Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Windows broken on snort.conf

From: "Seshaiah Erugu (serugu)" <serugu () cisco com>
Date: Wed, 26 Oct 2016 12:54:51 +0000
Hi Michale,

Geoffrey Serrao responded to your query. Please find the attachment.

Thanks,
Seshaiah Erugu.

From: Michael Steele [mailto:michaels () winsnort com]
Sent: Wednesday, October 26, 2016 6:11 PM
To: snort-devel () lists sourceforge net
Subject: [Snort-devel] Windows broken on snort.conf

I've asked about this before and have yet to get any response from the Development team.

The below line in the snort.conf breaks Windows because there is a missing library to decompress.

decompress_swf { deflate lzma } \

What do we need to do as Windows users so we don't lose this function?

Is there going to be a fix available soon, and are you looking into it?

Kindest regards,
Michael...
--- Begin Message --- From: Geoffrey Serrao <gserrao () sourcefire com>
Date: Fri, 21 Oct 2016 08:40:17 +0000
If you're using the 2983 conf like I am line 326 is:

decompress_pdf { deflate }


The error message can happen if liblzma (xz tools) is not installed on the system before running ./configure.

The stock conf includes enabled decompression so that error is generated if snort was compiled without lzma support - 
so snort can't continue.


On Thu, Oct 20, 2016 at 11:51 PM, Michael Steele <michaels () winsnort com<mailto:michaels () winsnort com>> wrote:


   Testing new installations of the snort.conf file using the –T switch on Windows. There seems to be a problem with 
line 325 & 326.



   It appears these two lines were recently added, and they break Windows.



   What is needed to make Windows compatible again?



   ------------------------------­---------------

         Gzip Compress Depth: 65535

         Gzip Decompress Depth: 65535

   ERROR: d:\winids\snort\etc\snort.­conf(326) => Invalid keyword '}' for server configuration.

   Fatal Error, Quitting..

   ------------------------------­---------------



   Line 324:  webroot no \

   Line 325: decompress_swf { deflate lzma } \

   Line 326: decompress_pdf { deflate }







   Best regards,

   Michael...




   ------------------------------­------------------------------­------------------
   Check out the vibrant tech community on one of the world's most
   engaging tech sites, SlashDot.org! http://sdm.link/slashdot
   ______________________________­_________________
   Snort-devel mailing list
   Snort-devel@lists.sourceforge.­net<mailto:Snort-devel () lists sourceforge net>
   https://lists.sourceforge.net/­lists/listinfo/snort-devel<https://lists.sourceforge.net/lists/listinfo/snort-devel>
   Archive:
   
http://sourceforge.net/­mailarchive/forum.php?forum_­name=snort-devel<http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel>

   Please visit http://blog.snort.org for the latest news about Snort!

Attachment: ATT00001.txt
Description: ATT00001.txt

Attachment: ATT00002.txt
Description: ATT00002.txt


--- End Message ---
------------------------------------------------------------------------------
The Command Line: Reinvented for Modern Developers
Did the resurgence of CLI tooling catch you by surprise?
Reconnect with the command line and become more productive. 
Learn the new .NET and ASP.NET CLI. Get your free copy!
http://sdm.link/telerik
_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel
Archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel

Please visit http://blog.snort.org for the latest news about Snort!
Previous By Date Next
Previous By Thread Next

Current thread: