Snort mailing list archives
Re: Issue with snort.conf
From: Bhagya Bantwal <bbantwal () sourcefire com>
Date: Wed, 5 Jan 2011 18:25:25 -0500
Removing the backslash on line 212 should do the trick. Currently you have : 212 preprocessor http_inspect: global iis_unicode_map unicode.map 1252 \ 213 preprocessor http_inspect_server: server default \ Change it to: 212 preprocessor http_inspect: global iis_unicode_map unicode.map 1252 213 preprocessor http_inspect_server: server default \ -B On Wed, Jan 5, 2011 at 6:08 PM, Atkins, Dwane P <ATKINSD () uthscsa edu> wrote:
When we initiate the following command per instructions,
sudo /usr/local/snort/bin/snort -u snort -g snort -c
/usr/local/snort/etc/snort.conf -i eth1
we get this:
Stream5 UDP Policy config:
Timeout: 180 seconds
ERROR: /usr/local/snort/etc/snort.conf(239) => Invalid keyword
'preprocessor' for 'global' configuration.
Fatal Error, Quitting..
In our snort.conf file, line 239 is “webroot no:
Can anyone please tell me what causes this?
206 preprocessor stream5_udp: timeout 180
207
208 # performance statistics. For more information, see the Snort
Manual, Configuring Snort - Preprocessors - Performance Monitor
209 # preprocessor perfmonitor: time 300 file /var/snort/snort.stats
pktcnt 10000
210
211 # HTTP normalization and anomaly detection. For more information,
see README.http_inspect
212 preprocessor http_inspect: global iis_unicode_map unicode.map 1252
\
213 preprocessor http_inspect_server: server default \
214 chunk_length 500000 \
215 server_flow_depth 0 \
216 client_flow_depth 0 \
217 post_depth 65495 \
218 oversize_dir_length 500 \
219 max_header_length 750 \
220 max_headers 100 \
221 ports { 80 311 591 593 901 1220 1414 1830 2301 2381 2809 3128
3702 5250 7001 7777 7779 8000 8008 8028 8080 8088 8118 8123 8180 8243 8280
8888 9090 9091 9443 9999 11371 } \
222 non_rfc_char { 0x00 0x01 0x02 0x03 0x04 0x05 0x06 0x07 } \
223 enable_cookie \
224 extended_response_inspection \
225 normalize_utf \
226 unlimited_decompress \
227 apache_whitespace no \
228 ascii no \
229 bare_byte no \
230 base36 no \
231 directory no \
232 double_decode no \
233 iis_backslash no \
234 iis_delimiter no \
235 iis_unicode no \
236 multi_slash no \
237 utf_8 no \
238 u_encode yes \
239 webroot no
Thank you
Dwane
------------------------------------------------------------------------------
Learn how Oracle Real Application Clusters (RAC) One Node allows customers
to consolidate database storage, standardize their database environment,
and,
should the need arise, upgrade to a full multi-node Oracle RAC database
without downtime or disruption
http://p.sf.net/sfu/oracle-sfdevnl
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------------ Learn how Oracle Real Application Clusters (RAC) One Node allows customers to consolidate database storage, standardize their database environment, and, should the need arise, upgrade to a full multi-node Oracle RAC database without downtime or disruption http://p.sf.net/sfu/oracle-sfdevnl
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Issue with snort.conf Atkins, Dwane P (Jan 05)
- Re: Issue with snort.conf Bhagya Bantwal (Jan 05)