RE: nubie first attempt to start snort failed

["Jeff Dell" <jdell () activeworx com>]

http_decode was no longer supported around version 2.1. I am not sure what
all this stuff is on your IDS sensor, but in a typical install I would
suggest upgrading your snort installation to the latest version, currently
version 2.4.0.

Cheers,
Jeff

> -----Original Message-----
> From: snort-users-admin () lists sourceforge net 
> [mailto:snort-users-admin () lists sourceforge net] On Behalf Of 
> James Beistle
> Sent: Tuesday, September 13, 2005 12:38 AM
> To: snort-users () lists sourceforge net
> Subject: [Snort-users] nubie first attempt to start snort failed
>
> Unusual System Events
> =-=-=-=-=-=-=-=-=-=-=
> Sep 12 22:59:36 server1 snort: Initializing daemon mode 
> Sep 12 22:59:36 server1 kernel: device eth0 entered promiscuous mode
> Sep 12 22:59:36 server1 snort: PID path stat checked out ok, 
> PID path set to
> /var/run/ 
> Sep 12 22:59:36 server1 snort: Writing PID "11060" to file
> "/var/run//snort_eth0.pid" 
> Sep 12 22:59:36 server1 snort: Parsing Rules file /usr/bin/snort.conf 
> Sep 12 22:59:36 server1 snort: FATAL ERROR:  unknown preprocessor
> "http_decode" 
> Sep 12 22:59:36 server1 kernel: device eth0 left promiscuous mode
>
> Point me toward faqs or old messages that will help 
> Linux RH dedicated apache server with Plesk is my control pnl
> Running apf,bfd,portsentry,psad, almost snort 
> Snort shares rules with psad
>
> Had trouble accessing mysql because of Plesk /// no data base 
> implemented in
> the firewall logs or rules/confs
>
> Primary application is Php Nuke and html static pages
>
> Jim
>
>  
>  
>  
>  
>  
>
>
>
>
>
> -------------------------------------------------------
> SF.Net email is Sponsored by the Better Software Conference & EXPO
> September 19-22, 2005 * San Francisco, CA * Development 
> Lifecycle Practices
> Agile & Plan-Driven Development * Managing Projects & Teams * 
> Testing & QA
> Security * Process Improvement & Measurement * 
> http://www.sqe.com/bsce5sf
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=ort-users




-------------------------------------------------------
SF.Net email is Sponsored by the Better Software Conference & EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA
Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users