Snort mailing list archives
Snort 2.1.0 and http_decode issue
From: "Micah Powell" <micah () wapzoneoz com>
Date: Sun, 11 Jan 2004 13:59:57 +1100
G'Day, I recently upgraded snort to 2.1.0. I have had a few dramas but have finally got it going again (problems with the startup script). One thing I can't figure out though is this. When I try to start it I get this in the log: Jan 10 02:21:04 server01 snort: Initializing daemon mode Jan 10 02:21:04 server01 snort: PID path stat checked out ok, PID path set to /var/run/ Jan 10 02:21:04 server01 snort: Writing PID "3558" to file "/var/run//snort_eth0.pid" Jan 10 02:21:04 server01 snort: FATAL ERROR: unknown preprocessor "\200O^[^H_decode" Jan 10 02:21:04 server01 kernel: device eth0 left promiscuous mode Jan 10 02:21:04 server01 snortd: snort startup succeeded But it doesn't actually start. I went through the preprocessors (with the word 'decode') one by one and commented them out and it would appear that http_decode is the problem. I downloaded the latest rules (for 2.1.0) and had a look at the snort.conf. I found that there is no http_decode preprocessor listed. I also had a look at the snort.conf.rpmnew that was installed as part of the upgrade and it there was no trace of it there either. Is it still there? Is there something that took its place? Micah ______________________________________________ Anti-Spam: Postfix & SpamAssasin Anti-Virus: amavis-new and f-Prot Firewall: ClarkConnect (Linux) firewall (www.clarkconnect.org) SMTP: Postfix
Current thread:
- Snort 2.1.0 and http_decode issue Micah Powell (Jan 12)