ALT Linux Bugzilla
– Attachment 17378 Details for
Bug 32823
Не запускается из под systemd
New bug
|
Search
|
[?]
|
Help
Register
|
Log In
[x]
|
Forgot Password
Login:
[x]
|
EN
|
RU
Лог journalctl
snort.log (text/x-log), 63.69 KB, created by
Владислав Елисеев
on 2024-12-12 15:35:48 MSK
(
hide
)
Description:
Лог journalctl
Filename:
MIME Type:
Creator:
Владислав Елисеев
Created:
2024-12-12 15:35:48 MSK
Size:
63.69 KB
patch
obsolete
>дек 12 15:24:20 workstation-11-0-alpha20240610-x86-64-20241212.localdomain systemd[1]: /run/systemd/generator.late/snortd.service:16: PIDFile= references a path below legacy directory /var/run/, updating /var/run/snort.pid â /run/snort.pid; please update the unit file accordingly. >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain systemd[1]: /run/systemd/generator.late/snortd.service:16: PIDFile= references a path below legacy directory /var/run/, updating /var/run/snort.pid â /run/snort.pid; please update the unit file accordingly. >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain systemd[1]: Starting snortd.service - SYSV: snort is a lightweight network intrusion detection tool that... >ââ Subject: ÐаÑинаеÑÑÑ Ð·Ð°Ð¿ÑÑк ÑниÑа snortd.service >ââ Defined-By: systemd >ââ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel >ââ >ââ ÐаÑÐ°Ñ Ð¿ÑоÑеÑÑ Ð·Ð°Ð¿ÑÑка ÑниÑа snortd.service. >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snortd[6696]: egrep: warning: egrep is obsolescent; using grep -E >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Running in IDS mode >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: --== Initializing Snort ==-- >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Initializing Output Plugins! >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Initializing Preprocessors! >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Initializing Plug-ins! >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Parsing Rules file "/etc/snort/snort.conf" >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: PortVar 'HTTP_PORTS' defined : >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: [ 80:81 311 383 591 593 901 1220 1414 1741 1830 2301 2381 2809 3037 3128 3702 4343 4848 5250 6988 7000:7001 7144:7145 7510 7777 7779 8000 8008 8014 8028 8080 8085 8088 8090 8118 8123 8180:8181 8243 8280 8300 8800 8888 8899 9000 9060 9080 9090:9091 9443 9999 11371 34443:34444 41080 50002 55555 ] >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: PortVar 'SHELLCODE_PORTS' defined : >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: [ 0:79 81:65535 ] >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: PortVar 'ORACLE_PORTS' defined : >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: [ 1024:65535 ] >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: PortVar 'SSH_PORTS' defined : >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: [ 22 ] >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: PortVar 'FTP_PORTS' defined : >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: [ 21 2100 3535 ] >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: PortVar 'SIP_PORTS' defined : >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: [ 5060:5061 5600 ] >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: PortVar 'FILE_DATA_PORTS' defined : >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: [ 80:81 110 143 311 383 591 593 901 1220 1414 1741 1830 2301 2381 2809 3037 3128 3702 4343 4848 5250 6988 7000:7001 7144:7145 7510 7777 7779 8000 8008 8014 8028 8080 8085 8088 8090 8118 8123 8180:8181 8243 8280 8300 8800 8888 8899 9000 9060 9080 9090:9091 9443 9999 11371 34443:34444 41080 50002 55555 ] >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: PortVar 'GTP_PORTS' defined : >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: [ 2123 2152 3386 ] >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Detection: >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Search-Method = AC-Full-Q >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Split Any/Any group = enabled >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Search-Method-Optimizations = enabled >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Maximum pattern length = 20 >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Tagged Packet Limit: 256 >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Loading dynamic engine /usr/lib64/snort/dynamicengine/libsf_engine.so... >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: done >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Loading all dynamic detection libs from /usr/lib64/snort/dynamicrules... >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: WARNING: No dynamic libraries found in directory /usr/lib64/snort/dynamicrules. >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Finished Loading all dynamic detection libs from /usr/lib64/snort/dynamicrules >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Loading all dynamic preprocessor libs from /usr/lib64/snort/dynamicpreprocessor/... >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Loading dynamic preprocessor library /usr/lib64/snort/dynamicpreprocessor//libsf_gtp_preproc.so... >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: done >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Loading dynamic preprocessor library /usr/lib64/snort/dynamicpreprocessor//libsf_ssh_preproc.so... >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: done >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Loading dynamic preprocessor library /usr/lib64/snort/dynamicpreprocessor//libsf_dnp3_preproc.so... >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: done >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Loading dynamic preprocessor library /usr/lib64/snort/dynamicpreprocessor//libsf_sip_preproc.so... >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: done >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Loading dynamic preprocessor library /usr/lib64/snort/dynamicpreprocessor//libsf_appid_preproc.so... >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: done >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Loading dynamic preprocessor library /usr/lib64/snort/dynamicpreprocessor//libsf_modbus_preproc.so... >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: done >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Loading dynamic preprocessor library /usr/lib64/snort/dynamicpreprocessor//libsf_ssl_preproc.so... >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: done >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Loading dynamic preprocessor library /usr/lib64/snort/dynamicpreprocessor//libsf_dns_preproc.so... >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: done >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Loading dynamic preprocessor library /usr/lib64/snort/dynamicpreprocessor//libsf_s7commplus_preproc.so... >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: done >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Loading dynamic preprocessor library /usr/lib64/snort/dynamicpreprocessor//libsf_pop_preproc.so... >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: done >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Loading dynamic preprocessor library /usr/lib64/snort/dynamicpreprocessor//libsf_reputation_preproc.so... >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: done >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Loading dynamic preprocessor library /usr/lib64/snort/dynamicpreprocessor//libsf_dce2_preproc.so... >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: done >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Loading dynamic preprocessor library /usr/lib64/snort/dynamicpreprocessor//libsf_sdf_preproc.so... >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: done >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Loading dynamic preprocessor library /usr/lib64/snort/dynamicpreprocessor//libsf_imap_preproc.so... >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: done >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Loading dynamic preprocessor library /usr/lib64/snort/dynamicpreprocessor//libsf_ftptelnet_preproc.so... >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: done >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Loading dynamic preprocessor library /usr/lib64/snort/dynamicpreprocessor//libsf_smtp_preproc.so... >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: done >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Finished Loading all dynamic preprocessor libs from /usr/lib64/snort/dynamicpreprocessor/ >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Log directory = /var/log/snort/ens19 >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: WARNING: ip4 normalizations disabled because not inline. >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: WARNING: tcp normalizations disabled because not inline. >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: WARNING: icmp4 normalizations disabled because not inline. >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: WARNING: ip6 normalizations disabled because not inline. >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: WARNING: icmp6 normalizations disabled because not inline. >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Frag3 global config: >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Max frags: 65536 >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Fragment memory cap: 4194304 bytes >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Frag3 engine config: >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Bound Address: default >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Target-based policy: WINDOWS >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Fragment timeout: 180 seconds >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Fragment min_ttl: 1 >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Fragment Anomalies: Alert >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Overlap Limit: 10 >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Min fragment Length: 100 >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Max Expected Streams: 768 >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Stream global config: >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Track TCP sessions: ACTIVE >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Max TCP sessions: 262144 >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: TCP cache pruning timeout: 30 seconds >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: TCP cache nominal timeout: 3600 seconds >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Memcap (for reassembly packet storage): 8388608 >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Track UDP sessions: ACTIVE >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Max UDP sessions: 131072 >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: UDP cache pruning timeout: 30 seconds >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: UDP cache nominal timeout: 180 seconds >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Track ICMP sessions: INACTIVE >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Track IP sessions: INACTIVE >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Log info if session memory consumption exceeds 1048576 >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Send up to 2 active responses >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Wait at least 5 seconds between responses >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Protocol Aware Flushing: ACTIVE >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Maximum Flush Point: 16000 >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Stream TCP Policy config: >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Bound Address: default >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Reassembly Policy: WINDOWS >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Timeout: 180 seconds >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Limit on TCP Overlaps: 10 >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Maximum number of bytes to queue per session: 1048576 >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Maximum number of segs to queue per session: 2621 >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Options: >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Require 3-Way Handshake: YES >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: 3-Way Handshake Timeout: 180 >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Detect Anomalies: YES >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Reassembly Ports: >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: 21 client (Footprint) >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: 22 client (Footprint) >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: 23 client (Footprint) >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: 25 client (Footprint) >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: 42 client (Footprint) >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: 53 client (Footprint) >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: 79 client (Footprint) >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: 80 client (Footprint) server (Footprint) >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: 81 client (Footprint) server (Footprint) >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: 109 client (Footprint) >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: 110 client (Footprint) >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: 111 client (Footprint) >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: 113 client (Footprint) >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: 119 client (Footprint) >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: 135 client (Footprint) >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: 136 client (Footprint) >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: 137 client (Footprint) >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: 139 client (Footprint) >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: 143 client (Footprint) >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: 161 client (Footprint) >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: additional ports configured but not printed. >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Stream UDP Policy config: >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Timeout: 180 seconds >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: HttpInspect Config: >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: GLOBAL CONFIG >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Detect Proxy Usage: NO >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: IIS Unicode Map Filename: /etc/snort/unicode.map >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: IIS Unicode Map Codepage: 1252 >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Memcap used for logging URI and Hostname: 150994944 >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Max Gzip Memory: 838860 >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Max Gzip Sessions: 1807 >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Gzip Compress Depth: 65535 >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Gzip Decompress Depth: 65535 >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Normalize Random Nulls in Text: NO >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: DEFAULT SERVER CONFIG: >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Server profile: All >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Ports (PAF): 80 81 311 383 591 593 901 1220 1414 1741 1830 2301 2381 2809 3037 3128 3702 4343 4848 5250 6988 7000 7001 7144 7145 7510 7777 7779 8000 8008 8014 8028 8080 8085 8088 8090 8118 8123 8180 8181 8243 8280 8300 8800 8888 8899 9000 9060 9080 9090 9091 9443 9999 11371 34443 34444 41080 50002 55555 >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Server Flow Depth: 0 >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Client Flow Depth: 0 >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Max Chunk Length: 500000 >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Small Chunk Length Evasion: chunk size <= 10, threshold >= 5 times >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Max Header Field Length: 750 >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Max Number Header Fields: 100 >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Max Number of WhiteSpaces allowed with header folding: 200 >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Inspect Pipeline Requests: YES >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: URI Discovery Strict Mode: NO >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Allow Proxy Usage: NO >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Disable Alerting: NO >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Oversize Dir Length: 500 >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Only inspect URI: NO >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Normalize HTTP Headers: NO >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Inspect HTTP Cookies: YES >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Inspect HTTP Responses: YES >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Extract Gzip from responses: YES >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Decompress response files: >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Unlimited decompression of gzip data from responses: YES >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Normalize Javascripts in HTTP Responses: YES >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Max Number of WhiteSpaces allowed with Javascript Obfuscation in HTTP responses: 200 >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Normalize HTTP Cookies: NO >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Enable XFF and True Client IP: NO >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Log HTTP URI data: NO >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Log HTTP Hostname data: NO >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Extended ASCII code support in URI: NO >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Ascii: YES alert: NO >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Double Decoding: YES alert: NO >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: %U Encoding: YES alert: YES >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Bare Byte: YES alert: NO >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: UTF 8: YES alert: NO >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: IIS Unicode: YES alert: NO >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Multiple Slash: YES alert: NO >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: IIS Backslash: YES alert: NO >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Directory Traversal: YES alert: NO >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Web Root Traversal: YES alert: NO >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Apache WhiteSpace: YES alert: NO >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: IIS Delimiter: YES alert: NO >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: IIS Unicode Map: GLOBAL IIS UNICODE MAP CONFIG >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Non-RFC Compliant Characters: 0x00 0x01 0x02 0x03 0x04 0x05 0x06 0x07 >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Whitespace Characters: 0x09 0x0b 0x0c 0x0d >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Legacy mode: NO >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: rpc_decode arguments: >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Ports to decode RPC on: 111 32770 32771 32772 32773 32774 32775 32776 32777 32778 32779 >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: alert_fragments: INACTIVE >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: alert_large_fragments: INACTIVE >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: alert_incomplete: INACTIVE >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: alert_multiple_requests: INACTIVE >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: FTPTelnet Config: >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: GLOBAL CONFIG >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Inspection Type: stateful >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Check for Encrypted Traffic: YES alert: NO >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Continue to check encrypted data: YES >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: TELNET CONFIG: >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Ports: 23 >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Are You There Threshold: 20 >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Normalize: YES >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Detect Anomalies: YES >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: FTP CONFIG: >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: FTP Server: default >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Ports (PAF): 21 2100 3535 >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Check for Telnet Cmds: YES alert: YES >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Ignore Telnet Cmd Operations: YES alert: YES >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Ignore open data channels: NO >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: FTP Client: default >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Check for Bounce Attacks: YES alert: YES >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Check for Telnet Cmds: YES alert: YES >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Ignore Telnet Cmd Operations: YES alert: YES >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Max Response Length: 256 >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: SMTP Config: >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Ports: 25 465 587 691 >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Inspection Type: Stateful >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Normalize: ATRN AUTH BDAT DATA DEBUG EHLO EMAL ESAM ESND ESOM ETRN EVFY EXPN HELO HELP IDENT MAIL NOOP ONEX QUEU QUIT RCPT RSET SAML SEND STARTTLS SOML TICK TIME TURN TURNME VERB VRFY X-EXPS XADR XAUTH XCIR XEXCH50 XGEN XLICENSE X-LINK2STATE XQUE XSTA XTRN XUSR CHUNKING X-ADAT X-DRCP X-ERCP X-EXCH50 >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Ignore Data: No >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Ignore TLS Data: No >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Ignore SMTP Alerts: No >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Max Command Line Length: 512 >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Max auth Command Line Length: 1000 >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Max Specific Command Line Length: >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: ATRN:255 AUTH:246 BDAT:255 DATA:246 DEBUG:255 >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: EHLO:500 EMAL:255 ESAM:255 ESND:255 ESOM:255 >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: ETRN:246 EVFY:255 EXPN:255 HELO:500 HELP:500 >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: IDENT:255 MAIL:260 NOOP:255 ONEX:246 QUEU:246 >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: QUIT:246 RCPT:300 RSET:246 SAML:246 SEND:246 >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: SIZE:255 STARTTLS:246 SOML:246 TICK:246 TIME:246 >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: TURN:246 TURNME:246 VERB:246 VRFY:255 X-EXPS:246 >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: XADR:246 XAUTH:246 XCIR:246 XEXCH50:246 XGEN:246 >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: XLICENSE:246 X-LINK2STATE:246 XQUE:246 XSTA:246 XTRN:246 >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: XUSR:246 >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Max Header Line Length: 1000 >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Max Response Line Length: 512 >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: X-Link2State Alert: Yes >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Drop on X-Link2State Alert: No >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Alert on commands: None >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Alert on unknown commands: No >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: SMTP Memcap: 838860 >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: MIME Max Mem: 838860 >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Base64 Decoding: Enabled >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Base64 Decoding Depth: Unlimited >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Quoted-Printable Decoding: Enabled >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Quoted-Printable Decoding Depth: Unlimited >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Unix-to-Unix Decoding: Enabled >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Unix-to-Unix Decoding Depth: Unlimited >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Non-Encoded MIME attachment Extraction: Enabled >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Non-Encoded MIME attachment Extraction Depth: Unlimited >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Log Attachment filename: Enabled >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Log MAIL FROM Address: Enabled >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Log RCPT TO Addresses: Enabled >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Log Email Headers: Enabled >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Email Hdrs Log Depth: 1464 >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: SSH config: >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Autodetection: ENABLED >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Challenge-Response Overflow Alert: ENABLED >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: SSH1 CRC32 Alert: ENABLED >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Server Version String Overflow Alert: ENABLED >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Protocol Mismatch Alert: ENABLED >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Bad Message Direction Alert: DISABLED >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Bad Payload Size Alert: DISABLED >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Unrecognized Version Alert: DISABLED >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Max Encrypted Packets: 20 >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Max Server Version String Length: 100 >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: MaxClientBytes: 19600 (Default) >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Ports: >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: 22 >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: DCE/RPC 2 Preprocessor Configuration >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Global Configuration >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: DCE/RPC Defragmentation: Enabled >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Memcap: 102400 KB >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Events: co >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: SMB Fingerprint policy: Disabled >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Server Default Configuration >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Policy: WinXP >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Detect ports (PAF) >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: SMB: 139 445 >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: TCP: 135 >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: UDP: 135 >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: RPC over HTTP server: 593 >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: RPC over HTTP proxy: None >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Autodetect ports (PAF) >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: SMB: None >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: TCP: 1025-65535 >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: UDP: 1025-65535 >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: RPC over HTTP server: 1025-65535 >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: RPC over HTTP proxy: None >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Invalid SMB shares: C$ D$ ADMIN$ >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Maximum SMB command chaining: 3 commands >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: SMB file inspection: Disabled >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: DNS config: >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: DNS Client rdata txt Overflow Alert: ACTIVE >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Obsolete DNS RR Types Alert: INACTIVE >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Experimental DNS RR Types Alert: INACTIVE >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Ports: >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: 53 >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: SSLPP config: >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Encrypted packets: not inspected >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Ports: >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: 443 465 563 636 989 >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: 992 993 994 995 7801 >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: 7802 7900 7901 7902 7903 >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: 7904 7905 7906 7907 7908 >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: 7909 7910 7911 7912 7913 >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: 7914 7915 7916 7917 7918 >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: 7919 7920 >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Server side data is trusted >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Maximum SSL Heartbeat length: 0 >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Sensitive Data preprocessor config: >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Global Alert Threshold: 25 >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Masked Output: DISABLED >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: SIP config: >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Max number of sessions: 40000 >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Max number of dialogs in a session: 4 (Default) >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Status: ENABLED >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Ignore media channel: DISABLED >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Max URI length: 512 >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Max Call ID length: 80 >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Max Request name length: 20 (Default) >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Max From length: 256 (Default) >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Max To length: 256 (Default) >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Max Via length: 1024 (Default) >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Max Contact length: 512 >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Max Content length: 2048 >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Ports: >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: 5060 >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: 5061 >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: 5600 >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Methods: >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: invite >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: cancel >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: ack >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: bye >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: register >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: options >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: refer >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: subscribe >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: update >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: join >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: info >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: message >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: notify >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: benotify >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: do >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: qauth >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: sprack >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: publish >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: service >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: unsubscribe >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: prack >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: IMAP Config: >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Ports: 143 >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: IMAP Memcap: 838860 >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: MIME Max Mem: 838860 >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Base64 Decoding: Enabled >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Base64 Decoding Depth: Unlimited >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Quoted-Printable Decoding: Enabled >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Quoted-Printable Decoding Depth: Unlimited >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Unix-to-Unix Decoding: Enabled >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Unix-to-Unix Decoding Depth: Unlimited >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Non-Encoded MIME attachment Extraction: Enabled >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Non-Encoded MIME attachment Extraction Depth: Unlimited >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: POP Config: >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Ports: 110 >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: POP Memcap: 838860 >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: MIME Max Mem: 838860 >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Base64 Decoding: Enabled >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Base64 Decoding Depth: Unlimited >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Quoted-Printable Decoding: Enabled >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Quoted-Printable Decoding Depth: Unlimited >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Unix-to-Unix Decoding: Enabled >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Unix-to-Unix Decoding Depth: Unlimited >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Non-Encoded MIME attachment Extraction: Enabled >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Non-Encoded MIME attachment Extraction Depth: Unlimited >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Modbus config: >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Ports: >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: 502 >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: DNP3 config: >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Memcap: 262144 >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Check Link-Layer CRCs: ENABLED >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Ports: >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: 20000 >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Reputation config: >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: WARNING: Can't find any whitelist/blacklist entries. Reputation Preprocessor disabled. >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: +++++++++++++++++++++++++++++++++++++++++++++++++++ >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Initializing rule chains... >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: 0 Snort rules read >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: 0 detection rules >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: 0 decoder rules >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: 0 preprocessor rules >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: 0 Option Chains linked into 0 Chain Headers >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: +++++++++++++++++++++++++++++++++++++++++++++++++++ >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: +-------------------[Rule Port Counts]--------------------------------------- >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: | tcp udp icmp ip >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: | src 0 0 0 0 >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: | dst 0 0 0 0 >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: | any 0 0 0 0 >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: | nc 0 0 0 0 >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: | s+d 0 0 0 0 >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: +---------------------------------------------------------------------------- >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: +-----------------------[detection-filter-config]------------------------------ >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: | memory-cap : 1048576 bytes >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: +-----------------------[detection-filter-rules]------------------------------- >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: | none >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: ------------------------------------------------------------------------------- >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: +-----------------------[rate-filter-config]----------------------------------- >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: | memory-cap : 1048576 bytes >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: +-----------------------[rate-filter-rules]------------------------------------ >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: | none >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: ------------------------------------------------------------------------------- >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: +-----------------------[event-filter-config]---------------------------------- >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: | memory-cap : 1048576 bytes >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: +-----------------------[event-filter-global]---------------------------------- >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: +-----------------------[event-filter-local]----------------------------------- >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: | none >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: +-----------------------[suppression]------------------------------------------ >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: | none >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: ------------------------------------------------------------------------------- >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Rule application order: pass->drop->sdrop->reject->alert->log >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Verifying Preprocessor Configurations! >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: pcap DAQ configured to passive. >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Acquiring network traffic from "ens19". >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6708]: Initializing daemon mode >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6751]: Daemon initialized, signaled parent pid: 6708 >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6707]: Spawning daemon child... >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6707]: My daemon child 6751 lives... >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6707]: Daemon parent exiting (0) >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6751]: Reload thread starting... >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6751]: Reload thread started, thread 0x7fb36be826c0 (6754) >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snortd[6689]: Starting snort(ens19) service: [ DONE ] >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain systemd[1]: snortd.service: Can't open PID file /run/snort.pid (yet?) after start: No such file or directory >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6751]: Decoding Ethernet >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6751]: Chroot directory = /var/log/snort/ens19 >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6751]: Set gid to 946 >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6751]: Set uid to 977 >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6751]: Checking PID path... >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6751]: WARNING: _PATH_VARRUN is invalid, trying /var/log/ ... >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6751]: WARNING: /var/log/ is invalid, logging Snort PID path to log directory (/). >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6751]: Writing PID "6751" to file "///snort_ens19.pid" >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6751]: >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6751]: --== Initialization Complete ==-- >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6751]: >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6751]: ,,_ -*> Snort! <*- >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6751]: o" )~ Version 2.9.17.1 GRE (Build 1013) >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6751]: '''' By Martin Roesch & The Snort Team: http://www.snort.org/contact#team >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6751]: Copyright (C) 2014-2021 Cisco and/or its affiliates. All rights reserved. >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6751]: Copyright (C) 1998-2013 Sourcefire, Inc., et al. >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6751]: Using libpcap version 1.10.4 (with TPACKET_V3) >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6751]: Using PCRE version: 8.45 2021-06-15 >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6751]: Using ZLIB version: 1.3.1 >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6751]: >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6751]: Rules Engine: SF_SNORT_DETECTION_ENGINE Version 3.1 <Build 1> >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6751]: Preprocessor Object: SF_SMTP Version 1.1 <Build 9> >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6751]: Preprocessor Object: SF_FTPTELNET Version 1.2 <Build 13> >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6751]: Preprocessor Object: SF_IMAP Version 1.0 <Build 1> >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6751]: Preprocessor Object: SF_SDF Version 1.1 <Build 1> >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6751]: Preprocessor Object: SF_DCERPC2 Version 1.0 <Build 3> >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6751]: Preprocessor Object: SF_REPUTATION Version 1.1 <Build 1> >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6751]: Preprocessor Object: SF_POP Version 1.0 <Build 1> >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6751]: Preprocessor Object: SF_S7COMMPLUS Version 1.0 <Build 1> >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6751]: Preprocessor Object: SF_DNS Version 1.1 <Build 4> >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6751]: Preprocessor Object: SF_SSLPP Version 1.1 <Build 4> >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6751]: Preprocessor Object: SF_MODBUS Version 1.1 <Build 1> >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6751]: Preprocessor Object: appid Version 1.1 <Build 5> >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6751]: Preprocessor Object: SF_SIP Version 1.1 <Build 1> >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6751]: Preprocessor Object: SF_DNP3 Version 1.1 <Build 1> >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6751]: Preprocessor Object: SF_SSH Version 1.1 <Build 3> >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6751]: Preprocessor Object: SF_GTP Version 1.1 <Build 1> >дек 12 15:24:21 workstation-11-0-alpha20240610-x86-64-20241212.localdomain snort[6751]: Commencing packet processing (pid=6751)
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=17378">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 32823
:
6885
| 17378
