Fwd: Snort Configuration Problem

[Sujoy Ghosh <sujoyghosh297 () gmail com>]

Hi Micheal,
Thanks for your reply.

I checked the line 328 earlier but could not figure what i need to change.

    http_methods { GET POST PUT SEARCH MKCOL COPY MOVE LOCK UNLOCK NOTIFY
POLL BCOPY BDELETE BMOVE LINK UNLINK OPTIONS HEAD DELETE TRACE TRACK
CONNECT SOURCE SUBSCRIBE UNSUBSCRIBE PROPFIND PROPPATCH BPROPFIND
BPROPPATCH RPC_CONNECT PROXY_SUCCESS BITS_POST CCM_POST SMS_POST
RPC_IN_DATA RPC_OUT_DATA RPC_ECHO_DATA } \
    chunk_length 500000 \
    server_flow_depth 0 \
    client_flow_depth 0 \
    post_depth 65495 \
    oversize_dir_length 500 \
    max_header_length 750 \
    max_headers 100 \
    max_spaces 200 \
    small_chunk_length { 10 5 } \
    ports { 80 81 311 591 593 901 1220 1414 1741 1830 2301 2381 2809 3128
3702 4343 4848 5250 7001 7145 7510 7777 7779 8000 8008 8014 8028 8080 8088
8090 8118 8123 8180 8181 8243 8280 8800 8888 8899 9080 9090 9091 9443 9999
11371 55555 } \
    non_rfc_char { 0x00 0x01 0x02 0x03 0x04 0x05 0x06 0x07 } \
    enable_cookie \
    extended_response_inspection \
    inspect_gzip \
    normalize_utf \
    unlimited_decompress \
    normalize_javascript \
    apache_whitespace no \
    ascii no \
    bare_byte no \
    directory no \
    double_decode no \
    iis_backslash no \
    iis_delimiter no \
    iis_unicode no \
    multi_slash no \
    utf_8 no \
    u_encode yes \
    webroot no ----> LINE 328

Looking forward to your reply.

Best Regards,
Sujoy


On Fri, Jun 29, 2012 at 9:17 PM, Michael Steele <michaels () winsnort com>wrote:

> Look at line 328 in your snort.conf and adjust the max request between 1
> and 7.****
>
> ** **
>
> Kindest regards,****
>
> Michael...****
>
> ** **
>
> WINSNORT.com Management Team Member****
>
> --****
>
> ****************** Established ~ 2001 ***********************
>
> *          Visit Us @ http://www.winsnort.com           *****
>
> *      ~~ FREE WinIDS Snort installation guides ~~      *****
>
> *               ~~ FREE support forums ~~               *****
>
> * Snort: Open Source Network IDS - http://www.snort.org *****
>
> *************************************************************
>
> ** **
>
> *From:* Sujoy Ghosh [mailto:sujoyghosh297 () gmail com]
> *Sent:* Friday, June 29, 2012 11:41 AM
> *To:* Snort-users () lists sourceforge net
> *Subject:* [Snort-users] Snort Configuration Problem****
>
> ** **
>
> I am using snort 2.9.1.2 and facing an issue with the configuration. While
> running it, the following is the error:
>
> HttpInspect Config:
> GLOBAL CONFIG
> Max Pipeline Requests: 0
> Inspection Type: STATELESS
> Detect Proxy Usage: NO
> IIS Unicode Map Filename: /etc/snort/unicode.map
> IIS Unicode Map Codepage: 1252
> Memcap used for logging URI and Hostname: 150994944
> Max Gzip Memory: 838860
> Max Gzip Sessions: 6
> Gzip Compress Depth: 65535
> Gzip Decompress Depth: 65535
> ERROR: /etc/snort/snort.conf(328) => Length of the http request method
> shoould not exceed the max request method length of '7'.
> Fatal Error, Quitting..
>
> Please help resolve. ****
>
> ** **
>
> Thanks,****
>
> Sujoy****
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!