Snort mailing list archives
(no subject)
From: Comcast <vulcan20mm1 () comcast net>
Date: Sun, 02 Mar 2003 23:36:50 -0500
I am having the below error. I also have the problem of pushing the snesor config file it does not put it into the /etc/snort directory I have to down load it and copy it to the /etc/snort dir. I am running rh 8.0 on a amd 1500 processor with MySql 2.53 snort center 9.6 acid v096b23 snort agent 0.1.4. It was all working fine until I wanted to update a rule and copied over a new snort.etho.conf file and restarted then it failed. Any Ideas. Please help! Current config file error: Initializing Output Plugins! Log directory = /var/log/snort Initializing Network Interface eth0 --== Initializing Snort ==-- Rule application order changed to Pass->Alert->Log Decoding Ethernet on interface eth0 Parsing Rules file /etc/snort/snort.eth0.conf +++++++++++++++++++++++++++++++++++++++++++++++++++ Initializing rule chains... Initializing Preprocessors! Initializing Plug-ins! No arguments to frag2 directive, setting defaults to: Fragment timeout: 60 seconds Fragment memory cap: 4194304 bytes Fragment min_ttl: 0 Fragment ttl_limit: 5 Fragment Problems: 0 Stream4 config: Stateful inspection: ACTIVE Session statistics: INACTIVE Session timeout: 30 seconds Session memory cap: 8388608 bytes State alerts: INACTIVE Evasion alerts: INACTIVE Scan alerts: ACTIVE Log Flushed Streams: INACTIVE MinTTL: 1 TTL Limit: 5 Async Link: 0 No arguments to stream4_reassemble, setting defaults: Reassemble client: ACTIVE Reassemble server: INACTIVE Reassemble ports: 21 23 25 53 80 143 110 111 513 Reassembly alerts: ACTIVE Reassembly method: FAVOR_OLD http_decode arguments: Unicode decoding IIS alternate Unicode decoding IIS double encoding vuln Flip backslash to slash Include additional whitespace separators Ports to decode http on: 80 rpc_decode arguments: Ports to decode RPC on: 111 32771 telnet_decode arguments: Ports to decode telnet on: 21 23 25 119 Conversation Config: KeepStats: 0 Conv Count: 32000 Timeout : 60 Alert Odd?: 0 Allowed IP Protocols: All Portscan2 config: log: /var/log/snort/scan.log scanners_max: 3200 targets_max: 5000 target_limit: 5 port_limit: 20 timeout: 60 database: compiled support for ( mysql ) database: configured to use mysql database: user = snort database: password is set database: database name = snort database: host = 127.0.0.1 database: sensor name = ras database: sensor id = 1 database: schema version = 106 database: using the "log" facility database: compiled support for ( mysql ) database: configured to use mysql database: user = snort database: password is set database: database name = snort database: host = 127.0.0.1 database: sensor name = 192.168.1.100 database: sensor id = 2 database: schema version = 106 database: using the "log" facility ERROR line /etc/snort/snort.eth0.conf (658) => Unknown rule type: notify Fatal Error, Quitting.. ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- (no subject), (continued)
- (no subject) Luiz Alberto Cataldo Jr (Jan 30)
- (no subject) Carmit Partoush (Feb 11)
- (no subject) Carmit Partoush (Feb 13)
- Re: (no subject) Erek Adams (Feb 13)
- (no subject) abhi naik (Feb 14)
- Re: (no subject) Charles Darwin (Feb 16)
- RE: (no subject) Michael Steele (Feb 16)
- (no subject) jcosta (Feb 27)
- Re: (no subject) Erek Adams (Feb 27)
- Re: (no subject) Erick Mechler (Feb 27)
- (no subject) Comcast (Mar 02)
- Re: (no subject) Erek Adams (Mar 03)
- (no subject) Motif (Mar 07)
- (no subject) ryan stangl (Mar 17)
- Re: (no subject) Alberto Gonzalez (Mar 18)
- (no subject) aalbert (Mar 25)
- (no subject) Ken Bell (Mar 27)
- Adobe's Ducky Adam Shephard (Mar 27)