src count=2 seconds=300
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406170 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406170 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406361 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406361 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406729 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406729 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406912 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406912 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2013416 type=Threshold tracking=dst count=10 seconds=20
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2013416 type=Threshold tracking=dst count=10 seconds=20
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406601 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406601 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406732 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406732 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2001564 type=Limit tracking=src count=5 seconds=300
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2001564 type=Limit tracking=src count=5 seconds=300
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2011915 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2011915 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406304 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406304 type=Limit tracking=src count=1 seconds=60
Sep 7 06:03:34 snort[55678]: | gen-id=1 sig-id=2406364 type=Limit tracking=src count=1 seconds=60
-
And again it happens… forcing a start again...
Sep 7 12:04:25 snort[1447]: Snort exiting
Sep 7 12:04:25 snort[1447]: Snort exiting
Sep 7 12:03:40 SnortStartup[59909]: Snort Soft Reload For 29323_bge1…
Sep 7 12:03:40 SnortStartup[59753]: Snort already running, soft restart
Sep 7 12:03:40 SnortStartup[58145]: Snort Startup files Sync…
Sep 7 12:03:38 snort[1447]: | gen-id=1 sig-id=2001219 type=Threshold tracking=src count=5 seconds=120 filtered=2
Sep 7 12:03:38 snort[1447]: | gen-id=1 sig-id=2001219 type=Threshold tracking=src count=5 seconds=120 filtered=2
Sep 7 12:03:38 snort[1447]: | gen-id=1 sig-id=2002911 type=Threshold tracking=src count=5 seconds=60 filtered=22
Sep 7 12:03:38 snort[1447]: | gen-id=1 sig-id=2002911 type=Threshold tracking=src count=5 seconds=60 filtered=22
Sep 7 12:03:38 snort[1447]: | gen-id=1 sig-id=2406823 type=Limit tracking=src count=1 seconds=60 filtered=12
Sep 7 12:03:38 snort[1447]: | gen-id=1 sig-id=2406823 type=Limit tracking=src count=1 seconds=60 filtered=12
Sep 7 12:03:38 snort[1447]: | gen-id=1 sig-id=2001972 type=Both tracking=src count=20 seconds=360 filtered=27
Sep 7 12:03:38 snort[1447]: | gen-id=1 sig-id=2001972 type=Both tracking=src count=20 seconds=360 filtered=27
Sep 7 12:03:38 snort[1447]: +–---------------------[filtered events]–------------------------------------
Sep 7 12:03:38 snort[1447]: +–---------------------[filtered events]–------------------------------------
Sep 7 12:03:38 snort[1447]: ===============================================================================
Sep 7 12:03:38 snort[1447]: ===============================================================================
Sep 7 12:03:38 snort[1447]: Detection disabled: 732
Sep 7 12:03:38 snort[1447]: Detection disabled: 732
Sep 7 12:03:38 snort[1447]: Sessions ignored: 5467
Sep 7 12:03:38 snort[1447]: Sessions ignored: 5467
Sep 7 12:03:38 snort[1447]: Bad handshakes: 0
Sep 7 12:03:38 snort[1447]: Bad handshakes: 0
Sep 7 12:03:38 snort[1447]: Completed handshakes: 0
Sep 7 12:03:38 snort[1447]: Completed handshakes: 0
Sep 7 12:03:38 snort[1447]: Unrecognized records: 18542
Sep 7 12:03:38 snort[1447]: Unrecognized records: 18542
Sep 7 12:03:38 snort[1447]: Alert: 1065
Sep 7 12:03:38 snort[1447]: Alert: 1065
Sep 7 12:03:38 snort[1447]: Server Application: 5471
Sep 7 12:03:38 snort[1447]: Server Application: 5471
Sep 7 12:03:38 snort[1447]: Client Application: 3527
Sep 7 12:03:38 snort[1447]: Client Application: 3527
Sep 7 12:03:38 snort[1447]: Finished: 0
Sep 7 12:03:38 snort[1447]: Finished: 0
Sep 7 12:03:38 snort[1447]: Change Cipher: 5912
Sep 7 12:03:38 snort[1447]: Change Cipher: 5912
Sep 7 12:03:38 snort[1447]: Server Key Exchange: 19
Sep 7 12:03:38 snort[1447]: Server Key Exchange: 19
Sep 7 12:03:38 snort[1447]: Client Key Exchange: 537
Sep 7 12:03:38 snort[1447]: Client Key Exchange: 537
Sep 7 12:03:38 snort[1447]: Server Done: 5741
Sep 7 12:03:38 snort[1447]: Server Done: 5741
Sep 7 12:03:38 snort[1447]: Certificate: 3030
Sep 7 12:03:38 snort[1447]: Certificate: 3030
Sep 7 12:03:38 snort[1447]: Server Hello: 4798
Sep 7 12:03:38 snort[1447]: Server Hello: 4798
Sep 7 12:03:38 snort[1447]: Client Hello: 701
Sep 7 12:03:38 snort[1447]: Client Hello: 701
Sep 7 12:03:38 snort[1447]: SSL packets decoded: 34648
Sep 7 12:03:38 snort[1447]: SSL packets decoded: 34648
Sep 7 12:03:38 snort[1447]: SSL Preprocessor:
Sep 7 12:03:38 snort[1447]: SSL Preprocessor:
Sep 7 12:03:38 snort[1447]: ===============================================================================
Sep 7 12:03:38 snort[1447]: ===============================================================================
Sep 7 12:03:38 snort[1447]: Total sessions: 0
Sep 7 12:03:38 snort[1447]: Total sessions: 0
Sep 7 12:03:38 snort[1447]: dcerpc2 Preprocessor Statistics
Sep 7 12:03:38 snort[1447]: dcerpc2 Preprocessor Statistics
Sep 7 12:03:38 snort[1447]: ===============================================================================
Sep 7 12:03:38 snort[1447]: ===============================================================================
Sep 7 12:03:38 snort[1447]: Total packets processed: 1131917
Sep 7 12:03:38 snort[1447]: Total packets processed: 1131917
Sep 7 12:03:38 snort[1447]: Gzip Decompressed Data Processed: n/a
Sep 7 12:03:38 snort[1447]: Gzip Decompressed Data Processed: n/a
Sep 7 12:03:38 snort[1447]: Gzip Compressed Data Processed: n/a
Sep 7 12:03:38 snort[1447]: Gzip Compressed Data Processed: n/a
Sep 7 12:03:38 snort[1447]: HTTP Response Gzip packets extracted: 0
Sep 7 12:03:38 snort[1447]: HTTP Response Gzip packets extracted: 0
Sep 7 12:03:38 snort[1447]: Self-referencing paths ("./"): 0
Sep 7 12:03:38 snort[1447]: Self-referencing paths ("./"): 0
Sep 7 12:03:38 snort[1447]: Extra slashes ("//"): 0
Sep 7 12:03:38 snort[1447]: Extra slashes ("//"): 0
Sep 7 12:03:38 snort[1447]: Directory traversals: 0
Sep 7 12:03:38 snort[1447]: Directory traversals: 0
Sep 7 12:03:38 snort[1447]: Base 36: 0
Sep 7 12:03:38 snort[1447]: Base 36: 0
Sep 7 12:03:38 snort[1447]: Non-ASCII representable: 0
Sep 7 12:03:38 snort[1447]: Non-ASCII representable: 0
Sep 7 12:03:38 snort[1447]: Double unicode: 0
Sep 7 12:03:38 snort[1447]: Double unicode: 0
Sep 7 12:03:38 snort[1447]: Unicode: 0
Sep 7 12:03:38 snort[1447]: Unicode: 0
Sep 7 12:03:38 snort[1447]: HTTP Response Cookies extracted: 0
Sep 7 12:03:38 snort[1447]: HTTP Response Cookies extracted: 0
Sep 7 12:03:38 snort[1447]: HTTP response Headers extracted: 0
Sep 7 12:03:38 snort[1447]: HTTP response Headers extracted: 0
Sep 7 12:03:38 snort[1447]: Post parameters extracted: 0
Sep 7 12:03:38 snort[1447]: Post parameters extracted: 0
Sep 7 12:03:38 snort[1447]: HTTP Request Cookies extracted: 0
Sep 7 12:03:38 snort[1447]: HTTP Request Cookies extracted: 0
Sep 7 12:03:38 snort[1447]: HTTP Request Headers extracted: 1
Sep 7 12:03:38 snort[1447]: HTTP Request Headers extracted: 1
Sep 7 12:03:38 snort[1447]: GET methods: 1
Sep 7 12:03:38 snort[1447]: GET methods: 1
Sep 7 12:03:38 snort[1447]: POST methods: 0
Sep 7 12:03:38 snort[1447]: POST methods: 0
Sep 7 12:03:38 snort[1447]: HTTP Inspect - encodings (Note: stream-reassembled packets included):
Sep 7 12:03:38 snort[1447]: HTTP Inspect - encodings (Note: stream-reassembled packets included):
Sep 7 12:03:38 snort[1447]: ===============================================================================
Sep 7 12:03:38 snort[1447]: ===============================================================================
Sep 7 12:03:38 snort[1447]: Tracked: 66427
Sep 7 12:03:38 snort[1447]: Tracked: 66427
Sep 7 12:03:38 snort[1447]: Inspected: 0
Sep 7 12:03:38 snort[1447]: Inspected: 0
Sep 7 12:03:38 snort[1447]: Dropped: 0
Sep 7 12:03:38 snort[1447]: Dropped: 0
Sep 7 12:03:38 snort[1447]: UDP Port Filter
Sep 7 12:03:38 snort[1447]: UDP Port Filter
Sep 7 12:03:38 snort[1447]: Tracked: 1439252
Sep 7 12:03:38 snort[1447]: Tracked: 1439252
Sep 7 12:03:38 snort[1447]: Inspected: 0
Sep 7 12:03:38 snort[1447]: Inspected: 0
Sep 7 12:03:38 snort[1447]: Dropped: 0
Sep 7 12:03:38 snort[1447]: Dropped: 0
Sep 7 12:03:38 snort[1447]: TCP Port Filter
Sep 7 12:03:38 snort[1447]: TCP Port Filter
Sep 7 12:03:38 snort[1447]: Internal Events: 0
Sep 7 12:03:38 snort[1447]: Internal Events: 0
Sep 7 12:03:38 snort[1447]: Events: 0
Sep 7 12:03:38 snort[1447]: Events: 0
Sep 7 12:03:38 snort[1447]: UDP Discards: 0
Sep 7 12:03:38 snort[1447]: UDP Discards: 0
Sep 7 12:03:38 snort[1447]: UDP Timeouts: 11322
Sep 7 12:03:38 snort[1447]: UDP Timeouts: 11322
Sep 7 12:03:38 snort[1447]: UDP Sessions Deleted: 65346
Sep 7 12:03:38 snort[1447]: UDP Sessions Deleted: 65346
Sep 7 12:03:38 snort[1447]: UDP Sessions Created: 65346
Sep 7 12:03:38 snort[1447]: UDP Sessions Created: 65346
Sep 7 12:03:38 snort[1447]: TCP Gaps: 4
Sep 7 12:03:38 snort[1447]: TCP Gaps: 4
Sep 7 12:03:38 snort[1447]: TCP Discards: 1231040
Sep 7 12:03:38 snort[1447]: TCP Discards: 1231040
Sep 7 12:03:38 snort[1447]: TCP Segments Used: 6
Sep 7 12:03:38 snort[1447]: TCP Segments Used: 6
Sep 7 12:03:38 snort[1447]: TCP Rebuilt Packets: 6
Sep 7 12:03:38 snort[1447]: TCP Rebuilt Packets: 6
Sep 7 12:03:38 snort[1447]: TCP Segments Released: 13
Sep 7 12:03:38 snort[1447]: TCP Segments Released: 13
Sep 7 12:03:38 snort[1447]: TCP Segments Queued: 13
Sep 7 12:03:38 snort[1447]: TCP Segments Queued: 13
Sep 7 12:03:38 snort[1447]: TCP Overlaps: 13
Sep 7 12:03:38 snort[1447]: TCP Overlaps: 13
Sep 7 12:03:38 snort[1447]: TCP Timeouts: 16702
Sep 7 12:03:38 snort[1447]: TCP Timeouts: 16702
Sep 7 12:03:38 snort[1447]: TCP StreamTrackers Deleted: 46023
Sep 7 12:03:38 snort[1447]: TCP StreamTrackers Deleted: 46023
Sep 7 12:03:38 snort[1447]: TCP StreamTrackers Created: 46023
Sep 7 12:03:38 snort[1447]: TCP StreamTrackers Created: 46023
Sep 7 12:03:38 snort[1447]: ICMP Prunes: 0
Sep 7 12:03:38 snort[1447]: ICMP Prunes: 0
Sep 7 12:03:38 snort[1447]: UDP Prunes: 0
Sep 7 12:03:38 snort[1447]: UDP Prunes: 0
Sep 7 12:03:38 snort[1447]: TCP Prunes: 0
Sep 7 12:03:38 snort[1447]: TCP Prunes: 0
Sep 7 12:03:38 snort[1447]: ICMP sessions: 0
Sep 7 12:03:38 snort[1447]: ICMP sessions: 0
Sep 7 12:03:38 snort[1447]: UDP sessions: 54024
Sep 7 12:03:38 snort[1447]: UDP sessions: 54024
Sep 7 12:03:38 snort[1447]: TCP sessions: 40315
Sep 7 12:03:38 snort[1447]: TCP sessions: 40315
Sep 7 12:03:38 snort[1447]: Total sessions: 94339
Sep 7 12:03:38 snort[1447]: Total sessions: 94339
Sep 7 12:03:38 snort[1447]: Stream5 statistics:
Sep 7 12:03:38 snort[1447]: Stream5 statistics:
Sep 7 12:03:38 snort[1447]: ===============================================================================
Sep 7 12:03:38 snort[1447]: ===============================================================================
Sep 7 12:03:38 snort[1447]: Frag Nodes Deleted: 146
Sep 7 12:03:38 snort[1447]: Frag Nodes Deleted: 146
Sep 7 12:03:38 snort[1447]: Frag Nodes Inserted: 146
Sep 7 12:03:38 snort[1447]: Frag Nodes Inserted: 146
Sep 7 12:03:38 snort[1447]: FragTrackers Auto Freed: 0
Sep 7 12:03:38 snort[1447]: FragTrackers Auto Freed: 0
Sep 7 12:03:38 snort[1447]: FragTrackers Dumped: 73
Sep 7 12:03:38 snort[1447]: FragTrackers Dumped: 73
Sep 7 12:03:38 snort[1447]: FragTrackers Added: 73
Sep 7 12:03:38 snort[1447]: FragTrackers Added: 73
Sep 7 12:03:38 snort[1447]: Drops: 0
Sep 7 12:03:38 snort[1447]: Drops: 0
Sep 7 12:03:38 snort[1447]: Alerts: 0
Sep 7 12:03:38 snort[1447]: Alerts: 0
Sep 7 12:03:38 snort[1447]: Anomalies: 0
Sep 7 12:03:38 snort[1447]: Anomalies: 0
Sep 7 12:03:38 snort[1447]: Overlaps: 0
Sep 7 12:03:38 snort[1447]: Overlaps: 0
Sep 7 12:03:38 snort[1447]: Timeouts: 0
Sep 7 12:03:38 snort[1447]: Timeouts: 0
Sep 7 12:03:38 snort[1447]: Memory Faults: 0
Sep 7 12:03:38 snort[1447]: Memory Faults: 0
Sep 7 12:03:38 snort[1447]: Discards: 0
Sep 7 12:03:38 snort[1447]: Discards: 0
Sep 7 12:03:38 snort[1447]: Frags Reassembled: 73
Sep 7 12:03:38 snort[1447]: Frags Reassembled: 73
Sep 7 12:03:38 snort[1447]: Total Fragments: 146
Sep 7 12:03:38 snort[1447]: Total Fragments: 146
Sep 7 12:03:38 snort[1447]: Frag3 statistics:
Sep 7 12:03:38 snort[1447]: Frag3 statistics:
Sep 7 12:03:38 snort[1447]: ===============================================================================
Sep 7 12:03:38 snort[1447]: ===============================================================================
Sep 7 12:03:38 snort[1447]: Ignore: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: Ignore: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: Blacklist: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: Blacklist: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: Whitelist: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: Whitelist: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: Replace: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: Replace: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: Block: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: Block: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: Allow: 3361019 ( 99.999%)
Sep 7 12:03:38 snort[1447]: Allow: 3361019 ( 99.999%)
Sep 7 12:03:38 snort[1447]: Verdicts:
Sep 7 12:03:38 snort[1447]: Verdicts:
Sep 7 12:03:38 snort[1447]: Event Limit: 63
Sep 7 12:03:38 snort[1447]: Event Limit: 63
Sep 7 12:03:38 snort[1447]: Log Limit: 0
Sep 7 12:03:38 snort[1447]: Log Limit: 0
Sep 7 12:03:38 snort[1447]: Queue Limit: 0
Sep 7 12:03:38 snort[1447]: Queue Limit: 0
Sep 7 12:03:38 snort[1447]: Match Limit: 0
Sep 7 12:03:38 snort[1447]: Match Limit: 0
Sep 7 12:03:38 snort[1447]: Passed: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: Passed: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: Logged: 211 ( 0.006%)
Sep 7 12:03:38 snort[1447]: Logged: 211 ( 0.006%)
Sep 7 12:03:38 snort[1447]: Alerts: 211 ( 0.006%)
Sep 7 12:03:38 snort[1447]: Alerts: 211 ( 0.006%)
Sep 7 12:03:38 snort[1447]: Action Stats:
Sep 7 12:03:38 snort[1447]: Action Stats:
Sep 7 12:03:38 snort[1447]: ===============================================================================
Sep 7 12:03:38 snort[1447]: ===============================================================================
Sep 7 12:03:38 snort[1447]: Total: 3361101
Sep 7 12:03:38 snort[1447]: Total: 3361101
Sep 7 12:03:38 snort[1447]: S5 G 2: 1 ( 0.000%)
Sep 7 12:03:38 snort[1447]: S5 G 2: 1 ( 0.000%)
Sep 7 12:03:38 snort[1447]: S5 G 1: 8 ( 0.000%)
Sep 7 12:03:38 snort[1447]: S5 G 1: 8 ( 0.000%)
Sep 7 12:03:38 snort[1447]: Bad TTL: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: Bad TTL: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: Bad Chk Sum: 1825099 ( 54.301%)
Sep 7 12:03:38 snort[1447]: Bad Chk Sum: 1825099 ( 54.301%)
Sep 7 12:03:38 snort[1447]: Other: 256544 ( 7.633%)
Sep 7 12:03:38 snort[1447]: Other: 256544 ( 7.633%)
Sep 7 12:03:38 snort[1447]: All Discard: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: All Discard: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: ICMP Disc: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: ICMP Disc: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: UDP Disc: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: UDP Disc: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: TCP Disc: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: TCP Disc: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: IP6 Disc: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: IP6 Disc: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: IP4 Disc: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: IP4 Disc: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: Eth Disc: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: Eth Disc: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: Eth Loop: 2136 ( 0.064%)
Sep 7 12:03:38 snort[1447]: Eth Loop: 2136 ( 0.064%)
Sep 7 12:03:38 snort[1447]: IPX: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: IPX: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: ARP: 80 ( 0.002%)
Sep 7 12:03:38 snort[1447]: ARP: 80 ( 0.002%)
Sep 7 12:03:38 snort[1447]: MPLS: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: MPLS: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: GRE Loop: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: GRE Loop: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: GRE IPX: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: GRE IPX: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: GRE ARP: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: GRE ARP: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: GRE PPTP: 57158 ( 1.701%)
Sep 7 12:03:38 snort[1447]: GRE PPTP: 57158 ( 1.701%)
Sep 7 12:03:38 snort[1447]: GRE IP6 Ext: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: GRE IP6 Ext: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: GRE IP6: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: GRE IP6: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: GRE IP4: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: GRE IP4: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: GRE VLAN: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: GRE VLAN: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: GRE Eth: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: GRE Eth: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: GRE: 57158 ( 1.701%)
Sep 7 12:03:38 snort[1447]: GRE: 57158 ( 1.701%)
Sep 7 12:03:38 snort[1447]: IP6/IP6: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: IP6/IP6: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: IP6/IP4: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: IP6/IP4: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: IP4/IP6: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: IP4/IP6: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: IP4/IP4: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: IP4/IP4: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: EAPOL: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: EAPOL: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: ICMP-IP: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: ICMP-IP: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: Teredo: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: Teredo: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: TCP6: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: TCP6: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: UDP6: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: UDP6: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: ICMP6: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: ICMP6: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: Frag6: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: Frag6: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: IP6 Opts: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: IP6 Opts: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: IP6 Ext: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: IP6 Ext: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: IP6: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: IP6: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: TCP: 2906835 ( 86.485%)
Sep 7 12:03:38 snort[1447]: TCP: 2906835 ( 86.485%)
Sep 7 12:03:38 snort[1447]: UDP: 135830 ( 4.041%)
Sep 7 12:03:38 snort[1447]: UDP: 135830 ( 4.041%)
Sep 7 12:03:38 snort[1447]: ICMP: 2445 ( 0.073%)
Sep 7 12:03:38 snort[1447]: ICMP: 2445 ( 0.073%)
Sep 7 12:03:38 snort[1447]: Frag: 146 ( 0.004%)
Sep 7 12:03:38 snort[1447]: Frag: 146 ( 0.004%)
Sep 7 12:03:38 snort[1447]: IP4: 3358529 ( 99.923%)
Sep 7 12:03:38 snort[1447]: IP4: 3358529 ( 99.923%)
Sep 7 12:03:38 snort[1447]: VLAN: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: VLAN: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: Eth: 3361101 (100.000%)
Sep 7 12:03:38 snort[1447]: Eth: 3361101 (100.000%)
Sep 7 12:03:38 snort[1447]: Breakdown by protocol (includes rebuilt packets):
Sep 7 12:03:38 snort[1447]: Breakdown by protocol (includes rebuilt packets):
Sep 7 12:03:38 snort[1447]: ===============================================================================
Sep 7 12:03:38 snort[1447]: ===============================================================================
Sep 7 12:03:38 snort[1447]: Injected: 0
Sep 7 12:03:38 snort[1447]: Injected: 0
Sep 7 12:03:38 snort[1447]: Outstanding: 38 ( 0.001%)
Sep 7 12:03:38 snort[1447]: Outstanding: 38 ( 0.001%)
Sep 7 12:03:38 snort[1447]: Filtered: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: Filtered: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: Dropped: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: Dropped: 0 ( 0.000%)
Sep 7 12:03:38 snort[1447]: Analyzed: 3361019 ( 99.999%)
Sep 7 12:03:38 snort[1447]: Analyzed: 3361019 ( 99.999%)
Sep 7 12:03:38 snort[1447]: Received: 3361057
Sep 7 12:03:38 snort[1447]: Received: 3361057
Sep 7 12:03:38 snort[1447]: Packet I/O Totals:
Sep 7 12:03:38 snort[1447]: Packet I/O Totals:
Sep 7 12:03:38 snort[1447]: ===============================================================================
Sep 7 12:03:38 snort[1447]: ===============================================================================
Sep 7 12:03:37 snort[1447]: Pkts/sec: 157
Sep 7 12:03:37 snort[1447]: Pkts/sec: 157
Sep 7 12:03:37 snort[1447]: Pkts/min: 9441
Sep 7 12:03:37 snort[1447]: Pkts/min: 9441
Sep 7 12:03:37 snort[1447]: Pkts/hr: 672203
Sep 7 12:03:37 snort[1447]: Pkts/hr: 672203
Sep 7 12:03:37 snort[1447]: Snort ran for 0 days 5 hours 56 minutes 10 seconds
Sep 7 12:03:37 snort[1447]: Snort ran for 0 days 5 hours 56 minutes 10 seconds
Sep 7 12:03:36 snort[1447]: Snort processed 3361019 packets.
Sep 7 12:03:36 snort[1447]: Snort processed 3361019 packets.
Sep 7 12:03:36 snort[1447]: Run time for packet processing was 21370.563516 seconds
Sep 7 12:03:36 snort[1447]: Run time for packet processing was 21370.563516 seconds
Sep 7 12:03:36 snort[1447]: ===============================================================================
Sep 7 12:03:36 snort[1447]: ===============================================================================
Sep 7 12:03:35 snort[1447]: *** Caught Term-Signal
Sep 7 12:03:35 snort[1447]: *** Caught Term-Signal
Sep 7 12:03:34 SnortStartup[50450]: Snort HARD STOP For 29323_bge1…
-
Something in your system is happening.
Try to find out what event is triggering this.
-
I guess I could do a clean install and import my config; I'll have to find a good time to do that. In the mean time I guess I'll keep clicking "Start". Thanks Ermal! I kinda wondered if things would come to this; especially since my other system is running fine.
-
You aren't the only one who's seeing this happen. It has happened ever since I upgraded to this newer version. I did a clean install yesterday hoping that would fix it. It stopped last night right after midnight. I'm guessing it was when it updated the rules. I've also seen it stop in the middle of the day (possibly when the gateway goes down since I've had some Internet issues caused by a recent storm). I'll have to review the logs a bit closer to see what else is going on.
Steve
-
I just put a fix in the package that should not stop anymore the package after an update but just tigger a config reload.
Can you please reinstall the package files, not necessary a full re-install, and see if this occurs again?
-
I made some rule changes and entered the default info into HTTP Inspect Settings. I hadn't done that on either system; so far so good… I'll keep an eye on it and as soon as I have things die again I'll do a reinstall. I'm still considering doing a clean install. Thanks for your help Ermal!
-
Just an update - Still no problems with Snort exiting… (knock on wood)... I have all preprocessors running except Port Scan and have no *scan rules enabled; I don't know if that would be part of the problems, so I'm eliminating that.
Update The wood must have been rotten; having to redo system from scratch. Hopefully that will clear up all my problems.
-
I just started to notice this issue and it's already fixed :). @ermal thanks for the quick fix, much appreciated!
-th3r3isnospoon
-
Well mine was going good for a few days after the last update. Then this morning it exited again right after midnight as it did before. I'm heading to work, but can poke around later today.
Sep 11 00:11:45 router SnortStartup[43087]: Snort Startup files Sync... Sep 11 00:11:45 router SnortStartup[44709]: Snort already running, soft restart Sep 11 00:11:45 router SnortStartup[45017]: Snort Soft Reload For 31706_re0... Sep 11 00:11:45 router snort[2268]: Sep 11 00:11:45 router snort[2268]: Sep 11 00:11:45 router snort[2268]: --== Reloading Snort ==-- Sep 11 00:11:45 router snort[2268]: --== Reloading Snort ==-- Sep 11 00:11:45 router snort[2268]: Sep 11 00:11:45 router snort[2268]: Sep 11 00:11:58 router snort[2268]: PortVar 'HTTP_PORTS' defined : Sep 11 00:11:58 router snort[2268]: PortVar 'HTTP_PORTS' defined : Sep 11 00:11:58 router snort[2268]: [ 80 ] Sep 11 00:11:58 router snort[2268]: [ 80 ] Sep 11 00:11:58 router snort[2268]: Sep 11 00:11:58 router snort[2268]: Sep 11 00:11:58 router snort[2268]: PortVar 'SHELLCODE_PORTS' defined : Sep 11 00:11:58 router snort[2268]: PortVar 'SHELLCODE_PORTS' defined : Sep 11 00:11:58 router snort[2268]: [ 0:79 81:65535 ] Sep 11 00:11:58 router snort[2268]: [ 0:79 81:65535 ] Sep 11 00:11:58 router snort[2268]: Sep 11 00:11:58 router snort[2268]: Sep 11 00:11:58 router snort[2268]: PortVar 'ORACLE_PORTS' defined : Sep 11 00:11:58 router snort[2268]: PortVar 'ORACLE_PORTS' defined : Sep 11 00:11:58 router snort[2268]: [ 1521 ] Sep 11 00:11:58 router snort[2268]: [ 1521 ] Sep 11 00:11:58 router snort[2268]: Sep 11 00:11:58 router snort[2268]: Sep 11 00:11:58 router snort[2268]: PortVar 'AUTH_PORTS' defined : Sep 11 00:11:58 router snort[2268]: PortVar 'AUTH_PORTS' defined : Sep 11 00:11:58 router snort[2268]: [ 113 ] Sep 11 00:11:58 router snort[2268]: [ 113 ] Sep 11 00:11:58 router snort[2268]: Sep 11 00:11:58 router snort[2268]: Sep 11 00:11:58 router snort[2268]: PortVar 'DNS_PORTS' defined : Sep 11 00:11:58 router snort[2268]: PortVar 'DNS_PORTS' defined : Sep 11 00:11:58 router snort[2268]: [ 53 ] Sep 11 00:11:58 router snort[2268]: [ 53 ] Sep 11 00:11:58 router snort[2268]: Sep 11 00:11:58 router snort[2268]: Sep 11 00:11:58 router snort[2268]: PortVar 'FINGER_PORTS' defined : Sep 11 00:11:58 router snort[2268]: PortVar 'FINGER_PORTS' defined : Sep 11 00:11:58 router snort[2268]: [ 79 ] Sep 11 00:11:58 router snort[2268]: [ 79 ] Sep 11 00:11:58 router snort[2268]: Sep 11 00:11:58 router snort[2268]: Sep 11 00:11:58 router snort[2268]: PortVar 'FTP_PORTS' defined : Sep 11 00:11:58 router snort[2268]: PortVar 'FTP_PORTS' defined : Sep 11 00:11:58 router snort[2268]: [ 21 ] Sep 11 00:11:58 router snort[2268]: [ 21 ] Sep 11 00:11:58 router snort[2268]: Sep 11 00:11:58 router snort[2268]: Sep 11 00:11:58 router snort[2268]: PortVar 'IMAP_PORTS' defined : Sep 11 00:11:58 router snort[2268]: PortVar 'IMAP_PORTS' defined : Sep 11 00:11:58 router snort[2268]: [ 143 ] Sep 11 00:11:58 router snort[2268]: [ 143 ] Sep 11 00:11:58 router snort[2268]: Sep 11 00:11:58 router snort[2268]: Sep 11 00:11:58 router snort[2268]: PortVar 'IRC_PORTS' defined : Sep 11 00:11:58 router snort[2268]: PortVar 'IRC_PORTS' defined : Sep 11 00:11:58 router snort[2268]: [ 6665:6669 7000 ] Sep 11 00:11:58 router snort[2268]: [ 6665:6669 7000 ] Sep 11 00:11:58 router snort[2268]: Sep 11 00:11:58 router snort[2268]: Sep 11 00:11:58 router snort[2268]: PortVar 'MSSQL_PORTS' defined : Sep 11 00:11:58 router snort[2268]: PortVar 'MSSQL_PORTS' defined : Sep 11 00:11:58 router snort[2268]: [ 1433 ] Sep 11 00:11:58 router snort[2268]: [ 1433 ] Sep 11 00:11:58 router snort[2268]: Sep 11 00:11:58 router snort[2268]: Sep 11 00:11:58 router snort[2268]: PortVar 'NNTP_PORTS' defined : Sep 11 00:11:58 router snort[2268]: PortVar 'NNTP_PORTS' defined : Sep 11 00:11:58 router snort[2268]: [ 119 ] Sep 11 00:11:58 router snort[2268]: [ 119 ] Sep 11 00:11:58 router snort[2268]: Sep 11 00:11:58 router snort[2268]: Sep 11 00:11:58 router snort[2268]: PortVar 'POP2_PORTS' defined : Sep 11 00:11:58 router snort[2268]: PortVar 'POP2_PORTS' defined : Sep 11 00:11:58 router snort[2268]: [ 109 ] Sep 11 00:11:58 router snort[2268]: [ 109 ] Sep 11 00:11:58 router snort[2268]: Sep 11 00:11:58 router snort[2268]: Sep 11 00:11:58 router snort[2268]: PortVar 'POP3_PORTS' defined : Sep 11 00:11:58 router snort[2268]: PortVar 'POP3_PORTS' defined : Sep 11 00:11:58 router snort[2268]: [ 110 ] Sep 11 00:11:58 router snort[2268]: [ 110 ] Sep 11 00:11:58 router snort[2268]: Sep 11 00:11:58 router snort[2268]: Sep 11 00:11:58 router snort[2268]: PortVar 'SUNRPC_PORTS' defined : Sep 11 00:11:58 router snort[2268]: PortVar 'SUNRPC_PORTS' defined : Sep 11 00:11:58 router snort[2268]: [ 111 32770:32779 ] Sep 11 00:11:58 router snort[2268]: [ 111 32770:32779 ] Sep 11 00:11:58 router snort[2268]: Sep 11 00:11:58 router snort[2268]: Sep 11 00:11:58 router snort[2268]: PortVar 'RLOGIN_PORTS' defined : Sep 11 00:11:58 router snort[2268]: PortVar 'RLOGIN_PORTS' defined : Sep 11 00:11:58 router snort[2268]: [ 513 ] Sep 11 00:11:58 router snort[2268]: [ 513 ] Sep 11 00:11:58 router snort[2268]: Sep 11 00:11:58 router snort[2268]: Sep 11 00:11:58 router snort[2268]: PortVar 'RSH_PORTS' defined : Sep 11 00:11:58 router snort[2268]: PortVar 'RSH_PORTS' defined : Sep 11 00:11:58 router snort[2268]: [ 514 ] Sep 11 00:11:58 router snort[2268]: [ 514 ] Sep 11 00:11:58 router snort[2268]: Sep 11 00:11:58 router snort[2268]: Sep 11 00:11:58 router snort[2268]: PortVar 'SMB_PORTS' defined : Sep 11 00:11:58 router snort[2268]: PortVar 'SMB_PORTS' defined : Sep 11 00:11:58 router snort[2268]: [ 139 445 ] Sep 11 00:11:58 router snort[2268]: [ 139 445 ] Sep 11 00:11:58 router snort[2268]: Sep 11 00:11:58 router snort[2268]: Sep 11 00:11:58 router snort[2268]: PortVar 'SMTP_PORTS' defined : Sep 11 00:11:58 router snort[2268]: PortVar 'SMTP_PORTS' defined : Sep 11 00:11:58 router snort[2268]: [ 25 ] Sep 11 00:11:58 router snort[2268]: [ 25 ] Sep 11 00:11:58 router snort[2268]: Sep 11 00:11:58 router snort[2268]: Sep 11 00:11:58 router snort[2268]: PortVar 'SNMP_PORTS' defined : Sep 11 00:11:58 router snort[2268]: PortVar 'SNMP_PORTS' defined : Sep 11 00:11:58 router snort[2268]: [ 161 ] Sep 11 00:11:58 router snort[2268]: [ 161 ] Sep 11 00:11:58 router snort[2268]: Sep 11 00:11:58 router snort[2268]: Sep 11 00:11:58 router snort[2268]: PortVar 'SSH_PORTS' defined : Sep 11 00:11:58 router snort[2268]: PortVar 'SSH_PORTS' defined : Sep 11 00:11:58 router snort[2268]: [ 22 ] Sep 11 00:11:58 router snort[2268]: [ 22 ] Sep 11 00:11:58 router snort[2268]: Sep 11 00:11:58 router snort[2268]: Sep 11 00:11:58 router snort[2268]: PortVar 'TELNET_PORTS' defined : Sep 11 00:11:58 router snort[2268]: PortVar 'TELNET_PORTS' defined : Sep 11 00:11:58 router snort[2268]: [ 23 ] Sep 11 00:11:58 router snort[2268]: [ 23 ] Sep 11 00:11:58 router snort[2268]: Sep 11 00:11:58 router snort[2268]: Sep 11 00:11:58 router snort[2268]: PortVar 'MAIL_PORTS' defined : Sep 11 00:11:58 router snort[2268]: PortVar 'MAIL_PORTS' defined : Sep 11 00:11:58 router snort[2268]: [ 25 143 465 691 ] Sep 11 00:11:58 router snort[2268]: [ 25 143 465 691 ] Sep 11 00:11:58 router snort[2268]: Sep 11 00:11:58 router snort[2268]: Sep 11 00:11:58 router snort[2268]: PortVar 'SSL_PORTS' defined : Sep 11 00:11:58 router snort[2268]: PortVar 'SSL_PORTS' defined : Sep 11 00:11:58 router snort[2268]: [ 443 465 563 636 989:990 992:995 ] Sep 11 00:11:58 router snort[2268]: [ 443 465 563 636 989:990 992:995 ] Sep 11 00:11:58 router snort[2268]: Sep 11 00:11:58 router snort[2268]: Sep 11 00:11:58 router snort[2268]: PortVar 'SIP_PROXY_PORTS' defined : Sep 11 00:11:58 router snort[2268]: PortVar 'SIP_PROXY_PORTS' defined : Sep 11 00:11:58 router snort[2268]: [ 5060:5090 16384:32768 ] Sep 11 00:11:58 router snort[2268]: [ 5060:5090 16384:32768 ] Sep 11 00:11:58 router snort[2268]: Sep 11 00:11:58 router snort[2268]: Sep 11 00:11:58 router snort[2268]: PortVar 'DCERPC_NCACN_IP_TCP' defined : Sep 11 00:11:58 router snort[2268]: PortVar 'DCERPC_NCACN_IP_TCP' defined : Sep 11 00:11:58 router snort[2268]: [ 139 445 ] Sep 11 00:11:58 router snort[2268]: [ 139 445 ] Sep 11 00:11:58 router snort[2268]: Sep 11 00:11:58 router snort[2268]: Sep 11 00:11:58 router snort[2268]: PortVar 'DCERPC_NCADG_IP_UDP' defined : Sep 11 00:11:58 router snort[2268]: PortVar 'DCERPC_NCADG_IP_UDP' defined : Sep 11 00:11:58 router snort[2268]: [ 138 1024:65535 ] Sep 11 00:11:58 router snort[2268]: [ 138 1024:65535 ] Sep 11 00:11:58 router snort[2268]: Sep 11 00:11:58 router snort[2268]: Sep 11 00:11:58 router snort[2268]: PortVar 'DCERPC_NCACN_IP_LONG' defined : Sep 11 00:11:58 router snort[2268]: PortVar 'DCERPC_NCACN_IP_LONG' defined : Sep 11 00:11:58 router snort[2268]: [ 135 139 445 593 1024:65535 ] Sep 11 00:11:58 router snort[2268]: [ 135 139 445 593 1024:65535 ] Sep 11 00:11:58 router snort[2268]: Sep 11 00:11:58 router snort[2268]: Sep 11 00:11:58 router snort[2268]: PortVar 'DCERPC_NCACN_UDP_LONG' defined : Sep 11 00:11:58 router snort[2268]: PortVar 'DCERPC_NCACN_UDP_LONG' defined : Sep 11 00:11:58 router snort[2268]: [ 135 1024:65535 ] Sep 11 00:11:58 router snort[2268]: [ 135 1024:65535 ] Sep 11 00:11:58 router snort[2268]: Sep 11 00:11:58 router snort[2268]: Sep 11 00:11:58 router snort[2268]: PortVar 'DCERPC_NCACN_UDP_SHORT' defined : Sep 11 00:11:58 router snort[2268]: PortVar 'DCERPC_NCACN_UDP_SHORT' defined : Sep 11 00:11:58 router snort[2268]: [ 135 593 1024:65535 ] Sep 11 00:11:58 router snort[2268]: [ 135 593 1024:65535 ] Sep 11 00:11:58 router snort[2268]: Sep 11 00:11:58 router snort[2268]: Sep 11 00:11:58 router snort[2268]: PortVar 'DCERPC_NCACN_TCP' defined : Sep 11 00:11:58 router snort[2268]: PortVar 'DCERPC_NCACN_TCP' defined : Sep 11 00:11:58 router snort[2268]: [ 2103 2105 2107 ] Sep 11 00:11:58 router snort[2268]: [ 2103 2105 2107 ] Sep 11 00:11:58 router snort[2268]: Sep 11 00:11:58 router snort[2268]: Sep 11 00:11:58 router snort[2268]: PortVar 'DCERPC_BRIGHTSTORE' defined : Sep 11 00:11:58 router snort[2268]: PortVar 'DCERPC_BRIGHTSTORE' defined : Sep 11 00:11:58 router snort[2268]: [ 6503:6504 ] Sep 11 00:11:58 router snort[2268]: [ 6503:6504 ] Sep 11 00:11:58 router snort[2268]: Sep 11 00:11:58 router snort[2268]: Sep 11 00:11:58 router snort[2268]: Detection: Sep 11 00:11:58 router snort[2268]: Detection: Sep 11 00:11:58 router snort[2268]: Search-Method = AC-BNFA-Q Sep 11 00:11:58 router snort[2268]: Search-Method = AC-BNFA-Q Sep 11 00:12:00 router snort[2268]: Found pid path directive (/var/log/snort/run) Sep 11 00:12:00 router snort[2268]: Found pid path directive (/var/log/snort/run) Sep 11 00:12:00 router snort[2268]: Snort Reload: Any change to the dynamic detection configuration requires a restart. Sep 11 00:12:00 router snort[2268]: Snort Reload: Any change to the dynamic detection configuration requires a restart. Sep 11 00:12:00 router snort[2268]: Reload via Signal HUP does not work if you aren't root or are chroot'ed. Sep 11 00:12:00 router snort[2268]: Reload via Signal HUP does not work if you aren't root or are chroot'ed. Sep 11 00:12:00 router kernel: re0: promiscuous mode disabled Sep 11 00:12:15 router snort[2268]: S5: Pruned session from cache that was using 1100271 bytes (purge whole cache). 68.114.132.47 18699 --> 72.21.81.132 80 : LWstate 0xe LWFlags 0x226007 Sep 11 00:12:15 router snort[2268]: S5: Pruned session from cache that was using 1100271 bytes (purge whole cache). 68.114.132.47 18699 --> 72.21.81.132 80 : LWstate 0xe LWFlags 0x226007 Sep 11 00:12:24 router snort[2268]: =============================================================================== Sep 11 00:12:24 router snort[2268]: =============================================================================== Sep 11 00:12:24 router snort[2268]: Packet I/O Totals: Sep 11 00:12:24 router snort[2268]: Packet I/O Totals: Sep 11 00:12:24 router snort[2268]: Received: 6620311 Sep 11 00:12:24 router snort[2268]: Received: 6620311 Sep 11 00:12:24 router snort[2268]: Analyzed: 6493083 ( 98.078%) Sep 11 00:12:24 router snort[2268]: Analyzed: 6493083 ( 98.078%) Sep 11 00:12:24 router snort[2268]: Dropped: 127217 ( 1.922%) Sep 11 00:12:24 router snort[2268]: Dropped: 127217 ( 1.922%) Sep 11 00:12:24 router snort[2268]: Filtered: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: Filtered: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: Outstanding: 127228 ( 1.922%) Sep 11 00:12:24 router snort[2268]: Outstanding: 127228 ( 1.922%) Sep 11 00:12:24 router snort[2268]: Injected: 0 Sep 11 00:12:24 router snort[2268]: Injected: 0 Sep 11 00:12:24 router snort[2268]: =============================================================================== Sep 11 00:12:24 router snort[2268]: =============================================================================== Sep 11 00:12:24 router snort[2268]: Breakdown by protocol (includes rebuilt packets): Sep 11 00:12:24 router snort[2268]: Breakdown by protocol (includes rebuilt packets): Sep 11 00:12:24 router snort[2268]: Eth: 6493093 (100.000%) Sep 11 00:12:24 router snort[2268]: Eth: 6493093 (100.000%) Sep 11 00:12:24 router snort[2268]: VLAN: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: VLAN: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: IP4: 5077672 ( 78.201%) Sep 11 00:12:24 router snort[2268]: IP4: 5077672 ( 78.201%) Sep 11 00:12:24 router snort[2268]: Frag: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: Frag: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: ICMP: 363464 ( 5.598%) Sep 11 00:12:24 router snort[2268]: ICMP: 363464 ( 5.598%) Sep 11 00:12:24 router snort[2268]: UDP: 357544 ( 5.507%) Sep 11 00:12:24 router snort[2268]: UDP: 357544 ( 5.507%) Sep 11 00:12:24 router snort[2268]: TCP: 4354220 ( 67.059%) Sep 11 00:12:24 router snort[2268]: TCP: 4354220 ( 67.059%) Sep 11 00:12:24 router snort[2268]: IP6: 2372 ( 0.037%) Sep 11 00:12:24 router snort[2268]: IP6: 2372 ( 0.037%) Sep 11 00:12:24 router snort[2268]: IP6 Ext: 2372 ( 0.037%) Sep 11 00:12:24 router snort[2268]: IP6 Ext: 2372 ( 0.037%) Sep 11 00:12:24 router snort[2268]: IP6 Opts: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: IP6 Opts: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: Frag6: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: Frag6: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: ICMP6: 2035 ( 0.031%) Sep 11 00:12:24 router snort[2268]: ICMP6: 2035 ( 0.031%) Sep 11 00:12:24 router snort[2268]: UDP6: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: UDP6: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: TCP6: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: TCP6: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: Teredo: 2372 ( 0.037%) Sep 11 00:12:24 router snort[2268]: Teredo: 2372 ( 0.037%) Sep 11 00:12:24 router snort[2268]: ICMP-IP: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: ICMP-IP: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: EAPOL: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: EAPOL: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: IP4/IP4: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: IP4/IP4: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: IP4/IP6: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: IP4/IP6: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: IP6/IP4: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: IP6/IP4: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: IP6/IP6: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: IP6/IP6: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: GRE: 2444 ( 0.038%) Sep 11 00:12:24 router snort[2268]: GRE: 2444 ( 0.038%) Sep 11 00:12:24 router snort[2268]: GRE Eth: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: GRE Eth: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: GRE VLAN: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: GRE VLAN: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: GRE IP4: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: GRE IP4: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: GRE IP6: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: GRE IP6: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: GRE IP6 Ext: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: GRE IP6 Ext: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: GRE PPTP: 2444 ( 0.038%) Sep 11 00:12:24 router snort[2268]: GRE PPTP: 2444 ( 0.038%) Sep 11 00:12:24 router snort[2268]: GRE ARP: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: GRE ARP: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: GRE IPX: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: GRE IPX: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: GRE Loop: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: GRE Loop: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: MPLS: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: MPLS: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: ARP: 1415421 ( 21.799%) Sep 11 00:12:24 router snort[2268]: ARP: 1415421 ( 21.799%) Sep 11 00:12:24 router snort[2268]: IPX: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: IPX: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: Eth Loop: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: Eth Loop: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: Eth Disc: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: Eth Disc: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: IP4 Disc: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: IP4 Disc: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: IP6 Disc: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: IP6 Disc: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: TCP Disc: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: TCP Disc: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: UDP Disc: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: UDP Disc: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: ICMP Disc: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: ICMP Disc: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: All Discard: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: All Discard: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: Other: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: Other: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: Bad Chk Sum: 2626993 ( 40.458%) Sep 11 00:12:24 router snort[2268]: Bad Chk Sum: 2626993 ( 40.458%) Sep 11 00:12:24 router snort[2268]: Bad TTL: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: Bad TTL: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: S5 G 1: 10 ( 0.000%) Sep 11 00:12:24 router snort[2268]: S5 G 1: 10 ( 0.000%) Sep 11 00:12:24 router snort[2268]: S5 G 2: 1 ( 0.000%) Sep 11 00:12:24 router snort[2268]: S5 G 2: 1 ( 0.000%) Sep 11 00:12:24 router snort[2268]: Total: 6493093 Sep 11 00:12:24 router snort[2268]: Total: 6493093 Sep 11 00:12:24 router snort[2268]: =============================================================================== Sep 11 00:12:24 router snort[2268]: =============================================================================== Sep 11 00:12:24 router snort[2268]: Action Stats: Sep 11 00:12:24 router snort[2268]: Action Stats: Sep 11 00:12:24 router snort[2268]: Alerts: 23 ( 0.000%) Sep 11 00:12:24 router snort[2268]: Alerts: 23 ( 0.000%) Sep 11 00:12:24 router snort[2268]: Logged: 23 ( 0.000%) Sep 11 00:12:24 router snort[2268]: Logged: 23 ( 0.000%) Sep 11 00:12:24 router snort[2268]: Passed: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: Passed: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: Match Limit: 0 Sep 11 00:12:24 router snort[2268]: Match Limit: 0 Sep 11 00:12:24 router snort[2268]: Queue Limit: 0 Sep 11 00:12:24 router snort[2268]: Queue Limit: 0 Sep 11 00:12:24 router snort[2268]: Log Limit: 0 Sep 11 00:12:24 router snort[2268]: Log Limit: 0 Sep 11 00:12:24 router snort[2268]: Event Limit: 446 Sep 11 00:12:24 router snort[2268]: Event Limit: 446 Sep 11 00:12:24 router snort[2268]: Verdicts: Sep 11 00:12:24 router snort[2268]: Verdicts: Sep 11 00:12:24 router snort[2268]: Allow: 6493082 ( 98.078%) Sep 11 00:12:24 router snort[2268]: Allow: 6493082 ( 98.078%) Sep 11 00:12:24 router snort[2268]: Block: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: Block: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: Replace: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: Replace: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: Whitelist: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: Whitelist: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: Blacklist: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: Blacklist: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: Ignore: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: Ignore: 0 ( 0.000%) Sep 11 00:12:24 router snort[2268]: =============================================================================== Sep 11 00:12:24 router snort[2268]: =============================================================================== Sep 11 00:12:24 router snort[2268]: Frag3 statistics: Sep 11 00:12:24 router snort[2268]: Frag3 statistics: Sep 11 00:12:24 router snort[2268]: Total Fragments: 0 Sep 11 00:12:24 router snort[2268]: Total Fragments: 0 Sep 11 00:12:24 router snort[2268]: Frags Reassembled: 0 Sep 11 00:12:24 router snort[2268]: Frags Reassembled: 0 Sep 11 00:12:24 router snort[2268]: Discards: 0 Sep 11 00:12:24 router snort[2268]: Discards: 0 Sep 11 00:12:24 router snort[2268]: Memory Faults: 0 Sep 11 00:12:24 router snort[2268]: Memory Faults: 0 Sep 11 00:12:24 router snort[2268]: Timeouts: 0 Sep 11 00:12:24 router snort[2268]: Timeouts: 0 Sep 11 00:12:24 router snort[2268]: Overlaps: 0 Sep 11 00:12:24 router snort[2268]: Overlaps: 0 Sep 11 00:12:24 router snort[2268]: Anomalies: 0 Sep 11 00:12:24 router snort[2268]: Anomalies: 0 Sep 11 00:12:24 router snort[2268]: Alerts: 0 Sep 11 00:12:24 router snort[2268]: Alerts: 0 Sep 11 00:12:24 router snort[2268]: Drops: 0 Sep 11 00:12:24 router snort[2268]: Drops: 0 Sep 11 00:12:24 router snort[2268]: FragTrackers Added: 0 Sep 11 00:12:24 router snort[2268]: FragTrackers Added: 0 Sep 11 00:12:24 router snort[2268]: FragTrackers Dumped: 0 Sep 11 00:12:24 router snort[2268]: FragTrackers Dumped: 0 Sep 11 00:12:24 router snort[2268]: FragTrackers Auto Freed: 0 Sep 11 00:12:24 router snort[2268]: FragTrackers Auto Freed: 0 Sep 11 00:12:24 router snort[2268]: Frag Nodes Inserted: 0 Sep 11 00:12:24 router snort[2268]: Frag Nodes Inserted: 0 Sep 11 00:12:24 router snort[2268]: Frag Nodes Deleted: 0 Sep 11 00:12:24 router snort[2268]: Frag Nodes Deleted: 0 Sep 11 00:12:24 router snort[2268]: =============================================================================== Sep 11 00:12:24 router snort[2268]: =============================================================================== Sep 11 00:12:24 router snort[2268]: Stream5 statistics: Sep 11 00:12:24 router snort[2268]: Stream5 statistics: Sep 11 00:12:24 router snort[2268]: Total sessions: 82695 Sep 11 00:12:24 router snort[2268]: Total sessions: 82695 Sep 11 00:12:24 router snort[2268]: TCP sessions: 52142 Sep 11 00:12:24 router snort[2268]: TCP sessions: 52142 Sep 11 00:12:24 router snort[2268]: UDP sessions: 30553 Sep 11 00:12:24 router snort[2268]: UDP sessions: 30553 Sep 11 00:12:24 router snort[2268]: ICMP sessions: 0 Sep 11 00:12:24 router snort[2268]: ICMP sessions: 0 Sep 11 00:12:24 router snort[2268]: TCP Prunes: 0 Sep 11 00:12:24 router snort[2268]: TCP Prunes: 0 Sep 11 00:12:24 router snort[2268]: UDP Prunes: 0 Sep 11 00:12:24 router snort[2268]: UDP Prunes: 0 Sep 11 00:12:24 router snort[2268]: ICMP Prunes: 0 Sep 11 00:12:24 router snort[2268]: ICMP Prunes: 0 Sep 11 00:12:24 router snort[2268]: TCP StreamTrackers Created: 67492 Sep 11 00:12:24 router snort[2268]: TCP StreamTrackers Created: 67492 Sep 11 00:12:24 router snort[2268]: TCP StreamTrackers Deleted: 67492 Sep 11 00:12:24 router snort[2268]: TCP StreamTrackers Deleted: 67492 Sep 11 00:12:24 router snort[2268]: TCP Timeouts: 19964 Sep 11 00:12:24 router snort[2268]: TCP Timeouts: 19964 Sep 11 00:12:24 router snort[2268]: TCP Overlaps: 26 Sep 11 00:12:24 router snort[2268]: TCP Overlaps: 26 Sep 11 00:12:24 router snort[2268]: TCP Segments Queued: 707 Sep 11 00:12:24 router snort[2268]: TCP Segments Queued: 707 Sep 11 00:12:24 router snort[2268]: TCP Segments Released: 707 Sep 11 00:12:24 router snort[2268]: TCP Segments Released: 707 Sep 11 00:12:24 router snort[2268]: TCP Rebuilt Packets: 11 Sep 11 00:12:24 router snort[2268]: TCP Rebuilt Packets: 11 Sep 11 00:12:24 router snort[2268]: TCP Segments Used: 11 Sep 11 00:12:24 router snort[2268]: TCP Segments Used: 11 Sep 11 00:12:24 router snort[2268]: TCP Discards: 1868984 Sep 11 00:12:24 router snort[2268]: TCP Discards: 1868984 Sep 11 00:12:24 router snort[2268]: TCP Gaps: 0 Sep 11 00:12:24 router snort[2268]: TCP Gaps: 0 Sep 11 00:12:24 router snort[2268]: UDP Sessions Created: 40057 Sep 11 00:12:24 router snort[2268]: UDP Sessions Created: 40057 Sep 11 00:12:24 router snort[2268]: UDP Sessions Deleted: 40057 Sep 11 00:12:24 router snort[2268]: UDP Sessions Deleted: 40057 Sep 11 00:12:24 router snort[2268]: UDP Timeouts: 9504 Sep 11 00:12:24 router snort[2268]: UDP Timeouts: 9504 Sep 11 00:12:24 router snort[2268]: UDP Discards: 0 Sep 11 00:12:24 router snort[2268]: UDP Discards: 0 Sep 11 00:12:24 router snort[2268]: Events: 0 Sep 11 00:12:24 router snort[2268]: Events: 0 Sep 11 00:12:24 router snort[2268]: Internal Events: 0 Sep 11 00:12:24 router snort[2268]: Internal Events: 0 Sep 11 00:12:24 router snort[2268]: TCP Port Filter Sep 11 00:12:24 router snort[2268]: TCP Port Filter Sep 11 00:12:24 router snort[2268]: Dropped: 0 Sep 11 00:12:24 router snort[2268]: Dropped: 0 Sep 11 00:12:24 router snort[2268]: Inspected: 0 Sep 11 00:12:24 router snort[2268]: Inspected: 0 Sep 11 00:12:24 router snort[2268]: Tracked: 2072467 Sep 11 00:12:24 router snort[2268]: Tracked: 2072467 Sep 11 00:12:24 router snort[2268]: UDP Port Filter Sep 11 00:12:24 router snort[2268]: UDP Port Filter Sep 11 00:12:24 router snort[2268]: Dropped: 0 Sep 11 00:12:24 router snort[2268]: Dropped: 0 Sep 11 00:12:24 router snort[2268]: Inspected: 0 Sep 11 00:12:24 router snort[2268]: Inspected: 0 Sep 11 00:12:24 router snort[2268]: Tracked: 193967 Sep 11 00:12:24 router snort[2268]: Tracked: 193967 Sep 11 00:12:24 router snort[2268]: =============================================================================== Sep 11 00:12:24 router snort[2268]: =============================================================================== Sep 11 00:12:24 router snort[2268]: HTTP Inspect - encodings (Note: stream-reassembled packets included): Sep 11 00:12:24 router snort[2268]: HTTP Inspect - encodings (Note: stream-reassembled packets included): Sep 11 00:12:24 router snort[2268]: POST methods: 59 Sep 11 00:12:24 router snort[2268]: POST methods: 59 Sep 11 00:12:24 router snort[2268]: GET methods: 33173 Sep 11 00:12:24 router snort[2268]: GET methods: 33173 Sep 11 00:12:24 router snort[2268]: HTTP Request Headers extracted: 33232 Sep 11 00:12:24 router snort[2268]: HTTP Request Headers extracted: 33232 Sep 11 00:12:24 router snort[2268]: HTTP Request Cookies extracted: 0 Sep 11 00:12:24 router snort[2268]: HTTP Request Cookies extracted: 0 Sep 11 00:12:24 router snort[2268]: Post parameters extracted: 47 Sep 11 00:12:24 router snort[2268]: Post parameters extracted: 47 Sep 11 00:12:24 router snort[2268]: HTTP response Headers extracted: 0 Sep 11 00:12:24 router snort[2268]: HTTP response Headers extracted: 0 Sep 11 00:12:24 router snort[2268]: HTTP Response Cookies extracted: 0 Sep 11 00:12:24 router snort[2268]: HTTP Response Cookies extracted: 0 Sep 11 00:12:24 router snort[2268]: Unicode: 2 Sep 11 00:12:24 router snort[2268]: Unicode: 2 Sep 11 00:12:24 router snort[2268]: Double unicode: 0 Sep 11 00:12:24 router snort[2268]: Double unicode: 0 Sep 11 00:12:24 router snort[2268]: Non-ASCII representable: 0 Sep 11 00:12:24 router snort[2268]: Non-ASCII representable: 0 Sep 11 00:12:24 router snort[2268]: Base 36: 0 Sep 11 00:12:24 router snort[2268]: Base 36: 0 Sep 11 00:12:24 router snort[2268]: Directory traversals: 0 Sep 11 00:12:24 router snort[2268]: Directory traversals: 0 Sep 11 00:12:24 router snort[2268]: Extra slashes ("//"): 1188 Sep 11 00:12:24 router snort[2268]: Extra slashes ("//"): 1188 Sep 11 00:12:24 router snort[2268]: Self-referencing paths ("./"): 0 Sep 11 00:12:24 router snort[2268]: Self-referencing paths ("./"): 0 Sep 11 00:12:24 router snort[2268]: HTTP Response Gzip packets extracted: 0 Sep 11 00:12:24 router snort[2268]: HTTP Response Gzip packets extracted: 0 Sep 11 00:12:24 router snort[2268]: Gzip Compressed Data Processed: n/a Sep 11 00:12:24 router snort[2268]: Gzip Compressed Data Processed: n/a Sep 11 00:12:24 router snort[2268]: Gzip Decompressed Data Processed: n/a Sep 11 00:12:24 router snort[2268]: Gzip Decompressed Data Processed: n/a Sep 11 00:12:24 router snort[2268]: Total packets processed: 1574820 Sep 11 00:12:24 router snort[2268]: Total packets processed: 1574820 Sep 11 00:12:24 router snort[2268]: =============================================================================== Sep 11 00:12:24 router snort[2268]: =============================================================================== Sep 11 00:12:24 router snort[2268]: dcerpc2 Preprocessor Statistics Sep 11 00:12:24 router snort[2268]: dcerpc2 Preprocessor Statistics Sep 11 00:12:24 router snort[2268]: Total sessions: 0 Sep 11 00:12:24 router snort[2268]: Total sessions: 0 Sep 11 00:12:24 router snort[2268]: =============================================================================== Sep 11 00:12:24 router snort[2268]: =============================================================================== Sep 11 00:12:24 router snort[2268]: SSL Preprocessor: Sep 11 00:12:24 router snort[2268]: SSL Preprocessor: Sep 11 00:12:24 router snort[2268]: SSL packets decoded: 42423 Sep 11 00:12:24 router snort[2268]: SSL packets decoded: 42423 Sep 11 00:12:24 router snort[2268]: Client Hello: 530 Sep 11 00:12:24 router snort[2268]: Client Hello: 530 Sep 11 00:12:24 router snort[2268]: Server Hello: 7729 Sep 11 00:12:24 router snort[2268]: Server Hello: 7729 Sep 11 00:12:24 router snort[2268]: Certificate: 5883 Sep 11 00:12:24 router snort[2268]: Certificate: 5883 Sep 11 00:12:24 router snort[2268]: Server Done: 9344 Sep 11 00:12:24 router snort[2268]: Server Done: 9344 Sep 11 00:12:24 router snort[2268]: Client Key Exchange: 499 Sep 11 00:12:24 router snort[2268]: Client Key Exchange: 499 Sep 11 00:12:24 router snort[2268]: Server Key Exchange: 137 Sep 11 00:12:24 router snort[2268]: Server Key Exchange: 137 Sep 11 00:12:24 router snort[2268]: Change Cipher: 8507 Sep 11 00:12:24 router snort[2268]: Change Cipher: 8507 Sep 11 00:12:24 router snort[2268]: Finished: 0 Sep 11 00:12:24 router snort[2268]: Finished: 0 Sep 11 00:12:24 router snort[2268]: Client Application: 6009 Sep 11 00:12:24 router snort[2268]: Client Application: 6009 Sep 11 00:12:24 router snort[2268]: Server Application: 8877 Sep 11 00:12:24 router snort[2268]: Server Application: 8877 Sep 11 00:12:24 router snort[2268]: Alert: 366 Sep 11 00:12:24 router snort[2268]: Alert: 366 Sep 11 00:12:24 router snort[2268]: Unrecognized records: 18409 Sep 11 00:12:24 router snort[2268]: Unrecognized records: 18409 Sep 11 00:12:24 router snort[2268]: Completed handshakes: 0 Sep 11 00:12:24 router snort[2268]: Completed handshakes: 0 Sep 11 00:12:24 router snort[2268]: Bad handshakes: 0 Sep 11 00:12:24 router snort[2268]: Bad handshakes: 0 Sep 11 00:12:24 router snort[2268]: Sessions ignored: 8877 Sep 11 00:12:24 router snort[2268]: Sessions ignored: 8877 Sep 11 00:12:24 router snort[2268]: Detection disabled: 42 Sep 11 00:12:24 router snort[2268]: Detection disabled: 42 Sep 11 00:12:24 router snort[2268]: =============================================================================== Sep 11 00:12:24 router snort[2268]: =============================================================================== Sep 11 00:12:24 router snort[2268]: +-----------------------[filtered events]-------------------------------------- Sep 11 00:12:24 router snort[2268]: +-----------------------[filtered events]-------------------------------------- Sep 11 00:12:24 router snort[2268]: | gen-id=1 sig-id=2500962 type=Limit tracking=src count=1 seconds=60 filtered=1 Sep 11 00:12:24 router snort[2268]: | gen-id=1 sig-id=2500962 type=Limit tracking=src count=1 seconds=60 filtered=1 Sep 11 00:12:24 router snort[2268]: | gen-id=1 sig-id=2002994 type=Both tracking=src count=30 seconds=60 filtered=111 Sep 11 00:12:24 router snort[2268]: | gen-id=1 sig-id=2002994 type=Both tracking=src count=30 seconds=60 filtered=111 Sep 11 00:12:24 router snort[2268]: | gen-id=1 sig-id=2001972 type=Both tracking=src count=20 seconds=360 filtered=19 Sep 11 00:12:24 router snort[2268]: | gen-id=1 sig-id=2001972 type=Both tracking=src count=20 seconds=360 filtered=19 Sep 11 00:12:24 router snort[2268]: | gen-id=1 sig-id=2501114 type=Limit tracking=src count=1 seconds=60 filtered=20 Sep 11 00:12:24 router snort[2268]: | gen-id=1 sig-id=2501114 type=Limit tracking=src count=1 seconds=60 filtered=20 Sep 11 00:12:24 router snort[2268]: | gen-id=1 sig-id=2500068 type=Limit tracking=src count=1 seconds=60 filtered=1 Sep 11 00:12:24 router snort[2268]: | gen-id=1 sig-id=2500068 type=Limit tracking=src count=1 seconds=60 filtered=1 Sep 11 00:12:24 router snort[2268]: | gen-id=1 sig-id=2002995 type=Both tracking=src count=30 seconds=60 filtered=261 Sep 11 00:12:24 router snort[2268]: | gen-id=1 sig-id=2002995 type=Both tracking=src count=30 seconds=60 filtered=261 Sep 11 00:12:24 router snort[2268]: | gen-id=1 sig-id=2500600 type=Limit tracking=src count=1 seconds=60 filtered=1 Sep 11 00:12:24 router snort[2268]: | gen-id=1 sig-id=2500600 type=Limit tracking=src count=1 seconds=60 filtered=1 Sep 11 00:12:24 router snort[2268]: | gen-id=1 sig-id=2500970 type=Limit tracking=src count=1 seconds=60 filtered=1 Sep 11 00:12:24 router snort[2268]: | gen-id=1 sig-id=2500970 type=Limit tracking=src count=1 seconds=60 filtered=1 Sep 11 00:12:24 router snort[2268]: | gen-id=1 sig-id=2001219 type=Threshold tracking=src count=5 seconds=120 filtered=28 Sep 11 00:12:24 router snort[2268]: | gen-id=1 sig-id=2001219 type=Threshold tracking=src count=5 seconds=120 filtered=28 Sep 11 00:12:24 router snort[2268]: | gen-id=1 sig-id=2002911 type=Threshold tracking=src count=5 seconds=60 filtered=3 Sep 11 00:12:24 router snort[2268]: | gen-id=1 sig-id=2002911 type=Threshold tracking=src count=5 seconds=60 filtered=3 Sep 11 00:13:11 router snort[2268]: Snort exiting Sep 11 00:13:11 router snort[2268]: Snort exiting
-
I've been running 2.0-RC3 (i386) built on Sat Sep 10 17:10:54 EDT 2011 for 2 days, 03:19 w/ no exits and limited rule categories. So far so good. I'm hopeful that 2.0 final will workout fine since seeing swinn's post.
