RE: Snort Beta v2.6

["Ron Jenkins" <rjenkins () dibr net>]

I got it to load with the following; thanks Jason:

 

/usr/local/bin/snort -e -i eth1 -d -c /etc/snort/snort.conf -l
/var/log/snort --dynamic-preprocessor-lib
/usr/local/lib/snort_dynamicpreprocessor/libsf_ftptelnet_preproc.so
--dynamic-preprocessor-lib
/usr/local/lib/snort_dynamicpreprocessor/libsf_smtp_preproc.so

 

 

Does anyone know what these messages refer too?

 

Warning: flowbits key 'http.jpeg' is checked but not ever set.

Warning: flowbits key 'ms_sql_seen_dns' is checked but not ever set.

Warning: flowbits key 'dce.bind.veritas' is set but not ever checked.

Warning: flowbits key 'netbios.lsass.bind.attempt' is checked but not
ever set.

Warning: flowbits key 'dce.isystemactivator.bind.call.attempt' is set
but not ever checked.

Warning: flowbits key 'trojan' is set but not ever checked.

Warning: flowbits key 'realplayer.playlist' is checked but not ever set.

 

Not Using PCAP_FRAMES

 

 

FYI...

It does that a minute or so to fully initialize.

 

Thanks...

 

-----Original Message-----
From: Jason Brvenik [mailto:jasonb () sourcefire com] 
Sent: Monday, March 20, 2006 6:52 PM
To: Ron Jenkins
Cc: snort-users () lists sourceforge net
Subject: Re: [Snort-users] Snort Beta v2.6

 

A few questions.

 

Did you build with --enable-dynamicplugin

Install using make install?

Ensure that the plugins are located in is valid for shared objects?

 

you can also use --dynamic-preprocessor-lib-dir on the command line to

specify the path the plugins are located in. There is a config file

param that will also work for this.

 

 

 

Ron Jenkins wrote:

> Is anyone else having these problems?

>

>  

>

>  

>

> / /

>

> /ERROR: /etc/snort/snort.conf(519) unknown preprocessor "ftp_telnet"

> Fatal Error, Quitting..

>

> ERROR: /etc/snort/snort.conf(523) unknown preprocessor

> "ftp_telnet_protocol"

> Fatal Error, Quitting..

>

> ERROR: /etc/snort/snort.conf(571) unknown preprocessor "smtp"

> Fatal Error, Quitting..

>

> Rule application order: ->activation->dynamic->pass->drop->alert->log

> Log directory = /var/log/snort

> Verifying Preprocessor Configurations!

> Warning: flowbits key 'trojan' is set but not ever checked.

> Warning: flowbits key 'dce.bind.veritas' is set but not ever checked.

> Warning: flowbits key 'dce.isystemactivator.bind.call.attempt' is set

> but not ever checked.

> Warning: flowbits key 'http.jpeg' is checked but not ever set.

> Warning: flowbits key 'realplayer.playlist' is checked but not ever
set.

> Warning: flowbits key 'ms_sql_seen_dns' is checked but not ever set.

> Warning: flowbits key 'netbios.lsass.bind.attempt' is checked but not

> ever set./

>

> / /

>

> / /

>

> /After  a short period of time snort exits with the following:

>

> Not Using PCAP_FRAMES/

>

>  

>

>  

>

> Also, the server drive becomes very busy.

>

>  

>

> Thanks...

>

>  

>

> Ron Jenkins (SnortCP, MCNE, CNE6, MCP, CCNA, CCEA)

> Senior Architect

> Data Integrity, LLC

> "We Integrate People with Solutions"

> 1724 Dallas Drive

> Suite 11

> Baton Rouge, La 70806

> Office. 225.927.8030

> Fax. 225.927.8033

> Cell225.931.1632

>

> Email. rjenkins () dibr net

> Web. http://www.dibr.net

>

> (Aanval Reseller and Technology Partner)

>

> http://www.aanval.com/tour/dibr

>

>  

>