Comments for Inliniac

Comment on File extraction in Suricata by Petrus

Petrus — Mon, 30 Jan 2012 16:49:09 +0000

Thank you. Work in suricata 1.2.1 perfect.

Comment on Differences between Snort and Snort_inline by Victor Julien

Victor Julien — Tue, 17 Jan 2012 10:13:49 +0000

You could try the “strip” command. See “man strip”. I have no experience with it.

Comment on Differences between Snort and Snort_inline by Fred

Fred — Tue, 17 Jan 2012 10:02:28 +0000

I have installed Suricata，I want to downsize Suricata，so I strip Suricata，size is 1.4M，are there any way to make it smaller，thanks a lot.

Comment on Differences between Snort and Snort_inline by Victor Julien

Victor Julien — Tue, 17 Jan 2012 08:58:50 +0000

I’m not involved in Snort or Snort_inline anymore, so please direct your questions on those to http://www.snort.org/

Alternatively, you can have a look at my new IDS/IPS project called Suricata. http://www.openinfosecfoundation.org/

Comment on Differences between Snort and Snort_inline by Fred

Fred — Tue, 17 Jan 2012 08:44:57 +0000

Hello,I am new to snort,if I want to accomplish IPS(intrusion prevention system),could i just install snort_inline??Thank you!!

Comment on File extraction in Suricata by Victor Julien

Victor Julien — Wed, 11 Jan 2012 07:48:15 +0000

2 things to check:

First and foremost, the files.rules file contains example rules. They are all disabled by default. Remove the # before them to enable the rules.

Second, the file extraction is heavily influenced by 3 other settings:
stream.reassembly.depth (defaults to 1mb, set larger if you want to extract larger files)

In the libhtp section, the request-body-limit and response-body-limit settings. Both default to just a few kb, set to 0 or a high value.

Comment on File extraction in Suricata by Petrus

Petrus — Wed, 11 Jan 2012 07:41:07 +0000

Thank you. I left the settings in “File” section in this way:

– file:
enabled: yes
log-dir: files
force-magic: no

I added the rules:

– files.rules

when I run suricata, I do not give any error. Everything is fine, but do not extract any files in /var/log/suricata /files

Best Regards,

Comment on File extraction in Suricata by Victor Julien

Victor Julien — Tue, 10 Jan 2012 17:51:36 +0000

The “filename” in the “file” section does nothing.

log-dir is fine, although the files will go into /var/log/suricata directly. If you enter just “files” there, it goes into /var/log/suricata/files/

Comment on File extraction in Suricata by Petrus

Petrus — Tue, 10 Jan 2012 16:33:49 +0000

Hello,

¿?

outputs:
– console:
enabled: yes
– file:
enabled: yes
filename: /var/log/suricata/suricata.log
log-dir: /var/log/suricata
force-magic: no

Best Regards,

Comment on File extraction in Suricata by Victor Julien

Victor Julien — Tue, 10 Jan 2012 13:50:25 +0000

Indeed. Check the suricata.yaml that is part of the archive or your git checkout for more details.