Snort mailing list archives
RE: nubie first attempt to start snort failed
From: "Jeff Dell" <jdell () activeworx com>
Date: Tue, 13 Sep 2005 01:26:36 -0400
http_decode was no longer supported around version 2.1. I am not sure what all this stuff is on your IDS sensor, but in a typical install I would suggest upgrading your snort installation to the latest version, currently version 2.4.0. Cheers, Jeff
-----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of James Beistle Sent: Tuesday, September 13, 2005 12:38 AM To: snort-users () lists sourceforge net Subject: [Snort-users] nubie first attempt to start snort failed Unusual System Events =-=-=-=-=-=-=-=-=-=-= Sep 12 22:59:36 server1 snort: Initializing daemon mode Sep 12 22:59:36 server1 kernel: device eth0 entered promiscuous mode Sep 12 22:59:36 server1 snort: PID path stat checked out ok, PID path set to /var/run/ Sep 12 22:59:36 server1 snort: Writing PID "11060" to file "/var/run//snort_eth0.pid" Sep 12 22:59:36 server1 snort: Parsing Rules file /usr/bin/snort.conf Sep 12 22:59:36 server1 snort: FATAL ERROR: unknown preprocessor "http_decode" Sep 12 22:59:36 server1 kernel: device eth0 left promiscuous mode Point me toward faqs or old messages that will help Linux RH dedicated apache server with Plesk is my control pnl Running apf,bfd,portsentry,psad, almost snort Snort shares rules with psad Had trouble accessing mysql because of Plesk /// no data base implemented in the firewall logs or rules/confs Primary application is Php Nuke and html static pages Jim ------------------------------------------------------- SF.Net email is Sponsored by the Better Software Conference & EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=ort-users
------------------------------------------------------- SF.Net email is Sponsored by the Better Software Conference & EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- nubie first attempt to start snort failed James Beistle (Sep 12)
- RE: nubie first attempt to start snort failed Jeff Dell (Sep 12)