Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Snort en mode NIDS

From: Mark.Schutzmann () Omron com
Date: Tue, 30 Mar 2004 09:39:56 -0600

This issue sometimes occurs after a fresh install for some reason. You need
to edit the snort.conf file and look for the following section and edit it
to reflect your snort rules path (where your unicode.map is usually
located). If you don't find the unicode.map file in your snort rules
directory, copy it from your snort install's ./etc folder to your rules
directory then edit the snort.conf file.

# http_inspect: normalize and detect HTTP traffic and protocol anomalies
#
# lots of options available here. See doc/README.http_inspect.
# unicode.map should be wherever your snort.conf lives, or given
# a full path to where snort can find it.
preprocessor http_inspect: global \
    iis_unicode_map /etc/snort/unicode.map 1252


                                                                                                                        
                          
                      <ravivsn () mail roc co in>                                                                       
                             
                      Sent by:                            To:       <sanaa52 () hotmail com>                            
                             
                      snort-users-admin () lists sour        cc:       <ravivsn () roc co in>, <snort-users () lists 
sourceforge net>                      
                      ceforge.net                         Subject:  Re: [Snort-users] Snort en mode NIDS                
                          
                                                                                                                        
                          
                                                                                                                        
                          
                      03/30/2004 01:29 AM                                                                               
                          
                                                                                                                        
                          
                                                                                                                        
                          




Send your snort.conf
Ravi

i'have problem when i wont to use snort in mode NIDS, and when i type
shel>snort -l /var/log -h 10.100.11.0/24 -c /etc/snort/snort.conf

Running in IDS mode
Log directory = /var/log
Initializing Network Interface eth0

        --== Initializing Snort ==--
Initializing Output Plugins!
Decoding Ethernet on interface eth0
Initializing Preprocessors!
Initializing Plug-ins!
Parsing Rules file /etc/snort/snort.conf

+++++++++++++++++++++++++++++++++++++++++++++++++++
Initializing rule chains...
,-----------[Flow Config]----------------------
| Stats Interval:  0
| Hash Method:     2
| Memcap:          10485760
| Rows  :          4099
| Overhead Bytes:  16400(%0.16)
`----------------------------------------------
No arguments to frag2 directive, setting defaults to:
    Fragment timeout: 60 seconds
    Fragment memory cap: 4194304 bytes
    Fragment min_ttl:   0
    Fragment ttl_limit: 5
    Fragment Problems: 0
    Self preservation threshold: 500
    Self preservation period: 90
    Suspend threshold: 1000
    Suspend period: 30
Stream4 config:
    Stateful inspection: ACTIVE
    Session statistics: INACTIVE
    Session timeout: 30 seconds
    Session memory cap: 8388608 bytes
    State alerts: INACTIVE
    Evasion alerts: INACTIVE
    Scan alerts: INACTIVE
    Log Flushed Streams: INACTIVE
    MinTTL: 1
    TTL Limit: 5
    Async Link: 0
    State Protection: 0
    Self preservation threshold: 50
    Self preservation period: 90
    Suspend threshold: 200
    Suspend period: 30
Stream4_reassemble config:
    Server reassembly: INACTIVE
    Client reassembly: ACTIVE
    Reassembler alerts: ACTIVE
    Zero out flushed packets: INACTIVE
    flush_data_diff_size: 500
    Ports: 21 23 25 53 80 110 111 143 513 1433
    Emergency Ports: 21 23 25 53 80 110 111 143 513 1433
ERROR: /etc/snort/snort.conf(285) => Invalid file name for IIS Unicode
Map  file.
Fatal Error, Quitting..

so where is the problem and how i can resolve it ,
thinks

_________________________________________________________________
MSN Search, le moteur de recherche qui pense comme vous !
http://search.msn.fr/worldwide.asp






-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users







-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: