I have some problem with my IPS. Whenever I go to the Daily Log files there is never any logs available for the Intrusion prevention system. I must go to the log archive and when I view it, there are never any detected portscans, UDP floods, or warnings, which I find puzzling. Instead I have a lot of confusing log entries, like rules not being used. I have all attack patterns selected, with no rule age, and extra warnings for malware enabled. The only time I ever see any logs is when I do a port scan on myself from Shield's Up.
The way the IPS logs makes it look like something is going wrong. There's no log that says "hey, everything is fine!" to let you know it's working right. It's all warnings. Is there anything suspicious with the logs??? Is there any log entry or Telnet command that is used as a way to verify that everything is working OK?
I get thousands of entries in the log that say
DynamicPlugin: Rule [3:XXXXX] not enabled in configuration, rule will not be used.
The last of the logs are from yesterday.
+-----------------------[detection-filter-config]------------------------------ 2018:06:15-12:20:33 mysophosutm snort[15925]: | memory-cap : 1048576 bytes 2018:06:15-12:20:33 mysophosutm snort[15925]: +-----------------------[detection-filter-rules]------------------------------- 2018:06:15-12:20:33 mysophosutm snort[15925]: ------------------------------------------------------------------------------- 2018:06:15-12:20:33 mysophosutm snort[15925]: 2018:06:15-12:20:33 mysophosutm snort[15925]: +-----------------------[rate-filter-config]----------------------------------- 2018:06:15-12:20:33 mysophosutm snort[15925]: | memory-cap : 1048576 bytes 2018:06:15-12:20:33 mysophosutm snort[15925]: +-----------------------[rate-filter-rules]------------------------------------ 2018:06:15-12:20:33 mysophosutm snort[15925]: | none 2018:06:15-12:20:33 mysophosutm snort[15925]: ------------------------------------------------------------------------------- 2018:06:15-12:20:33 mysophosutm snort[15925]: 2018:06:15-12:20:33 mysophosutm snort[15925]: +-----------------------[event-filter-config]---------------------------------- 2018:06:15-12:20:33 mysophosutm snort[15925]: | memory-cap : 1048576 bytes 2018:06:15-12:20:33 mysophosutm snort[15925]: +-----------------------[event-filter-global]---------------------------------- 2018:06:15-12:20:33 mysophosutm snort[15925]: +-----------------------[event-filter-local]----------------------------------- 2018:06:15-12:20:33 mysophosutm snort[15925]: | none 2018:06:15-12:20:33 mysophosutm snort[15925]: +-----------------------[suppression]------------------------------------------ 2018:06:15-12:20:33 mysophosutm snort[15925]: | none 2018:06:15-12:20:33 mysophosutm snort[15925]: ------------------------------------------------------------------------------- 2018:06:15-12:20:33 mysophosutm snort[15925]: Rule application order: activation->dynamic->pass->drop->sdrop->reject->alert->log 2018:06:15-12:20:33 mysophosutm snort[15925]: Max Expected Streams: 15 2018:06:15-12:20:33 mysophosutm snort[15925]: Verifying Preprocessor Configurations! 2018:06:15-12:20:33 mysophosutm snort[15925]: WARNING: flowbits key 'file.hpj' is set but not ever checked. 2018:06:15-12:20:33 mysophosutm snort[15925]: WARNING: flowbits key 'file.maki' is set but not ever checked. 2018:06:15-12:20:33 mysophosutm snort[15925]: WARNING: flowbits key 'file.macho64le' is checked but not ever set. 2018:06:15-12:20:33 mysophosutm snort[15925]: WARNING: flowbits key 'file.r' is set but not ever checked. 2018:06:15-12:20:33 mysophosutm snort[15925]: WARNING: flowbits key 'file.nab' is set but not ever checked. 2018:06:15-12:20:33 mysophosutm snort[15925]: WARNING: flowbits key 'soliddb' is checked but not ever set. 2018:06:15-12:20:33 mysophosutm snort[15925]: WARNING: flowbits key 'file.fpx' is set but not ever checked. 2018:06:15-12:20:33 mysophosutm snort[15925]: WARNING: flowbits key 'file.xz' is set but not ever checked. 2018:06:15-12:20:33 mysophosutm snort[15925]: WARNING: flowbits key 'file.pkp' is checked but not ever set. 2018:06:15-12:20:33 mysophosutm snort[15925]: WARNING: flowbits key 'file.3dm' is set but not ever checked. 2018:06:15-12:20:33 mysophosutm snort[15925]: WARNING: flowbits key 'synergy' is checked but not ever set. 2018:06:15-12:20:33 mysophosutm snort[15925]: WARNING: flowbits key 'file.wmf' is set but not ever checked. 2018:06:15-12:20:33 mysophosutm snort[15925]: WARNING: flowbits key 'file.engtesselate' is set but not ever checked. 2018:06:15-12:20:33 mysophosutm snort[15925]: WARNING: flowbits key 'file.blend.little.32' is set but not ever checked. 2018:06:15-12:20:33 mysophosutm snort[15925]: WARNING: flowbits key 'file.cnt' is set but not ever checked. 2018:06:15-12:20:33 mysophosutm snort[15925]: WARNING: flowbits key 'file.reg' is checked but not ever set. 2018:06:15-12:20:33 mysophosutm snort[15925]: WARNING: flowbits key 'file.rss' is set but not ever checked. 2018:06:15-12:20:33 mysophosutm snort[15925]: WARNING: flowbits key 'qualcom.worldmail.ok' is set but not ever checked. 2018:06:15-12:20:33 mysophosutm snort[15925]: WARNING: flowbits key 'file.fon' is set but not ever checked. 2018:06:15-12:20:33 mysophosutm snort[15925]: WARNING: flowbits key 'file.cur' is set but not ever checked. 2018:06:15-12:20:33 mysophosutm snort[15925]: WARNING: flowbits key 'file.eps' is checked but not ever set. 2018:06:15-12:20:33 mysophosutm snort[15925]: WARNING: flowbits key 'file.hta' is set but not ever checked. 2018:06:15-12:20:33 mysophosutm snort[15925]: WARNING: flowbits key 'file.m4v' is set but not ever checked. 2018:06:15-12:20:33 mysophosutm snort[15925]: WARNING: flowbits key 'file.dbp' is checked but not ever set. 2018:06:15-12:20:33 mysophosutm snort[15925]: WARNING: flowbits key 'file.aiff' is set but not ever checked. 2018:06:15-12:20:33 mysophosutm snort[15925]: WARNING: flowbits key 'file.ani' is set but not ever checked. 2018:06:15-12:20:33 mysophosutm snort[15925]: WARNING: flowbits key 'file.tnef' is checked but not ever set. 2018:06:15-12:20:33 mysophosutm snort[15925]: WARNING: flowbits key 'websocket' is set but not ever checked. 2018:06:15-12:20:33 mysophosutm snort[15925]: WARNING: flowbits key 'AOLAdmin1.1.connection' is set but not ever checked. 2018:06:15-12:20:33 mysophosutm snort[15925]: WARNING: flowbits key 'file.xul' is set but not ever checked. 2018:06:15-12:20:33 mysophosutm snort[15925]: WARNING: flowbits key 'file.bak' is set but not ever checked. 2018:06:15-12:20:33 mysophosutm snort[15925]: WARNING: flowbits key 'file.hhk' is set but not ever checked. 2018:06:15-12:20:33 mysophosutm snort[15925]: WARNING: flowbits key 'backdoor.cybernetic.1.62.rev.conn.1' is set but not ever checked. 2018:06:15-12:20:33 mysophosutm snort[15925]: WARNING: flowbits key 'file.vap' is checked but not ever set. 2018:06:15-12:20:33 mysophosutm snort[15925]: WARNING: flowbits key 'file.usk' is set but not ever checked. 2018:06:15-12:20:33 mysophosutm snort[15925]: WARNING: flowbits key 'file.pecompact' is set but not ever checked. 2018:06:15-12:20:33 mysophosutm snort[15925]: WARNING: flowbits key 'file.regf' is set but not ever checked. 2018:06:15-12:20:33 mysophosutm snort[15925]: WARNING: flowbits key 'file.bz2' is set but not ever checked. 2018:06:15-12:20:33 mysophosutm snort[15925]: WARNING: flowbits key 'backdoor.NetDevil.conn.step1' is set but not ever checked. 2018:06:15-12:20:33 mysophosutm snort[15925]: WARNING: flowbits key 'file.rmf' is set but not ever checked. 2018:06:15-12:20:33 mysophosutm snort[15925]: WARNING: flowbits key 'file.rt' is set but not ever checked. 2018:06:15-12:20:33 mysophosutm snort[15925]: WARNING: flowbits key 'file.collada' is set but not ever checked. 2018:06:15-12:20:33 mysophosutm snort[15925]: WARNING: flowbits key 'pop3.stat' is set but not ever checked. 2018:06:15-12:20:33 mysophosutm snort[15925]: WARNING: flowbits key 'file.eot' is set but not ever checked. 2018:06:15-12:20:33 mysophosutm snort[15925]: WARNING: flowbits key 'file.jnlp' is set but not ever checked. 2018:06:15-12:20:33 mysophosutm snort[15925]: WARNING: flowbits key 'GhostVoice_InitConnection_withpassword' is set but not ever checked. 2018:06:15-12:20:33 mysophosutm snort[15925]: WARNING: flowbits key 'vnc.server.auth.types' is set but not ever checked. 2018:06:15-12:20:33 mysophosutm snort[15925]: WARNING: flowbits key 'lp.cascade' is set but not ever checked. 2018:06:15-12:20:33 mysophosutm snort[15925]: WARNING: flowbits key 'file.job' is set but not ever checked. 2018:06:15-12:20:33 mysophosutm snort[15925]: WARNING: flowbits key 'file.xm' is set but not ever checked. 2018:06:15-12:20:33 mysophosutm snort[15925]: WARNING: flowbits key 'file.flc' is set but not ever checked. 2018:06:15-12:20:33 mysophosutm snort[15925]: WARNING: flowbits key 'acunetix-scan' is checked but not ever set. 2018:06:15-12:20:33 mysophosutm snort[15925]: WARNING: flowbits key 'file.dat' is checked but not ever set. 2018:06:15-12:20:33 mysophosutm snort[15925]: WARNING: flowbits key 'file.rar' is checked but not ever set. 2018:06:15-12:20:33 mysophosutm snort[15925]: WARNING: flowbits key 'file.eml' is checked but not ever set. 2018:06:15-12:20:33 mysophosutm snort[15925]: WARNING: flowbits key 'smb.req.ascii' is checked but not ever set. 2018:06:15-12:20:33 mysophosutm snort[15925]: WARNING: flowbits key 'file.amf' is set but not ever checked. 2018:06:15-12:20:33 mysophosutm snort[15925]: WARNING: flowbits key 'file.msi' is set but not ever checked. 2018:06:15-12:20:33 mysophosutm snort[15925]: WARNING: flowbits key 'file.sln' is checked but not ever set. 2018:06:15-12:20:33 mysophosutm snort[15925]: WARNING: flowbits key 'file.cell' is set but not ever checked. 2018:06:15-12:20:33 mysophosutm snort[15925]: WARNING: flowbits key 'foscam_ua' is set but not ever checked. 2018:06:15-12:20:33 mysophosutm snort[15925]: WARNING: flowbits key 'file.motn' is set but not ever checked. 2018:06:15-12:20:33 mysophosutm snort[15925]: WARNING: flowbits key 'file.qcp' is set but not ever checked. 2018:06:15-12:20:33 mysophosutm snort[15925]: WARNING: flowbits key 'oracle.connect' is set but not ever checked. 2018:06:15-12:20:33 mysophosutm snort[15925]: WARNING: flowbits key 'file.gz' is set but not ever checked. 2018:06:15-12:20:33 mysophosutm snort[15925]: WARNING: flowbits key 'file.dir' is set but not ever checked. 2018:06:15-12:20:33 mysophosutm snort[15925]: 556 out of 1024 flowbits in use. 2018:06:15-12:21:31 mysophosutm snort[15926]:
[ Port Based Pattern Matching Memory ] 2018:06:15-12:21:31 mysophosutm snort[15926]: +-[AC-BNFA Search Info Summary]------------------------------ 2018:06:15-12:21:31 mysophosutm snort[15926]: | Instances : 2409 2018:06:15-12:21:31 mysophosutm snort[15926]: | Patterns : 1043555 2018:06:15-12:21:31 mysophosutm snort[15926]: | Pattern Chars : 22155916 2018:06:15-12:21:31 mysophosutm snort[15926]: | Num States : 14561617 2018:06:15-12:21:31 mysophosutm snort[15926]: | Num Match States : 1620906 2018:06:15-12:21:31 mysophosutm snort[15926]: | Memory : 404.44Mbytes 2018:06:15-12:21:31 mysophosutm snort[15926]: | Patterns : 45.01M 2018:06:15-12:21:31 mysophosutm snort[15926]: | Match Lists : 190.32M 2018:06:15-12:21:31 mysophosutm snort[15926]: | Transitions : 168.54M 2018:06:15-12:21:31 mysophosutm snort[15926]: +------------------------------------------------- 2018:06:15-12:21:31 mysophosutm snort[15926]: [ Number of null byte prefixed patterns trimmed: 23973 ] 2018:06:15-12:21:31 mysophosutm snort[15926]: WARNING: normalizations disabled because DAQ can't replace packets. 2018:06:15-12:21:31 mysophosutm snort[15926]: Session Reload: Reference Count Non-zero for old configuration. 2018:06:15-12:21:31 mysophosutm snort[15926]: 2018:06:15-12:21:31 mysophosutm snort[15926]: --== Reload Complete ==-- 2018:06:15-12:21:31 mysophosutm snort[15926]: 2018:06:15-12:21:32 mysophosutm snort[15925]: 2018:06:15-12:21:32 mysophosutm snort[15925]: [ Port Based Pattern Matching Memory ] 2018:06:15-12:21:32 mysophosutm snort[15925]: +-[AC-BNFA Search Info Summary]------------------------------ 2018:06:15-12:21:32 mysophosutm snort[15925]: | Instances : 2409 2018:06:15-12:21:32 mysophosutm snort[15925]: | Patterns : 1043555 2018:06:15-12:21:32 mysophosutm snort[15925]: | Pattern Chars : 22155916 2018:06:15-12:21:32 mysophosutm snort[15925]: | Num States : 14561617 2018:06:15-12:21:32 mysophosutm snort[15925]: | Num Match States : 1620906 2018:06:15-12:21:32 mysophosutm snort[15925]: | Memory : 404.44Mbytes 2018:06:15-12:21:32 mysophosutm snort[15925]: | Patterns : 45.01M 2018:06:15-12:21:32 mysophosutm snort[15925]: | Match Lists : 190.32M 2018:06:15-12:21:32 mysophosutm snort[15925]: | Transitions : 168.54M 2018:06:15-12:21:32 mysophosutm snort[15925]: +------------------------------------------------- 2018:06:15-12:21:32 mysophosutm snort[15925]: [ Number of null byte prefixed patterns trimmed: 23973 ] 2018:06:15-12:21:33 mysophosutm snort[15925]: WARNING: normalizations disabled because DAQ can't replace packets. 2018:06:15-12:21:33 mysophosutm snort[15925]: Session Reload: Reference Count Non-zero for old configuration. 2018:06:15-12:21:33 mysophosutm snort[15925]: 2018:06:15-12:21:33 mysophosutm snort[15925]: --== Reload Complete ==-- 2018:06:15-12:21:33 mysophosutm snort[15925]: 2018:06:15-12:21:33 mysophosutm snort[15927]: 2018:06:15-12:21:33 mysophosutm snort[15927]: [ Port Based Pattern Matching Memory ] 2018:06:15-12:21:33 mysophosutm snort[15927]: +-[AC-BNFA Search Info Summary]------------------------------ 2018:06:15-12:21:33 mysophosutm snort[15927]: | Instances : 2409 2018:06:15-12:21:33 mysophosutm snort[15927]: | Patterns : 1043555 2018:06:15-12:21:33 mysophosutm snort[15927]: | Pattern Chars : 22155916 2018:06:15-12:21:33 mysophosutm snort[15927]: | Num States : 14561617 2018:06:15-12:21:33 mysophosutm snort[15927]: | Num Match States : 1620906 2018:06:15-12:21:33 mysophosutm snort[15927]: | Memory : 404.44Mbytes 2018:06:15-12:21:33 mysophosutm snort[15927]: | Patterns : 45.01M 2018:06:15-12:21:33 mysophosutm snort[15927]: | Match Lists : 190.32M 2018:06:15-12:21:33 mysophosutm snort[15927]: | Transitions : 168.54M 2018:06:15-12:21:33 mysophosutm snort[15927]: +------------------------------------------------- 2018:06:15-12:21:33 mysophosutm snort[15927]: [ Number of null byte prefixed patterns trimmed: 23973 ] 2018:06:15-12:21:34 mysophosutm snort[15927]: WARNING: normalizations disabled because DAQ can't replace packets. 2018:06:15-12:21:34 mysophosutm snort[15927]: Session Reload: Reference Count Non-zero for old configuration. 2018:06:15-12:21:34 mysophosutm snort[15927]: 2018:06:15-12:21:34 mysophosutm snort[15927]: --== Reload Complete ==-- 2018:06:15-12:21:34 mysophosutm snort[15927]: 2018:06:15-12:21:34 mysophosutm snort[15928]: 2018:06:15-12:21:34 mysophosutm snort[15928]: [ Port Based Pattern Matching Memory ] 2018:06:15-12:21:34 mysophosutm snort[15928]: +-[AC-BNFA Search Info Summary]------------------------------ 2018:06:15-12:21:34 mysophosutm snort[15928]: | Instances : 2409 2018:06:15-12:21:34 mysophosutm snort[15928]: | Patterns : 1043555 2018:06:15-12:21:34 mysophosutm snort[15928]: | Pattern Chars : 22155916 2018:06:15-12:21:34 mysophosutm snort[15928]: | Num States : 14561617 2018:06:15-12:21:34 mysophosutm snort[15928]: | Num Match States : 1620906 2018:06:15-12:21:34 mysophosutm snort[15928]: | Memory : 404.44Mbytes 2018:06:15-12:21:34 mysophosutm snort[15928]: | Patterns : 45.01M 2018:06:15-12:21:34 mysophosutm snort[15928]: | Match Lists : 190.32M 2018:06:15-12:21:34 mysophosutm snort[15928]: | Transitions : 168.54M 2018:06:15-12:21:34 mysophosutm snort[15928]: +------------------------------------------------- 2018:06:15-12:21:34 mysophosutm snort[15928]: [ Number of null byte prefixed patterns trimmed: 23973 ] 2018:06:15-12:21:34 mysophosutm snort[15928]: WARNING: normalizations disabled because DAQ can't replace packets. 2018:06:15-12:21:34 mysophosutm snort[15928]: Session Reload: Reference Count Non-zero for old configuration. 2018:06:15-12:21:34 mysophosutm snort[15928]: 2018:06:15-12:21:34 mysophosutm snort[15928]: --== Reload Complete ==-- 2018:06:15-12:21:34 mysophosutm snort[15928]:
This thread was automatically locked due to age.