Snort mailing list archives
Re: Issue with snort.conf
From: Bhagya Bantwal <bbantwal () sourcefire com>
Date: Wed, 5 Jan 2011 18:25:25 -0500
Removing the backslash on line 212 should do the trick. Currently you have : 212 preprocessor http_inspect: global iis_unicode_map unicode.map 1252 \ 213 preprocessor http_inspect_server: server default \ Change it to: 212 preprocessor http_inspect: global iis_unicode_map unicode.map 1252 213 preprocessor http_inspect_server: server default \ -B On Wed, Jan 5, 2011 at 6:08 PM, Atkins, Dwane P <ATKINSD () uthscsa edu> wrote:
When we initiate the following command per instructions, sudo /usr/local/snort/bin/snort -u snort -g snort -c /usr/local/snort/etc/snort.conf -i eth1 we get this: Stream5 UDP Policy config: Timeout: 180 seconds ERROR: /usr/local/snort/etc/snort.conf(239) => Invalid keyword 'preprocessor' for 'global' configuration. Fatal Error, Quitting.. In our snort.conf file, line 239 is “webroot no: Can anyone please tell me what causes this? 206 preprocessor stream5_udp: timeout 180 207 208 # performance statistics. For more information, see the Snort Manual, Configuring Snort - Preprocessors - Performance Monitor 209 # preprocessor perfmonitor: time 300 file /var/snort/snort.stats pktcnt 10000 210 211 # HTTP normalization and anomaly detection. For more information, see README.http_inspect 212 preprocessor http_inspect: global iis_unicode_map unicode.map 1252 \ 213 preprocessor http_inspect_server: server default \ 214 chunk_length 500000 \ 215 server_flow_depth 0 \ 216 client_flow_depth 0 \ 217 post_depth 65495 \ 218 oversize_dir_length 500 \ 219 max_header_length 750 \ 220 max_headers 100 \ 221 ports { 80 311 591 593 901 1220 1414 1830 2301 2381 2809 3128 3702 5250 7001 7777 7779 8000 8008 8028 8080 8088 8118 8123 8180 8243 8280 8888 9090 9091 9443 9999 11371 } \ 222 non_rfc_char { 0x00 0x01 0x02 0x03 0x04 0x05 0x06 0x07 } \ 223 enable_cookie \ 224 extended_response_inspection \ 225 normalize_utf \ 226 unlimited_decompress \ 227 apache_whitespace no \ 228 ascii no \ 229 bare_byte no \ 230 base36 no \ 231 directory no \ 232 double_decode no \ 233 iis_backslash no \ 234 iis_delimiter no \ 235 iis_unicode no \ 236 multi_slash no \ 237 utf_8 no \ 238 u_encode yes \ 239 webroot no Thank you Dwane ------------------------------------------------------------------------------ Learn how Oracle Real Application Clusters (RAC) One Node allows customers to consolidate database storage, standardize their database environment, and, should the need arise, upgrade to a full multi-node Oracle RAC database without downtime or disruption http://p.sf.net/sfu/oracle-sfdevnl _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------------ Learn how Oracle Real Application Clusters (RAC) One Node allows customers to consolidate database storage, standardize their database environment, and, should the need arise, upgrade to a full multi-node Oracle RAC database without downtime or disruption http://p.sf.net/sfu/oracle-sfdevnl
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Issue with snort.conf Atkins, Dwane P (Jan 05)
- Re: Issue with snort.conf Bhagya Bantwal (Jan 05)