Snort mailing list archives
RE: Running snort in IDS mode
From: "Ron Jenkins" <rjenkins () dibr net>
Date: Wed, 9 Feb 2005 11:34:21 -0600
This is not the snort.conf file. Also, the load line should look something like: snort -e -d -D -c /etc/snort/snort.conf -l /var/log/snort ________________________________ From: Plantier, Spencer [mailto:spencer.plantier () stratech com] Sent: Wednesday, February 09, 2005 11:35 AM To: Ron Jenkins Subject: RE: [Snort-users] Running snort in IDS mode My snort.conf file nclude $RULE_PATH /var/tmp/snort-2.3.0/rules/local.rules include $RULE_PATH /var/tmp/snort-2.3.0/bad-traffic.rules include $RULE_PATH /var/tmp/snort-2.3.0/exploit.rules include $RULE_PATH /var/tmp/snort-2.3.0/scan.rules include $RULE_PATH /var/tmp/snort-2.3.0/finger.rules include $RULE_PATH /var/tmp/snort-2.3.0/ftp.rules include $RULE_PATH /var/tmp/snort-2.3.0/telnet.rules include $RULE_PATH /var/tmp/snort-2.3.0/rpc.rules include $RULE_PATH /var/tmp/snort-2.3.0/rservices.rules include $RULE_PATH /var/tmp/snort-2.3.0/dos.rules include $RULE_PATH /var/tmp/snort-2.3.0/ddos.rules include $RULE_PATH /var/tmp/snort-2.3.0/dns.rules include $RULE_PATH /var/tmp/snort-2.3.0/tftp.rules include $RULE_PATH /var/tmp/snort-2.3.0/web-cgi.rules include $RULE_PATH /var/tmp/snort-2.3.0/web-coldfusion.rules include $RULE_PATH /var/tmp/snort-2.3.0/web-iis.rules include $RULE_PATH /var/tmp/snort-2.3.0/web-frontpage.rules include $RULE_PATH /var/tmp/snort-2.3.0/web-misc.rules include $RULE_PATH /var/tmp/snort-2.3.0/web-client.rules include $RULE_PATH /var/tmp/snort-2.3.0/web-php.rules include $RULE_PATH /var/tmp/snort-2.3.0/sql.rules include $RULE_PATH /var/tmp/snort-2.3.0/x11.rules include $RULE_PATH /var/tmp/snort-2.3.0/icmp.rules include $RULE_PATH /var/tmp/snort-2.3.0/netbios.rules include $RULE_PATH /var/tmp/snort-2.3.0/misc.rules include $RULE_PATH /var/tmp/snort-2.3.0/attack-responses.rules include $RULE_PATH /var/tmp/snort-2.3.0/oracle.rules include $RULE_PATH /var/tmp/snort-2.3.0/mysql.rules include $RULE_PATH /var/tmp/snort-2.3.0/snmp.rules include $RULE_PATH /var/tmp/snort-2.3.0/smtp.rules include $RULE_PATH /var/tmp/snort-2.3.0/imap.rules include $RULE_PATH /var/tmp/snort-2.3.0/pop2.rules include $RULE_PATH /var/tmp/snort-2.3.0/pop3.rules include $RULE_PATH /var/tmp/snort-2.3.0/nntp.rules include $RULE_PATH /var/tmp/snort-2.3.0/other-ids.rules include $RULE_PATH /var/tmp/snort-2.3.0/web-attacks.rules include $RULE_PATH /var/tmp/snort-2.3.0/backdoor.rules include $RULE_PATH /var/tmp/snort-2.3.0/shellcode.rules include $RULE_PATH /var/tmp/snort-2.3.0/policy.rules include $RULE_PATH /var/tmp/snort-2.3.0/porn.rules include $RULE_PATH /var/tmp/snort-2.3.0/info.rules include $RULE_PATH /var/tmp/snort-2.3.0/icmp-info.rules include $RULE_PATH /var/tmp/snort-2.3.0/virus.rules include $RULE_PATH /var/tmp/snort-2.3.0/chat.rules include $RULE_PATH /var/tmp/snort-2.3.0/multimedia.rules include $RULE_PATH /var/tmp/snort-2.3.0/p2p.rules include $RULE_PATH /var/tmp/snort-2.3.0/experimental.rules Thanks, Spencer ________________________________ From: Ron Jenkins [mailto:rjenkins () dibr net] Sent: Wednesday, February 09, 2005 12:28 PM To: Plantier, Spencer Subject: RE: [Snort-users] Running snort in IDS mode Is this Windows or Linux? Place the full path to the snort.conf and log directories? ________________________________ From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of Plantier, Spencer Sent: Wednesday, February 09, 2005 11:27 AM To: snort-users () lists sourceforge net Subject: [Snort-users] Running snort in IDS mode I tried running the following command and get the following error: snort -d -h 172.30.16.0/22 -l ./log -c snort.conf Running in IDS mode Log directory = ./log Initializing Network Interface hme0 --== Initializing Snort ==-- Initializing Output Plugins! Decoding Ethernet on interface hme0 Initializing Preprocessors! Initializing Plug-ins! Parsing Rules file snort.conf +++++++++++++++++++++++++++++++++++++++++++++++++++ Initializing rule chains... ERROR: unknown preprocessor "flow" Fatal Error, Quitting.. # Any help would be appreciated. Spencer Plantier System Network Administrator 301 Gregson Dr Cary, NC 27511 Office 919-379-8513 Cell 919-272-8833 spencer.plantier () stratech com
Current thread:
- Running snort in IDS mode Plantier, Spencer (Feb 09)
- <Possible follow-ups>
- RE: Running snort in IDS mode Ron Jenkins (Feb 09)
- RE: Running snort in IDS mode Plantier, Spencer (Feb 09)