Snort mailing list archives
RE: snort -c /etc/snort/snort.conf fatal error
From: "Harper, Patrick" <patrick.harper () phns com>
Date: Wed, 21 Apr 2004 08:19:29 -0500
Copy the unicode.map (all the map files) file from the source files /etc to /etc/snort -----Original Message----- From: VanZee, Timothy [mailto:T-VANZEE () govst edu] Sent: Saturday, April 17, 2004 6:31 AM To: snort-users () lists sourceforge net Subject: [Snort-users] snort -c /etc/snort/snort.conf fatal error Can anyone help me out? I am not getting any alerts even after running CIS Scanner against the box. I installed according to Install Guide by Patrick S. Harper on snort.org/docs. Here is the output from snort -c /etc/snort/snort.conf ###################################################### # snort -c /etc/snort/snort.conf Running in IDS mode Log directory = /var/log/snort Initializing Network Interface eth0 --== Initializing Snort ==-- Initializing Output Plugins! Decoding Ethernet on interface eth0 Initializing Preprocessors! Initializing Plug-ins! Parsing Rules file /etc/snort/snort.conf +++++++++++++++++++++++++++++++++++++++++++++++++++ Initializing rule chains... ,-----------[Flow Config]---------------------- | Stats Interval: 0 | Hash Method: 2 | Memcap: 10485760 | Rows : 4099 | Overhead Bytes: 16400(%0.16) `---------------------------------------------- No arguments to frag2 directive, setting defaults to: Fragment timeout: 60 seconds Fragment memory cap: 4194304 bytes Fragment min_ttl: 0 Fragment ttl_limit: 5 Fragment Problems: 0 Self preservation threshold: 500 Self preservation period: 90 Suspend threshold: 1000 Suspend period: 30 Stream4 config: Stateful inspection: ACTIVE Session statistics: INACTIVE Session timeout: 30 seconds Session memory cap: 8388608 bytes State alerts: INACTIVE Evasion alerts: INACTIVE Scan alerts: INACTIVE Log Flushed Streams: INACTIVE MinTTL: 1 TTL Limit: 5 Async Link: 0 State Protection: 0 Self preservation threshold: 50 Self preservation period: 90 Suspend threshold: 200 Suspend period: 30 Stream4_reassemble config: Server reassembly: INACTIVE Client reassembly: ACTIVE Reassembler alerts: ACTIVE Zero out flushed packets: INACTIVE flush_data_diff_size: 500 Ports: 21 23 25 53 80 110 111 143 513 1433 Emergency Ports: 21 23 25 53 80 110 111 143 513 1433 ERROR: /etc/snort/snort.conf(285) => Invalid file name for IIS Unicode Map file. Fatal Error, Quitting.. ###################################################### Here are lines 284 and 285 from my snort.conf ############### preprocessor http_inspect: global \ iis_unicode_map unicode.map 1252 ############### Thanks for your help as I'm new to snort. NHS^隊X'u쀼S:+l.)ۭޱ y zThm丧'^֧t!:(5!މh'-櫝 +axwZ j[-̬vh೧kjmv,vw(焛㽖Z Disclaimer: This electronic message, including any attachments, is confidential and intended solely for use of the intended recipient(s). This message may contain information that is privileged or otherwise protected from disclosure by applicable law. Any unauthorized disclosure, dissemination, use or reproduction is strictly prohibited. If you have received this message in error, please delete it and notify the sender immediately. N�HS^�隊X���'���u������S��+��l��.)��ۭ�����ޱ��y�� ��zThm����'^�֧t!����:(��!��h�'�-櫝�ޯ+a�x����wZ���j[-�̬���vh���kjب�m���v�,vw(����
Current thread:
- snort -c /etc/snort/snort.conf fatal error VanZee, Timothy (Apr 17)
- Re: snort -c /etc/snort/snort.conf fatal error Patrick S. Harper (Apr 17)
- <Possible follow-ups>
- Re: snort -c /etc/snort/snort.conf fatal error nhdave (Apr 17)
- RE: snort -c /etc/snort/snort.conf fatal error Harper, Patrick (Apr 21)
- RE: snort -c /etc/snort/snort.conf fatal error Paul Schmehl (Apr 21)