Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: FATAL ERROR: /usr/local/etc/snort.conf(45) Unknown rule type: ipvar.

From: waldo kitty <wkitty42 () windstream net>
Date: Wed, 17 Aug 2011 12:40:25 -0400
On 8/17/2011 11:07, alexus wrote:

it seems like it's failing on part #5 (preprocessors(rpc_decode))


su-3.2# snort -sc /usr/local/etc/snort.conf
Running in IDS mode

         --== Initializing Snort ==--

[TRIM]

rpc_decode arguments:
     Ports to decode RPC on: 111 32770 32771 32772 32773 32774 32775
32776 32777 32778 32779
     alert_fragments: INACTIVE
     alert_large_fragments: INACTIVE
     alert_incomplete: INACTIVE
     alert_multiple_requests: INACTIVE
Segmentation fault: 11 (core dumped)
su-3.2#


in my (old) snort (Snort 2.8.6.1 GRE (Build 39)), the next line is the loading 
of the Portscan Detection Config... it is immediately after the 
alert_multiple_requests line... then i have the following sections...

  FTPTelnet Config
  SMTP Config
  SSH Config
  DCE/RPC 2 Preprocessor Configuration
  DNS Configuration
  SSLPP config
  Initializing rule chains...

maybe this helps somewhat?

------------------------------------------------------------------------------
Get a FREE DOWNLOAD! and learn more about uberSVN rich system, 
user administration capabilities and model configuration. Take 
the hassle out of deploying and managing Subversion and the 
tools developers use with it. http://p.sf.net/sfu/wandisco-d2d-2
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: