Snort mailing list archives
Re: Snort 2.8.5.3 does not like default global telnet config??
From: Joel Esler <jesler () sourcefire com>
Date: Tue, 20 Apr 2010 20:28:39 -0700
Can you post your snort.conf? Of course sanitized for your protection. The ftp_telnet global config in my snort.conf is the following: preprocessor ftp_telnet: global \ encrypted_traffic yes \ inspection_type stateful J On Apr 20, 2010, at 7:12 PM, Joe Pampel wrote:
Hi and thanks! I think what you are saying is that snort.conf was not updated and has stale keywords? I did a diff between the one in the build folders and the production one and there are some interesting changes. Production one looked stale.. So I set up a new snort.conf based on the one in the install files and now it is still failing with the same error. At least I am consistent... It has the SSL config now which looks valid: (per Page #66-67 in manual) preprocessor ssl: noinspect_encrypted, trustservers When I try to run it, it still claims that: ....Portscan Detection Config: Detect Protocols: TCP UDP ICMP IP Detect Scan Type: portscan portsweep decoy_portscan distributed_portscan Sensitivity Level: Low Memcap (in bytes): 10000000 Number of Nodes: 36900 ERROR: /usr/local/etc/snort.conf(406) => Invalid keyword 'encrypted_traffic' for 'global' configuration. Fatal Error, Quitting.. MY-IDS@/usr/local/bin: I read the snort.conf file and looked at the manual again and I honestly don't see what else I would need to config to get it at least running. The defaults look like they should work without human intervention. should I go back to flipping burgers now? ;) On Apr 20, 2010, at 7:53 PM, Russell Fulton wrote:On 21/04/2010, at 11:12 AM, Joe Pampel wrote:Hi, I upgraded a sensor which was at Snort 2.8.4 to the new version 2.8.5.3 This is on Solaris 10, x86. I am logging remotely; there is no local mysql etc. It has been running snort stably for over a year now. Now when I try to run Snort, it chokes on the global telnet config, but there is nothing wrong with it - it is the default.nothing wrong with the telnet config -- what you are missing is the new ssl config. see README.ssl They have just added the new keywords to the rules. RThe information contained in this correspondence is intended solely for the person or entity entitled to receive the confidential and/or privileged material that it may contain. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, the information in this correspondence (including any attachments) by anyone other than the intended recipient is strictly prohibited. If you believe that you may not be the intended recipient, please destroy and/or delete this correspondence and the attachment(s). ------------------------------------------------------------------------------ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- Joel Esler ------------------------------------------------------------------------------ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort 2.8.5.3 does not like default global telnet config?? Joe Pampel (Apr 20)
- Re: Snort 2.8.5.3 does not like default global telnet config?? Russell Fulton (Apr 20)
- Re: Snort 2.8.5.3 does not like default global telnet config?? Joe Pampel (Apr 20)
- Re: Snort 2.8.5.3 does not like default global telnet config?? Joel Esler (Apr 20)
- Re: Snort 2.8.5.3 does not like default global telnet config?? Joe Pampel (Apr 20)
- Re: Snort 2.8.5.3 does not like default global telnet config?? Joe Pampel (Apr 20)
- Re: Snort 2.8.5.3 does not like default global telnet config?? Russell Fulton (Apr 20)