Snort mailing list archives
unsubscribe
From: "Ryan McClure (Systems Admin) - United Shipping" <rmcclure () unitedshipping com>
Date: Fri, 11 May 2001 07:45:36 -0600
-----Original Message----- From: snort-users-request () lists sourceforge net [mailto:snort-users-request () lists sourceforge net] Sent: Thursday, May 10, 2001 4:12 PM To: snort-users () lists sourceforge net Subject: Snort-users digest, Vol 1 #633 - 6 msgs Send Snort-users mailing list submissions to snort-users () lists sourceforge net To subscribe or unsubscribe via the World Wide Web, visit http://lists.sourceforge.net/lists/listinfo/snort-users or, via email, send a message with subject or body 'help' to snort-users-request () lists sourceforge net You can reach the person managing the list at snort-users-admin () lists sourceforge net When replying, please edit your Subject line so it is more specific than "Re: Contents of Snort-users digest..." Today's Topics: 1. RE: DNS Query Logging? (Steve Frank) 2. Re: Snort + Acid w/ MySQL question(s) (alexus) 3. Re: Snort + Acid w/ MySQL question(s) (Koaps) 4. Snort won't run (alexus) 5. RE: Snort won't run (Kevin Brown) 6. Re: Snort won't run (alexus) --__--__-- Message: 1 From: Steve Frank <sfrank () midcom-inc com> To: "'snort-users () lists sourceforge net'" <snort-users () lists sourceforge net> Subject: RE: [Snort-users] DNS Query Logging? Date: Thu, 10 May 2001 16:22:05 -0500 Isn't that logged in most default DNS installations anyway? My NSTATS are configured to pop into my syslog all the time--you should be able to see all your query types there--or are you looking for something more specific than that, Jeff? Steve Frank Network Manager Midcom, Inc. -----Original Message----- From: Richard, Jeff [mailto:Jeff-Richard () forum-financial com] Sent: Thursday, May 10, 2001 3:48 PM To: 'snort-users () lists sourceforge net' Subject: [Snort-users] DNS Query Logging? I hope someone can give a hand on this. I need to get a count of how many DNS queries my DNS servers are receiving. What should a rule for DNS queries look like? I'm not failure with DNS traffic, but realize that UDP 53, is the protocol/port, just not sure of any signature(s). -Jeff _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users --__--__-- Message: 2 From: "alexus" <ml () db nexgen com> To: <roman () danyliw com> Cc: <snort-users () lists sourceforge net> Subject: Re: [Snort-users] Snort + Acid w/ MySQL question(s) Date: Thu, 10 May 2001 17:26:25 -0400 mysql> select * from user where user='alexus'; +-----------+--------+------------------+-------------+-------------+------- ------+-------------+-------------+-----------+-------------+--------------- +--------------+-----------+------------+-----------------+------------+---- --------+ | Host | User | Password | Select_priv | Insert_priv | Update_priv | Delete_priv | Create_priv | Drop_priv | Reload_priv | Shutdown_priv | Process_priv | File_priv | Grant_priv | References_priv | Index_priv | Alter_priv | +-----------+--------+------------------+-------------+-------------+------- ------+-------------+-------------+-----------+-------------+--------------- +--------------+-----------+------------+-----------------+------------+---- --------+ | localhost | alexus | 34484ed463a66850 | Y | Y | N | Y | N | N | N | N | N | N | N | N | N | N | +-----------+--------+------------------+-------------+-------------+------- ------+-------------+-------------+-----------+-------------+--------------- +--------------+-----------+------------+-----------------+------------+---- --------+ 1 row in set (0.00 sec) mysql> i copy and paste mysql output to show you that i do have all right privileges i also upgrade acid to 0.9.6b9 (which is latest beta for today) it still doesn't work ----- Original Message ----- From: <roman () danyliw com> To: "alexus" <ml () db nexgen com> Cc: <snort-users () lists sourceforge net> Sent: Thursday, May 10, 2001 11:18 AM Subject: Re: [Snort-users] Snort + Acid w/ MySQL question(s)
One observation: - ACID 0.9.5 does not use ADODB. This DB abstraction was introduced in 0.9.6b2 (Jan 2001). Hence, this addition into acid_conf.php will be ignored. Two recommendations: - are you sure that you have CREATE permissions on the DB user set in acid_conf.php? If all else fails, try using the "create_acid_tbls_mysql.sql" to manually create the ACID tables. - upgrade to a more recent version of ACID => 0.9.6b9. There are significant feature improvements as well as bug fixes. If you prefer an older version, upgrade to at least 0.9.6b1 for it has a number of important bug fixes cheers, RomanI'm using the following: FreeBSD 4.3 - RELEASE (STABLE) ACID-0.9.5 - RELEASE (STABLE) ADODB v1.0.1 - RELEASE (STABLE) PHP - 4.0.5 - RELEASE (STABLE) APACHE - 1.3.19 - RELEASE (STABLE) SNORT - 1.7 - RELEASE (STABLE) to compile snort i used following line: ../configure --with-mysql=/usr/local/mysql;make;make install i did change acid_conf.php i put path to adodb in adodb i put local path in adodb.inc.php when i go to http://localhost/acid it redirects me to acid_main.php and
when
it gets there i get this: The underlying database alexus@localhost apears to be invalid. The database version is valid, but the ACID DB structure (table:
acid_ag) is
not present. Use the Setup page to configure and optimize the DB when i click on "Setup page" in status window i get "DONE" for "Search Indexes" and i have "Create
ACID
AG" for "ACID tables" i'm assuming i need to click on "Create ACID AG",
when
I do that nothing happenes, it won't disappear or it won't change status
to
"DONE".. what am i missing? _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users--------------------------------------------- This message was sent using Voicenet WebMail. http://www.voicenet.com/webmail/
--__--__--
Message: 3
From: "Koaps" <koaps () 2nutz com>
To: <snort-users () lists sourceforge net>
Subject: Re: [Snort-users] Snort + Acid w/ MySQL question(s)
Date: Thu, 10 May 2001 14:48:04 -0700
I am having problems with Snort Logging to mysql too
Orginally I had Snort and MySQL on the same OpenBSD box, this caused MySQL
to crash, alot...
So I installed MySQL on a windows box, which also runs Snort Locally,
Amazingly the windows based Snort/MySQL/ACID works perfectly, and the
OpenBSD snort trying to log to MySQL on windows is failing to write
alerts...
just my two cents worth of crap....
L8rZ,
)\_/(
< o,0 >
~
\ /
KoAps
----- Original Message -----
From: "alexus" <ml () db nexgen com>
To: <roman () danyliw com>
Cc: <snort-users () lists sourceforge net>
Sent: Thursday, May 10, 2001 2:26 PM
Subject: Re: [Snort-users] Snort + Acid w/ MySQL question(s)
mysql> select * from user where user='alexus';
+-----------+--------+------------------+-------------+-------------+-------
------+-------------+-------------+-----------+-------------+---------------
+--------------+-----------+------------+-----------------+------------+----
--------+
| Host | User | Password | Select_priv | Insert_priv |
Update_priv | Delete_priv | Create_priv | Drop_priv | Reload_priv |
Shutdown_priv | Process_priv | File_priv | Grant_priv | References_priv |
Index_priv | Alter_priv |
+-----------+--------+------------------+-------------+-------------+-------
------+-------------+-------------+-----------+-------------+---------------
+--------------+-----------+------------+-----------------+------------+----
--------+
| localhost | alexus | 34484ed463a66850 | Y | Y | N
| Y | N | N | N | N | N
| N | N | N | N | N |
+-----------+--------+------------------+-------------+-------------+-------
------+-------------+-------------+-----------+-------------+---------------
+--------------+-----------+------------+-----------------+------------+----
--------+
1 row in set (0.00 sec)
mysql>
i copy and paste mysql output to show you that i do have all right
privileges
i also upgrade acid to 0.9.6b9 (which is latest beta for today)
it still doesn't work
----- Original Message -----
From: <roman () danyliw com>
To: "alexus" <ml () db nexgen com>
Cc: <snort-users () lists sourceforge net>
Sent: Thursday, May 10, 2001 11:18 AM
Subject: Re: [Snort-users] Snort + Acid w/ MySQL question(s)
One observation: - ACID 0.9.5 does not use ADODB. This DB abstraction was introduced in 0.9.6b2 (Jan 2001). Hence, this addition into acid_conf.php will be ignored. Two recommendations: - are you sure that you have CREATE permissions on the DB user set in acid_conf.php? If all else fails, try using the "create_acid_tbls_mysql.sql" to manually create the ACID tables. - upgrade to a more recent version of ACID => 0.9.6b9. There are significant feature improvements as well as bug fixes. If you prefer an older version, upgrade to at least 0.9.6b1 for it has a number of important bug fixes cheers, RomanI'm using the following: FreeBSD 4.3 - RELEASE (STABLE) ACID-0.9.5 - RELEASE (STABLE) ADODB v1.0.1 - RELEASE (STABLE) PHP - 4.0.5 - RELEASE (STABLE) APACHE - 1.3.19 - RELEASE (STABLE) SNORT - 1.7 - RELEASE (STABLE) to compile snort i used following line: ../configure --with-mysql=/usr/local/mysql;make;make install i did change acid_conf.php i put path to adodb in adodb i put local path in adodb.inc.php when i go to http://localhost/acid it redirects me to acid_main.php and
when
it gets there i get this: The underlying database alexus@localhost apears to be invalid. The database version is valid, but the ACID DB structure (table:
acid_ag) is
not present. Use the Setup page to configure and optimize the DB when i click on "Setup page" in status window i get "DONE" for "Search Indexes" and i have "Create
ACID
AG" for "ACID tables" i'm assuming i need to click on "Create ACID AG",
when
I do that nothing happenes, it won't disappear or it won't change status
to
"DONE".. what am i missing? _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users--------------------------------------------- This message was sent using Voicenet WebMail. http://www.voicenet.com/webmail/
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users --__--__-- Message: 4 From: "alexus" <ml () db nexgen com> To: <snort-users () lists sourceforge net> Date: Thu, 10 May 2001 17:49:38 -0400 Subject: [Snort-users] Snort won't run i'm using snort 1.7 with latest set of rules for some reason it won't run, any ideas? su-2.04# /usr/local/bin/snort -c /usr/local/bin/rules/snort.conf --== Initializing Snort ==-- Initializing Network Interface fxp0 Decoding Ethernet on interface fxp0 Initializing Preprocessors! Initializing Plug-ins! Initializating Output Plugins! +++++++++++++++++++++++++++++++++++++++++++++++++++ Initializing rule chains... *WARNING*: unknown preprocessor "stream2", ignoring! *WARNING*: unknown preprocessor "rpc_decode", ignoring! *WARNING*: unknown preprocessor "bo", ignoring! *WARNING*: unknown preprocessor "telnet_decode", ignoring! database: compiled support for ( mysql ) database: configured to use mysql database: user = alexus database: database name = alexus database: password is set database: host = localhost database: sensor name = 64.81.208.245 database: sensor id = 1 database: using the "log" facility Error: Unknown config: classification su-2.04# what am i doin wrong now? --__--__-- Message: 5 Date: Thu, 10 May 2001 14:56:12 -0700 From: Kevin Brown <Kevin.M.Brown () asu edu> Subject: RE: [Snort-users] Snort won't run To: 'alexus' <ml () db nexgen com>, snort-users () lists sourceforge net This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C0D99C.07192D70 Content-Type: text/plain; charset="iso-8859-1" looks like you are missing a file. do you have a classification.config file in the directory with your .rules files. If yes, then do you have it included in snort.conf along with the rules? -----Original Message----- From: alexus [mailto:ml () db nexgen com] Sent: Thursday, May 10, 2001 14:50 To: snort-users () lists sourceforge net Subject: [Snort-users] Snort won't run i'm using snort 1.7 with latest set of rules for some reason it won't run, any ideas? su-2.04# /usr/local/bin/snort -c /usr/local/bin/rules/snort.conf --== Initializing Snort ==-- Initializing Network Interface fxp0 Decoding Ethernet on interface fxp0 Initializing Preprocessors! Initializing Plug-ins! Initializating Output Plugins! +++++++++++++++++++++++++++++++++++++++++++++++++++ Initializing rule chains... *WARNING*: unknown preprocessor "stream2", ignoring! *WARNING*: unknown preprocessor "rpc_decode", ignoring! *WARNING*: unknown preprocessor "bo", ignoring! *WARNING*: unknown preprocessor "telnet_decode", ignoring! database: compiled support for ( mysql ) database: configured to use mysql database: user = alexus database: database name = alexus database: password is set database: host = localhost database: sensor name = 64.81.208.245 database: sensor id = 1 database: using the "log" facility Error: Unknown config: classification su-2.04# what am i doin wrong now? _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------_=_NextPart_001_01C0D99C.07192D70 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> <HTML> <HEAD> <META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; = charset=3Diso-8859-1"> <META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version = 5.5.2653.12"> <TITLE>RE: [Snort-users] Snort won't run</TITLE> </HEAD> <BODY> <P><FONT SIZE=3D2>looks like you are missing a file. do you have = a classification.config file in the directory with your .rules = files. If yes, then do you have it included in snort.conf along = with the rules?</FONT></P> <P><FONT SIZE=3D2>-----Original Message-----</FONT> <BR><FONT SIZE=3D2>From: alexus [<A = HREF=3D"mailto:ml () db nexgen com">mailto:ml () db nexgen com</A>]</FONT> <BR><FONT SIZE=3D2>Sent: Thursday, May 10, 2001 14:50</FONT> <BR><FONT SIZE=3D2>To: snort-users () lists sourceforge net</FONT> <BR><FONT SIZE=3D2>Subject: [Snort-users] Snort won't run</FONT> </P> <BR> <P><FONT SIZE=3D2>i'm using snort 1.7 with latest set of rules</FONT> </P> <P><FONT SIZE=3D2>for some reason it won't run, any ideas?</FONT> </P> <P><FONT SIZE=3D2>su-2.04# /usr/local/bin/snort -c = /usr/local/bin/rules/snort.conf</FONT> </P> <P><FONT SIZE=3D2> --=3D=3D = Initializing Snort =3D=3D--</FONT> </P> <P><FONT SIZE=3D2>Initializing Network Interface fxp0</FONT> <BR><FONT SIZE=3D2>Decoding Ethernet on interface fxp0</FONT> <BR><FONT SIZE=3D2>Initializing Preprocessors!</FONT> <BR><FONT SIZE=3D2>Initializing Plug-ins!</FONT> <BR><FONT SIZE=3D2>Initializating Output Plugins!</FONT> </P> <P><FONT = SIZE=3D2>+++++++++++++++++++++++++++++++++++++++++++++++++++</FONT> <BR><FONT SIZE=3D2>Initializing rule chains...</FONT> </P> <P><FONT SIZE=3D2>*WARNING*: unknown preprocessor "stream2", = ignoring!</FONT> </P> <BR> <P><FONT SIZE=3D2>*WARNING*: unknown preprocessor = "rpc_decode", ignoring!</FONT> </P> <BR> <P><FONT SIZE=3D2>*WARNING*: unknown preprocessor "bo", = ignoring!</FONT> </P> <BR> <P><FONT SIZE=3D2>*WARNING*: unknown preprocessor = "telnet_decode", ignoring!</FONT> </P> <P><FONT SIZE=3D2>database: compiled support for ( mysql )</FONT> <BR><FONT SIZE=3D2>database: configured to use mysql</FONT> <BR><FONT = SIZE=3D2>database: = user =3D alexus</FONT> <BR><FONT SIZE=3D2>database: database name =3D alexus</FONT> <BR><FONT SIZE=3D2>database: password is set</FONT> <BR><FONT = SIZE=3D2>database: = host =3D localhost</FONT> <BR><FONT SIZE=3D2>database: sensor name =3D = 64.81.208.245</FONT> <BR><FONT SIZE=3D2>database: sensor id =3D = 1</FONT> <BR><FONT SIZE=3D2>database: using the "log" facility</FONT> <BR><FONT SIZE=3D2>Error: Unknown config: classification</FONT> <BR><FONT SIZE=3D2>su-2.04# </FONT> </P> <P><FONT SIZE=3D2>what am i doin wrong now?</FONT> </P> <BR> <P><FONT = SIZE=3D2>_______________________________________________</FONT> <BR><FONT SIZE=3D2>Snort-users mailing list</FONT> <BR><FONT SIZE=3D2>Snort-users () lists sourceforge net</FONT> <BR><FONT SIZE=3D2>Go to this URL to change user options or = unsubscribe:</FONT> <BR><FONT SIZE=3D2><A = HREF=3D"http://lists.sourceforge.net/lists/listinfo/snort-users"; = TARGET=3D"_blank">http://lists.sourceforge.net/lists/listinfo/snort-user= s</A></FONT> <BR><FONT SIZE=3D2>Snort-users list archive:</FONT> <BR><FONT SIZE=3D2><A = HREF=3D"http://www.geocrawler.com/redir-sf.php3?list=3Dsnort-users"; = TARGET=3D"_blank">http://www.geocrawler.com/redir-sf.php3?list=3Dsnort-u= sers</A></FONT> </P> </BODY> </HTML> ------_=_NextPart_001_01C0D99C.07192D70-- --__--__-- Message: 6 From: "alexus" <ml () db nexgen com> To: "Kevin Brown" <Kevin.M.Brown () asu edu>, <snort-users () lists sourceforge net> Subject: Re: [Snort-users] Snort won't run Date: Thu, 10 May 2001 18:10:38 -0400 This is a multi-part message in MIME format. ------=_NextPart_000_0035_01C0D97C.84409150 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable RE: [Snort-users] Snort won't runyes I do, I belive it came with = snortrules.tgz file su-2.04# ls -al /usr/local/bin/rules/classification.config=20 -rw-r--r-- 1 root users 1899 Apr 20 08:11 = /usr/local/bin/rules/classification.config su-2.04#=20 just in case in snort.conf i change following line from this=20 include classification.config to this include /usr/local/bin/rules/classification.config still same error ----- Original Message -----=20 From: Kevin Brown=20 To: 'alexus' ; snort-users () lists sourceforge net=20 Sent: Thursday, May 10, 2001 5:56 PM Subject: RE: [Snort-users] Snort won't run looks like you are missing a file. do you have a = classification.config file in the directory with your .rules files. If = yes, then do you have it included in snort.conf along with the rules? -----Original Message-----=20 From: alexus [mailto:ml () db nexgen com]=20 Sent: Thursday, May 10, 2001 14:50=20 To: snort-users () lists sourceforge net=20 Subject: [Snort-users] Snort won't run=20 i'm using snort 1.7 with latest set of rules=20 for some reason it won't run, any ideas?=20 su-2.04# /usr/local/bin/snort -c /usr/local/bin/rules/snort.conf=20 --=3D=3D Initializing Snort =3D=3D--=20 Initializing Network Interface fxp0=20 Decoding Ethernet on interface fxp0=20 Initializing Preprocessors!=20 Initializing Plug-ins!=20 Initializating Output Plugins!=20 +++++++++++++++++++++++++++++++++++++++++++++++++++=20 Initializing rule chains...=20 *WARNING*: unknown preprocessor "stream2", ignoring!=20 *WARNING*: unknown preprocessor "rpc_decode", ignoring!=20 *WARNING*: unknown preprocessor "bo", ignoring!=20 *WARNING*: unknown preprocessor "telnet_decode", ignoring!=20 database: compiled support for ( mysql )=20 database: configured to use mysql=20 database: user =3D alexus=20 database: database name =3D alexus=20 database: password is set=20 database: host =3D localhost=20 database: sensor name =3D 64.81.208.245=20 database: sensor id =3D 1=20 database: using the "log" facility=20 Error: Unknown config: classification=20 su-2.04#=20 what am i doin wrong now?=20 _______________________________________________=20 Snort-users mailing list=20 Snort-users () lists sourceforge net=20 Go to this URL to change user options or unsubscribe:=20 http://lists.sourceforge.net/lists/listinfo/snort-users=20 Snort-users list archive:=20 http://www.geocrawler.com/redir-sf.php3?list=3Dsnort-users=20 ------=_NextPart_000_0035_01C0D97C.84409150 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD><TITLE>RE: [Snort-users] Snort won't run</TITLE> <META http-equiv=3DContent-Type content=3D"text/html; = charset=3Diso-8859-1"> <META content=3D"MSHTML 5.50.4613.1700" name=3DGENERATOR> <STYLE></STYLE> </HEAD> <BODY bgColor=3D#ffffff> <DIV><FONT size=3D2>yes I do, I belive it came with snortrules.tgz=20 file</FONT></DIV> <DIV><FONT size=3D2></FONT> </DIV> <DIV><FONT size=3D2>su-2.04# ls -al = /usr/local/bin/rules/classification.config=20 <BR>-rw-r--r-- 1 root users 1899 Apr 20 08:11=20 /usr/local/bin/rules/classification.config<BR>su-2.04# </FONT></DIV> <DIV><FONT size=3D2></FONT> </DIV> <DIV><FONT size=3D2>just in case in snort.conf i change</FONT></DIV> <DIV><FONT size=3D2></FONT> </DIV> <DIV><FONT size=3D2>following line from this </FONT></DIV> <DIV><FONT size=3D2>include classification.config</FONT></DIV> <DIV><FONT size=3D2>to this</FONT></DIV> <DIV><FONT size=3D2>include=20 /usr/local/bin/rules/classification.config</FONT></DIV> <DIV><FONT size=3D2>still same error</FONT></DIV> <BLOCKQUOTE dir=3Dltr=20 style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; = BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px"> <DIV style=3D"FONT: 10pt arial">----- Original Message ----- </DIV> <DIV=20 style=3D"BACKGROUND: #e4e4e4; FONT: 10pt arial; font-color: = black"><B>From:</B>=20 <A title=3DKevin.M.Brown () asu edu = href=3D"mailto:Kevin.M.Brown () asu edu">Kevin=20 Brown</A> </DIV> <DIV style=3D"FONT: 10pt arial"><B>To:</B> <A title=3Dml () db nexgen com = href=3D"mailto:ml () db nexgen com">'alexus'</A> ; <A=20 title=3Dsnort-users () lists sourceforge net=20 = href=3D"mailto:snort-users () lists sourceforge net">snort-users@lists.sourc= eforge.net</A>=20 </DIV> <DIV style=3D"FONT: 10pt arial"><B>Sent:</B> Thursday, May 10, 2001 = 5:56=20 PM</DIV> <DIV style=3D"FONT: 10pt arial"><B>Subject:</B> RE: [Snort-users] = Snort won't=20 run</DIV> <DIV><BR></DIV> <P><FONT size=3D2>looks like you are missing a file. do you have = a=20 classification.config file in the directory with your .rules = files. If=20 yes, then do you have it included in snort.conf along with the=20 rules?</FONT></P> <P><FONT size=3D2>-----Original Message-----</FONT> <BR><FONT = size=3D2>From:=20 alexus [<A = href=3D"mailto:ml () db nexgen com">mailto:ml () db nexgen com</A>]</FONT>=20 <BR><FONT size=3D2>Sent: Thursday, May 10, 2001 14:50</FONT> <BR><FONT = size=3D2>To: <A=20 = href=3D"mailto:snort-users () lists sourceforge net">snort-users@lists.sourc= eforge.net</A></FONT>=20 <BR><FONT size=3D2>Subject: [Snort-users] Snort won't run</FONT> = </P><BR> <P><FONT size=3D2>i'm using snort 1.7 with latest set of rules</FONT> = </P> <P><FONT size=3D2>for some reason it won't run, any ideas?</FONT> </P> <P><FONT size=3D2>su-2.04# /usr/local/bin/snort -c=20 /usr/local/bin/rules/snort.conf</FONT> </P> <P><FONT size=3D2> --=3D=3D = Initializing=20 Snort =3D=3D--</FONT> </P> <P><FONT size=3D2>Initializing Network Interface fxp0</FONT> <BR><FONT = size=3D2>Decoding Ethernet on interface fxp0</FONT> <BR><FONT=20 size=3D2>Initializing Preprocessors!</FONT> <BR><FONT = size=3D2>Initializing=20 Plug-ins!</FONT> <BR><FONT size=3D2>Initializating Output = Plugins!</FONT> </P> <P><FONT = size=3D2>+++++++++++++++++++++++++++++++++++++++++++++++++++</FONT>=20 <BR><FONT size=3D2>Initializing rule chains...</FONT> </P> <P><FONT size=3D2>*WARNING*: unknown preprocessor "stream2", = ignoring!</FONT>=20 </P><BR> <P><FONT size=3D2>*WARNING*: unknown preprocessor "rpc_decode", = ignoring!</FONT>=20 </P><BR> <P><FONT size=3D2>*WARNING*: unknown preprocessor "bo", = ignoring!</FONT>=20 </P><BR> <P><FONT size=3D2>*WARNING*: unknown preprocessor "telnet_decode",=20 ignoring!</FONT> </P> <P><FONT size=3D2>database: compiled support for ( mysql )</FONT> = <BR><FONT=20 size=3D2>database: configured to use mysql</FONT> <BR><FONT=20 = size=3D2>database: = user =3D=20 alexus</FONT> <BR><FONT size=3D2>database: database name =3D = alexus</FONT>=20 <BR><FONT size=3D2>database: password is set</FONT> <BR><FONT=20 = size=3D2>database: = host =3D=20 localhost</FONT> <BR><FONT size=3D2>database: sensor name = =3D=20 64.81.208.245</FONT> <BR><FONT = size=3D2>database: sensor=20 id =3D 1</FONT> <BR><FONT size=3D2>database: using the "log" = facility</FONT>=20 <BR><FONT size=3D2>Error: Unknown config: classification</FONT> = <BR><FONT=20 size=3D2>su-2.04# </FONT></P> <P><FONT size=3D2>what am i doin wrong now?</FONT> </P><BR> <P><FONT = size=3D2>_______________________________________________</FONT>=20 <BR><FONT size=3D2>Snort-users mailing list</FONT> <BR><FONT=20 size=3D2>Snort-users () lists sourceforge net</FONT> <BR><FONT = size=3D2>Go to this=20 URL to change user options or unsubscribe:</FONT> <BR><FONT = size=3D2><A=20 target=3D_blank=20 = href=3D"http://lists.sourceforge.net/lists/listinfo/snort-users";>http://l= ists.sourceforge.net/lists/listinfo/snort-users</A></FONT>=20 <BR><FONT size=3D2>Snort-users list archive:</FONT> <BR><FONT = size=3D2><A=20 target=3D_blank=20 = href=3D"http://www.geocrawler.com/redir-sf.php3?list=3Dsnort-users";>http:= //www.geocrawler.com/redir-sf.php3?list=3Dsnort-users</A></FONT>=20 </P></BLOCKQUOTE></BODY></HTML> ------=_NextPart_000_0035_01C0D97C.84409150-- --__--__-- _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net http://lists.sourceforge.net/lists/listinfo/snort-users End of Snort-users Digest _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- unsubscribe Ryan McClure (Systems Admin) - United Shipping (May 10)
- <Possible follow-ups>
- unsubscribe Ryan McClure (Systems Admin) - United Shipping (May 11)
- unsubscribe Ryan McClure (Systems Admin) - United Shipping (May 11)
- unsubscribe Ryan McClure (Systems Admin) - United Shipping (May 11)
- unsubscribe Ryan McClure (Systems Admin) - United Shipping (May 11)
- Re: unsubscribe Andy Lowton (May 11)
- unsubscribe per.thorsheim (May 13)