Snort mailing list archives
Snort ids fatal error
From: "taree ahmed" <tareeahmed () gmail com>
Date: Thu, 8 Mar 2007 16:24:54 +0500
Hi, Dear team, could you please provide any clue in this regard .Detail is as follows : whenever i try to run startup script for snort which is located in : cd /etc/init.d/ , it doesnot start snort ./snort start Starting Intrusion Database System: SNORT no service is starting as confirmed from : ps -ax | grep snort if we further scrutinize to "cat snort", following command gives error : $SNORT_PATH/snort -c $CONFIG -i $IFACE -g $SNORT_GID $OPTIONS what this command does is as follows : snort -c /etc/snort/snort.conf -i eth0 -g snort -D The output of this command is as follows : ------------------------------------------------------------------------------------------------------ [root@localhost bin]# snort -c /etc/snort/snort.conf -i eth0 -g snort Running in IDS mode Log directory = /var/log/snort Initializing Network Interface eth0 --== Initializing Snort ==-- Initializing Output Plugins! Decoding Ethernet on interface eth0 Initializing Preprocessors! Initializing Plug-ins! Parsing Rules file /etc/snort/snort.conf +++++++++++++++++++++++++++++++++++++++++++++++++++ Initializing rule chains... ,-----------[Flow Config]---------------------- | Stats Interval: 0 | Hash Method: 2 | Memcap: 10485760 | Rows : 4099 | Overhead Bytes: 16400(%0.16) `---------------------------------------------- No arguments to frag2 directive, setting defaults to: Fragment timeout: 60 seconds Fragment memory cap: 4194304 bytes Fragment min_ttl: 0 Fragment ttl_limit: 5 Fragment Problems: 0 Self preservation threshold: 500 Self preservation period: 90 Suspend threshold: 1000 Suspend period: 30 Stream4 config: Stateful inspection: ACTIVE Session statistics: INACTIVE Session timeout: 30 seconds Session memory cap: 8388608 bytes State alerts: INACTIVE Evasion alerts: INACTIVE Scan alerts: INACTIVE Log Flushed Streams: INACTIVE MinTTL: 1 TTL Limit: 5 Async Link: 0 State Protection: 0 Self preservation threshold: 50 Self preservation period: 90 Suspend threshold: 200 Suspend period: 30 Stream4_reassemble config: Server reassembly: INACTIVE Client reassembly: ACTIVE Reassembler alerts: ACTIVE Zero out flushed packets: INACTIVE flush_data_diff_size: 500 Ports: 21 23 25 53 80 110 111 143 513 1433 Emergency Ports: 21 23 25 53 80 110 111 143 513 1433 ERROR: /etc/snort/snort.conf(285) => Invalid file name for IIS Unicode Map file. Fatal Error, Quitting.. ----------------------------------------------------------------------------------------------------------------------- Now, if we read line#285 of snort.conf as indicated by error , it points to unicode.map line#284: preprocessor http_inspect: global \ line#285: iis_unicode_map unicode.map 1252 unicode.map is located in cd ~/snort-2.1.2/etc and there seems nothing wrong with this file. can you help me figure out problem ? thanks. tariq ahmad ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort ids fatal error taree ahmed (Mar 08)
- Re: Snort ids fatal error Patrick S. Harper (Mar 08)
- Re: Snort ids fatal error Joel Esler (Mar 08)
- Re: Snort ids fatal error Patrick S. Harper (Mar 08)