Re: snort 2.9.9.0 error

["Kumarswamy H N (kumhn)" <kumhn () cisco com>]

Either you can install lzma package  or change the line 325 to decompress_swf { deflate } \

From: Mojtaba Haghighipour [mailto:moj.haghighipour () gmail com]
Sent: Friday, January 13, 2017 2:42 PM
To: Michael Steele <michaels () winsnort com>
Cc: snort-users () lists sourceforge net
Subject: Re: [Snort-users] snort 2.9.9.0 error

it's  my 325 and 326 line..
325:    decompress_swf { deflate lzma } \
326:    decompress_pdf { deflate }
what should I do now??

On Fri, Jan 13, 2017 at 12:39 AM, Michael Steele <michaels () winsnort com<mailto:michaels () winsnort com>> wrote:
This has been around for months and should displayed as a warning and not a fatal error.

Kindest regards,
Michael...

WINSNORT.com Management Team Member
--
****************** Established ~ 2001 *******************
*          Visit Us @ http://www.winsnort.com           *
*      ~~ FREE WinIDS Snort installation guides ~~      *
*               ~~ FREE support forums ~~               *
* Snort: Open Source Network IDS - http://www.snort.org *
*********************************************************

From: Ed Borgoyn (eborgoyn) [mailto:eborgoyn () cisco com<mailto:eborgoyn () cisco com>]
Sent: Thursday, January 12, 2017 12:52 PM
To: Jim Campbell <jim () w4bqp net<mailto:jim () w4bqp net>>; snort-users () lists sourceforge net<mailto:snort-users 
() lists sourceforge net>
Subject: Re: [Snort-users] snort 2.9.9.0 error

Does line 326 of snort.conf look like:


decompress_swf { deflate lzma }


If so, then try removing the ‘lzma’ keyword.  If snort is not built with the LZMA libraries for LZMA SWF file 
decompression, then this keyword will lead to a syntax error.


Ed Borgoyn
Cisco Snort Development Team


From: Jim Campbell <jim () w4bqp net<mailto:jim () w4bqp net>>
Date: Thursday, January 12, 2017 at 12:20 PM
To: "snort-users () lists sourceforge net<mailto:snort-users () lists sourceforge net>" <snort-users () lists 
sourceforge net<mailto:snort-users () lists sourceforge net>>
Subject: Re: [Snort-users] snort 2.9.9.0 error

It's telling you that line 326 of snort.conf has an error. Perhaps a mismatched or out of place '}'
On 1/12/2017 2:28 AM, Mojtaba Haghighipour wrote:
hi ... it's error when I run snort with command:
snort -c  /etc/snort/rules/etc/snort.conf

ERROR: /etc/snort/rules/etc/snort.conf(326) => Invalid keyword '}' for server configuration.

Fatal Error, Quitting..





Please help me..





------------------------------------------------------------------------------
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today. http://sdm.link/xeonphi
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net<mailto:Snort-users () lists sourceforge net>
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

------------------------------------------------------------------------------
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today. http://sdm.link/xeonphi

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!