Snort mailing list archives
Re: config woes with 2.7.0.1 and frag3
From: "Justin Heath" <justin.heath () gmail com>
Date: Mon, 13 Aug 2007 17:34:25 -0400
Missing commas ... preprocessor frag3_global: max_frags 65536, prealloc_frags 262144 preprocessor frag3_engine: policy first, detect_anomalies On 8/13/07, Russell Fulton <r.fulton () auckland ac nz> wrote:
I recently installed 2.7.0.1 and it complained about my frag3 configuration that had worked fine with 2.6. The really strange thing is that it is the same as in the sample snort.conf! Here is an excerpt from my conf file: config disable_decode_alerts config disable_tcpopt_experimental_alerts config disable_tcpopt_alerts preprocessor flow: stats_interval 0 hash 2 preprocessor frag3_global: max_frags 65536 prealloc_frags 262144 preprocessor frag3_engine: policy first detect_anomalies preprocessor stream4: disable_evasion_alerts preprocessor stream4_reassemble: zero_flushed_packets and this generates the error: Aug 13 09:21:41 monitor-dmzo snort: FATAL ERROR: conf/bond0.snort.conf(34) => Missing argument to max_frags in config file. Aug 13 09:22:33 monitor-dmzo su(pam_unix)[3677]: session closed for user snort Any ideas what is going on here? Cheers, Russell ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- config woes with 2.7.0.1 and frag3 Russell Fulton (Aug 13)
- Re: config woes with 2.7.0.1 and frag3 Justin Heath (Aug 13)
- Re: config woes with 2.7.0.1 and frag3 Russell Fulton (Aug 13)
- Re: config woes with 2.7.0.1 and frag3 Justin Heath (Aug 14)
- Re: config woes with 2.7.0.1 and frag3 Russell Fulton (Aug 13)
- Re: config woes with 2.7.0.1 and frag3 Justin Heath (Aug 13)