Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Error while parsing

From: ecmproute <ecmproute () gmail com>
Date: Thu, 22 Dec 2005 10:26:25 +0530
Hello,
I am using snort 2.3.x
After loading the latest signature file for snort-2.3, I am getting a parser
error:
        --== Initializing Snort ==--
Checking PID path...
Writing PID "15854" to file "/var/run//snort.pid"
Decoding LoopBack on interface (null)
Initializing Preprocessors!
Initializing Plug-ins!
Parsing Rules file ./snort.conf

+++++++++++++++++++++++++++++++++++++++++++++++++++
Initializing rule chains.........................
Stream4 config:
    Stateful inspection: ACTIVE
    Session statistics: INACTIVE
    Session timeout: 30 seconds
    Session memory cap: 8388608 bytes
    State alerts: INACTIVE
    Evasion alerts: INACTIVE
    Scan alerts: INACTIVE
    Log Flushed Streams: INACTIVE
    MinTTL: 1
    TTL Limit: 5
    Async Link: 0
    State Protection: 0
    Self preservation threshold: 50
    Self preservation period: 90
    Suspend threshold: 200
    Suspend period: 30
    Enforce TCP State: INACTIVE
    Midstream Drop Alerts: INACTIVE

Stream4_reassemble config:
    Server reassembly: INACTIVE
    Client reassembly: ACTIVE
    Reassembler alerts: ACTIVE
    Zero out flushed packets: INACTIVE
    flush_data_diff_size: 500
    Ports: 21 23 25 53 80 110 111 143 513 1433 5119 9215 13311 17407
21503 25599 29695 33791 37887 41983 46079 ...
Terminated
+ ERR=143
+ [ 143 != 0 ]

The 143 is the error code returned to me from snort-parser when run from a
shell script.
Also, I have added the following lines in snort.conf:
+config flowbits_size: 256
preprocessor flow: stats_interval 0 hash 2
.....
Can you help me out on this?

Thanks & regards,
Arindam Roy

--
Confused about which path to take in life?


-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_idv37&alloc_id865&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: