Snort mailing list archives

RE: Running snort in IDS mode

From: "Plantier, Spencer" <spencer.plantier () stratech com>
Date: Wed, 9 Feb 2005 13:11:30 -0500
It seems like this is the problem:

 

 

preprocessor flow: stats_interval 0 hash 2

 

Thanks,

 

 

Spencer

________________________________

From: Ron Jenkins [mailto:rjenkins () dibr net] 
Sent: Wednesday, February 09, 2005 12:34 PM
To: Plantier, Spencer
Cc: snort-users
Subject: RE: [Snort-users] Running snort in IDS mode

 

This is not the snort.conf file.

 

Also, the load line should look something like:

 

snort -e -d -D -c /etc/snort/snort.conf -l /var/log/snort

 

________________________________

From: Plantier, Spencer [mailto:spencer.plantier () stratech com] 
Sent: Wednesday, February 09, 2005 11:35 AM
To: Ron Jenkins
Subject: RE: [Snort-users] Running snort in IDS mode

 

My snort.conf file

 

nclude $RULE_PATH /var/tmp/snort-2.3.0/rules/local.rules

include $RULE_PATH /var/tmp/snort-2.3.0/bad-traffic.rules

include $RULE_PATH /var/tmp/snort-2.3.0/exploit.rules

include $RULE_PATH /var/tmp/snort-2.3.0/scan.rules

include $RULE_PATH /var/tmp/snort-2.3.0/finger.rules

include $RULE_PATH /var/tmp/snort-2.3.0/ftp.rules

include $RULE_PATH /var/tmp/snort-2.3.0/telnet.rules

include $RULE_PATH /var/tmp/snort-2.3.0/rpc.rules

include $RULE_PATH /var/tmp/snort-2.3.0/rservices.rules

include $RULE_PATH /var/tmp/snort-2.3.0/dos.rules

include $RULE_PATH /var/tmp/snort-2.3.0/ddos.rules

include $RULE_PATH /var/tmp/snort-2.3.0/dns.rules

include $RULE_PATH /var/tmp/snort-2.3.0/tftp.rules

 

include $RULE_PATH /var/tmp/snort-2.3.0/web-cgi.rules

include $RULE_PATH /var/tmp/snort-2.3.0/web-coldfusion.rules

include $RULE_PATH /var/tmp/snort-2.3.0/web-iis.rules

include $RULE_PATH /var/tmp/snort-2.3.0/web-frontpage.rules

include $RULE_PATH /var/tmp/snort-2.3.0/web-misc.rules

include $RULE_PATH /var/tmp/snort-2.3.0/web-client.rules

include $RULE_PATH /var/tmp/snort-2.3.0/web-php.rules

 

include $RULE_PATH /var/tmp/snort-2.3.0/sql.rules

include $RULE_PATH /var/tmp/snort-2.3.0/x11.rules

include $RULE_PATH /var/tmp/snort-2.3.0/icmp.rules

include $RULE_PATH /var/tmp/snort-2.3.0/netbios.rules

include $RULE_PATH /var/tmp/snort-2.3.0/misc.rules

include $RULE_PATH /var/tmp/snort-2.3.0/attack-responses.rules

include $RULE_PATH /var/tmp/snort-2.3.0/oracle.rules

include $RULE_PATH /var/tmp/snort-2.3.0/mysql.rules

include $RULE_PATH /var/tmp/snort-2.3.0/snmp.rules

 

include $RULE_PATH /var/tmp/snort-2.3.0/smtp.rules

include $RULE_PATH /var/tmp/snort-2.3.0/imap.rules

include $RULE_PATH /var/tmp/snort-2.3.0/pop2.rules

include $RULE_PATH /var/tmp/snort-2.3.0/pop3.rules

 

include $RULE_PATH /var/tmp/snort-2.3.0/nntp.rules

include $RULE_PATH /var/tmp/snort-2.3.0/other-ids.rules

include $RULE_PATH /var/tmp/snort-2.3.0/web-attacks.rules

include $RULE_PATH /var/tmp/snort-2.3.0/backdoor.rules

include $RULE_PATH /var/tmp/snort-2.3.0/shellcode.rules

include $RULE_PATH /var/tmp/snort-2.3.0/policy.rules

include $RULE_PATH /var/tmp/snort-2.3.0/porn.rules

include $RULE_PATH /var/tmp/snort-2.3.0/info.rules

include $RULE_PATH /var/tmp/snort-2.3.0/icmp-info.rules

include $RULE_PATH /var/tmp/snort-2.3.0/virus.rules

include $RULE_PATH /var/tmp/snort-2.3.0/chat.rules

include $RULE_PATH /var/tmp/snort-2.3.0/multimedia.rules

include $RULE_PATH /var/tmp/snort-2.3.0/p2p.rules

include $RULE_PATH /var/tmp/snort-2.3.0/experimental.rules

 

Thanks,

 

 

Spencer

________________________________

From: Ron Jenkins [mailto:rjenkins () dibr net] 
Sent: Wednesday, February 09, 2005 12:28 PM
To: Plantier, Spencer
Subject: RE: [Snort-users] Running snort in IDS mode

 

Is this Windows or Linux?

 

Place the full path to the snort.conf and log directories?

 

 

 

________________________________

From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of Plantier,
Spencer
Sent: Wednesday, February 09, 2005 11:27 AM
To: snort-users () lists sourceforge net
Subject: [Snort-users] Running snort in IDS mode

 

I tried running the following command and get the following error:

snort -d -h 172.30.16.0/22 -l ./log -c snort.conf

Running in IDS mode

Log directory = ./log

Initializing Network Interface hme0

        --== Initializing Snort ==--

Initializing Output Plugins!

Decoding Ethernet on interface hme0

Initializing Preprocessors!

Initializing Plug-ins!

Parsing Rules file snort.conf

+++++++++++++++++++++++++++++++++++++++++++++++++++

Initializing rule chains...

ERROR:  unknown preprocessor "flow"

Fatal Error, Quitting..

#

Any help would be appreciated. 

Spencer Plantier

System Network Administrator

 

301 Gregson Dr

Cary, NC  27511

Office 919-379-8513

Cell    919-272-8833

spencer.plantier () stratech com
Current thread:

Running snort in IDS mode Plantier, Spencer (Feb 09)
- <Possible follow-ups>
- RE: Running snort in IDS mode Ron Jenkins (Feb 09)
- RE: Running snort in IDS mode Plantier, Spencer (Feb 09)