Snort mailing list archives

AW: [Snort-users] 2.1.0 (build9) ERROR: unknown preprocessor "à_decode"

From: "Poppi, Sandro" <Sandro.Poppi () wacker com>
Date: Fri, 9 Jan 2004 14:15:04 +0100

Hi Tony,

I would suggest running through your snort.conf and searching for "decode"
(without the quotes) somewhere after preprocessor stream4. Seems to me that
a typo has made it accidently into the file.

So long,
Sandro


Hi,

Just upgraded my Unstable Debian System. Snort upgraded to 
2.1.0 (Build 9).
Since this upgrade i have the FATAL error :

titine:/etc/snort# /usr/sbin/snort -T -c /etc/snort/snort.conf
...

No arguments to frag2 directive, setting defaults to:
    Fragment timeout: 60 seconds
    Fragment memory cap: 4194304 bytes
    Fragment min_ttl:   0
    Fragment ttl_limit: 5
    Fragment Problems: 0
    Self preservation threshold: 500
    Self preservation period: 90
    Suspend threshold: 1000
    Suspend period: 30
Stream4 config:
    Stateful inspection: ACTIVE
    Session statistics: INACTIVE
    Session timeout: 30 seconds
    Session memory cap: 8388608 bytes
    State alerts: INACTIVE
    Evasion alerts: INACTIVE
    Scan alerts: ACTIVE
    Log Flushed Streams: INACTIVE
    MinTTL: 1
    TTL Limit: 5
    Async Link: 0
    State Protection: 0
    Self preservation threshold: 50
    Self preservation period: 90
    Suspend threshold: 200
    Suspend period: 30
Stream4_reassemble config:
    Server reassembly: INACTIVE
    Client reassembly: ACTIVE
    Reassembler alerts: ACTIVE
    Zero out flushed packets: INACTIVE
    flush_data_diff_size: 500
    Ports: 21 23 25 53 80 110 111 143 513 1433
    Emergency Ports: 21 23 25 53 80 110 111 143 513 1433
ERROR:  unknown preprocessor "à_decode"
Fatal Error, Quitting..

Recently , i just added some preprocessor portscan-ignorehosts, and 
preprocessor portscan2-ignorehosts directive in my config file. Think 
nothing to do with the error "a_decode"

Some library version information on the system :
gcc version 3.3.3 20031229 (prerelease) (Debian)
libc6          2.3.2.ds1-10   GNU C Library: Shared libraries 
and Timezone
libc6-dev      2.3.2.ds1-10   GNU C Library: Development 
Libraries and Hea

Thanks for your help.


-------------------------------------------------------
This SF.net email is sponsored by: Perforce Software.
Perforce is the Fast Software Configuration Management System offering
advanced branching capabilities and atomic changes on 50+ platforms.
Free Eval! http://www.perforce.com/perforce/loadprog.html
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users



-------------------------------------------------------
This SF.net email is sponsored by: Perforce Software.
Perforce is the Fast Software Configuration Management System offering
advanced branching capabilities and atomic changes on 50+ platforms.
Free Eval! http://www.perforce.com/perforce/loadprog.html
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

AW: [Snort-users] 2.1.0 (build9) ERROR: unknown preprocessor "à_decode" Poppi, Sandro (Jan 09)
- Re: AW: [Snort-users] 2.1.0 (build9) ERROR: unknown preprocessor "à_decode" Tony Oger (Jan 09)
- Re: [Snort-users] AW: [Snort-users] 2.1.0 (build9) ERROR: unknown preprocessor "à_decode" Scott Zawalski (Jan 09)