Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Snort Beta v2.6

From: Jason Brvenik <jasonb () sourcefire com>
Date: Mon, 20 Mar 2006 19:51:58 -0500
A few questions.

Did you build with --enable-dynamicplugin
Install using make install?
Ensure that the plugins are located in is valid for shared objects?

you can also use --dynamic-preprocessor-lib-dir on the command line to
specify the path the plugins are located in. There is a config file
param that will also work for this.



Ron Jenkins wrote:

Is anyone else having these problems?

 

 

/ /

/ERROR: /etc/snort/snort.conf(519) unknown preprocessor "ftp_telnet"
Fatal Error, Quitting..

ERROR: /etc/snort/snort.conf(523) unknown preprocessor
"ftp_telnet_protocol"
Fatal Error, Quitting..

ERROR: /etc/snort/snort.conf(571) unknown preprocessor "smtp"
Fatal Error, Quitting..

Rule application order: ->activation->dynamic->pass->drop->alert->log
Log directory = /var/log/snort
Verifying Preprocessor Configurations!
Warning: flowbits key 'trojan' is set but not ever checked.
Warning: flowbits key 'dce.bind.veritas' is set but not ever checked.
Warning: flowbits key 'dce.isystemactivator.bind.call.attempt' is set
but not ever checked.
Warning: flowbits key 'http.jpeg' is checked but not ever set.
Warning: flowbits key 'realplayer.playlist' is checked but not ever set.
Warning: flowbits key 'ms_sql_seen_dns' is checked but not ever set.
Warning: flowbits key 'netbios.lsass.bind.attempt' is checked but not
ever set./

/ /

/ /

/After  a short period of time snort exits with the following:

Not Using PCAP_FRAMES/

 

 

Also, the server drive becomes very busy.

 

Thanks…

 

Ron Jenkins (SnortCP, MCNE, CNE6, MCP, CCNA, CCEA)
Senior Architect
Data Integrity, LLC
"We Integrate People with Solutions"
1724 Dallas Drive
Suite 11
Baton Rouge, La 70806
Office. 225.927.8030
Fax. 225.927.8033
Cell225.931.1632

Email. rjenkins () dibr net
Web. http://www.dibr.net

(Aanval Reseller and Technology Partner)

http://www.aanval.com/tour/dibr

 




-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid0944&bid$1720&dat1642
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: