Re: SMB alerts doesn't work.

[Erek Adams <erek () snort org>]

On Mon, 3 Mar 2003, Jimmy Hernandez wrote:

> I am currently using snort 1.9.0 on OpenBSD 3.2. I am having a problem
> with the smbalerts. I checked the snort configure file and it have the
> plug in for smbalerts. I also ran it specifying the switch ./configure
> --enable-smbalerts then make and make install all looks good but when I
> try to run snort -c snort.conf -b -M workstation   I keep getting the
> Error : "SMB support not compiled into program, exiting...   Fatal
> Error, Quitting..

When ./configure runs do you see anything in regards to SMB in the output?
It's just a switch that's setup via configure.

You also might want to change the order of your switches around, just for
funsies.  Try it as 'snort -M workstation -b -c snort.conf' and see if
that would work.

[...snip...]

> I can't find any whitepapers that would help me fix that. I am using
> SAMBA 2.2.7 and snort 1.9.0 do you think I should downgrade snort to
> 1.8.0? Is anyone else having this problem?

Please _don't_ downgrade.  If anything, _upgrade_ to 1.9.1, or turn off
the rpc_decode processor.  If you've not heard (as in living under a
rock...  :-), there is a security hole in it.

Cheers!

-----
Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson


-------------------------------------------------------
This SF.net email is sponsored by: Etnus, makers of TotalView, The debugger 
for complex code. Debugging C/C++ programs can leave you feeling lost and 
disoriented. TotalView can help you find your way. Available on major UNIX 
and Linux platforms. Try it free. www.etnus.com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users