Snort mailing list archives
Re: Can't get Snort to run on Win2008
From: "Ed Borgoyn (eborgoyn)" <eborgoyn () cisco com>
Date: Mon, 20 Mar 2017 20:48:25 +0000
Matt, On line 333 of snort.conf there probably is the ‘lzma’ keyword. Please remove this keyword, leaving the rest of the line intact. This keyword is not recognized if/when snort is not built with the lzma decompression libraries. For some reason the default windows build doesn’t have lzma support but still has the lzma keyword in the snort.conf. Give this a try. Ed Borgoyn Cisco Snort Development Team On 3/20/17, 3:31 PM, "Matt H" <vikingfan_913 () yahoo com> wrote: I'm having trouble getting Snort working on a Windows server. I followed these steps (though on a 2008 server) http://www.javaguicodexample.com/snortiisphpbaseperladodb6.html but when I runsnort -i 1 -c C:\Snort\etc\snort.conf -b -N -K none -A nonethe output is: Running in IDS mode --==Initializing Snort ==--Initializing Output Plugins!Initializing Preprocessors!Initializing Plug-ins! ... cutting out a bunchHttpInspect Config: ... cutting out details Gzip Decompress Depth: 65535ERROR: c:\snort\etc\snort.conf(333) => Invalid keyword '}' for server configuration.Fatal Error, Quitting..Could not set the event message file. Please let me know what other details I can provide to get effective help from any of you. Thanks ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news! ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Can't get Snort to run on Win2008 Matt H (Mar 20)
- Re: Can't get Snort to run on Win2008 Ed Borgoyn (eborgoyn) (Mar 20)