Re: Configuration Problem

[wkitty42 () windstream net]

On 01/30/2017 11:39 AM, Jones, Christopher (Chris) (Maj) wrote:
> I’m new to Snort and am having trouble getting a successful configuration test.
> The test quits with the error “ERROR: C:\snort\etc\snort.conf(327) => Invalid
> keyword ‘}’ for server configuration.  Fatal Error, Quitting…

this was discussed starting on 2017 Jan 12 but for some reason, your line is one 
off from the original discussion...

> Line 327 is: decompress_pdf { deflate }

look at the line above that one... i'd be willing to bet that the two look like

326:    decompress_swf { deflate lzma } \
327:    decompress_pdf { deflate }

if so, remove "lzma" from the first one or make them look like this...

326:  # decompress_swf { deflate lzma } \
327:    decompress_swf { deflate } \
328:    decompress_pdf { deflate }

in the above i commented out the one line and added it back with the change so 
as to retain it in case it is needed later... the problem is that your snort has 
been compiled without "lzma" support... you can recompile it with this support 
(needs additional libs) or just comment it out or remove it as above and carry on...


-- 
  NOTE: No off-list assistance is given without prior approval.
        *Please keep mailing list traffic on the list* unless
        private contact is specifically requested and granted.

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!