Snort mailing list archives
RE: Snort - Fatal Error
From: "Harper, Patrick" <patrick.harper () phns com>
Date: Mon, 26 Jul 2004 07:40:05 -0500
Sounds like you only got the snort RPM installed and not the snort-mysql rpm as well. To find out do the following and you should see the output like is listed [root@www snort]# rpm -qa |grep snort snort-mysql-2.1.2-2 snort-2.1.2-2 [root@www snort]# -----Original Message----- From: Shankar [mailto:list () zeeaccess com] Sent: Monday, July 26, 2004 5:22 AM To: Snort-Users Subject: [Snort-users] Snort - Fatal Error Hi Snort Users, I am new to snort, read the snort manual by Patrick Harper (manual ver 7.2) and implemented the same , as it is. I get an error, ERROR: Undefined variable name: (/etc/snort/snort.conf:453): Fatal Error, Quitting.. Line-453 output database: log, mysql, user=snort password=mypassword dbname=snort host=localhost [root@snort]# snort -c /etc/snort/snort.conf Running in IDS mode Log directory = /var/log/snort Initializing Network Interface eth0 --== Initializing Snort ==-- Initializing Output Plugins! Decoding Ethernet on interface eth0 Initializing Preprocessors! Initializing Plug-ins! Parsing Rules file /etc/snort/snort.conf +++++++++++++++++++++++++++++++++++++++++++++++++++ Initializing rule chains... ,-----------[Flow Config]---------------------- | Stats Interval: 0 | Hash Method: 2 | Memcap: 10485760 | Rows : 4099 | Overhead Bytes: 16400(%0.16) `---------------------------------------------- No arguments to frag2 directive, setting defaults to: Fragment timeout: 60 seconds Fragment memory cap: 4194304 bytes Fragment min_ttl: 0 Fragment ttl_limit: 5 Fragment Problems: 0 Self preservation threshold: 500 Self preservation period: 90 Suspend threshold: 1000 Suspend period: 30 Stream4 config: Stateful inspection: ACTIVE Session statistics: INACTIVE Session timeout: 30 seconds Session memory cap: 8388608 bytes State alerts: INACTIVE Evasion alerts: INACTIVE Scan alerts: INACTIVE Log Flushed Streams: INACTIVE MinTTL: 1 TTL Limit: 5 Async Link: 0 State Protection: 0 Self preservation threshold: 50 Self preservation period: 90 Suspend threshold: 200 Suspend period: 30 Stream4_reassemble config: Server reassembly: INACTIVE Client reassembly: ACTIVE Reassembler alerts: ACTIVE Zero out flushed packets: INACTIVE flush_data_diff_size: 500 Ports: 21 23 25 53 80 110 111 143 513 1433 Emergency Ports: 21 23 25 53 80 110 111 143 513 1433 HttpInspect Config: GLOBAL CONFIG Max Pipeline Requests: 0 Inspection Type: STATELESS Detect Proxy Usage: NO IIS Unicode Map Filename: /etc/snort/unicode.map IIS Unicode Map Codepage: 1252 DEFAULT SERVER CONFIG: Ports: 80 8080 8180 Flow Depth: 300 Max Chunk Length: 500000 Inspect Pipeline Requests: YES URI Discovery Strict Mode: NO Allow Proxy Usage: NO Disable Alerting: NO Oversize Dir Length: 500 Only inspect URI: NO Ascii: YES alert: NO Double Decoding: YES alert: YES %U Encoding: YES alert: YES Bare Byte: YES alert: YES Base36: OFF UTF 8: OFF IIS Unicode: YES alert: YES Multiple Slash: YES alert: NO IIS Backslash: YES alert: NO Directory: YES alert: NO Apache WhiteSpace: YES alert: YES IIS Delimiter: YES alert: YES IIS Unicode Map: GLOBAL IIS UNICODE MAP CONFIG Non-RFC Compliant Characters: NONE rpc_decode arguments: Ports to decode RPC on: 111 32771 alert_fragments: INACTIVE alert_large_fragments: ACTIVE alert_incomplete: ACTIVE alert_multiple_requests: ACTIVE telnet_decode arguments: Ports to decode telnet on: 21 23 25 119 [root@snort]# OS is Fedora Core-1 with all updates from freshrpms snort-2.1.3-0 snort-mysql-2.1.3-0 adodb411 acid-0.9.6b23 zlib-1.2.1 jpgraph-1.14 libpcap-0.8.3 pcre-4.4 where did i go wrong, pls help, thx in advance. Regards, Shankar. ------------------------------------------------------- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Disclaimer: This electronic message, including any attachments, is confidential and intended solely for use of the intended recipient(s). This message may contain information that is privileged or otherwise protected from disclosure by applicable law. Any unauthorized disclosure, dissemination, use or reproduction is strictly prohibited. If you have received this message in error, please delete it and notify the sender immediately. ------------------------------------------------------- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_idG21&alloc_id040&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort - Fatal Error Shankar (Jul 26)
- RE: Snort - Fatal Error Jeff Dell (Jul 26)
- RE: Snort - Fatal Error Shankar (Jul 26)
- Re: Snort - Fatal Error prabu (Jul 26)
- RE: Snort - Fatal Error Shankar (Jul 26)
- Re: Snort - Fatal Error prabu (Jul 26)
- RE: Snort - Fatal Error Shankar (Jul 26)
- <Possible follow-ups>
- Fw: Snort - Fatal Error prabu (Jul 26)
- RE: Snort - Fatal Error Harper, Patrick (Jul 26)
- RE: Snort - Fatal Error Shankar (Jul 26)
- RE: Snort - Fatal Error Jeff Dell (Jul 26)
- RE: Snort - Fatal Error Shankar (Jul 26)
- RE: Snort - Fatal Error Harper, Patrick (Jul 26)
- RE: Snort - Fatal Error Jeff Dell (Jul 26)