Snort mailing list archives
Re: Snort-users Digest, Vol 127, Issue 7
From: 金欣 <jinx_nj () 163 com>
Date: Sat, 3 Dec 2016 07:56:18 +0800 (GMT+08:00)
Do not send me again 发自网易邮箱大师 On 12/02/2016 20:19, snort-users-request wrote: Send Snort-users mailing list submissions to snort-users () lists sourceforge net To subscribe or unsubscribe via the World Wide Web, visit https://lists.sourceforge.net/lists/listinfo/snort-users or, via email, send a message with subject or body 'help' to snort-users-request () lists sourceforge net You can reach the person managing the list at snort-users-owner () lists sourceforge net When replying, please edit your Subject line so it is more specific than "Re: Contents of Snort-users digest..." When responding, please don't respond with the entire Digest. Please trim your response. Today's Topics: 1. Re: Any Good Books out there? (wkitty42 () windstream net) 2. ERROR size 1240 != 864 (Gurram Vinay) 3. Re: ERROR size 1240 != 864 (Y M) 4. Re: ERROR size 1240 != 864 (Joel Esler (jesler)) 5. Re: ERROR size 1240 != 864 (Y M) ---------------------------------------------------------------------- Message: 1 Date: Thu, 1 Dec 2016 19:57:23 -0500 From: wkitty42 () windstream net Subject: Re: [Snort-users] Any Good Books out there? To: snort-users () lists sourceforge net Message-ID: <36cf4d5a-8ae6-8056-55a7-3846ab529501 () windstream net> Content-Type: text/plain; charset=utf-8; format=flowed On 12/01/2016 05:04 PM, Justin Pederson wrote:
I just went through the Manual on the Reputation Preprocessor area and still having the same issues. I created a text file called white.list. On the snort.conf file in line 113 I have the variable listed correctly and verified it is called upon in line 511. I am running snort on windows any idea on why the IP is still in the alerts? File name is white.list (location c:\Snort\Rules\) Line 113 var WHITE_LIST_PATH c:\Snort\Rules Line 511 $WHITE_LIST_PATH\white.list, \
you still need to post your config file as i noted and pointed out in email... your config may not be the same as everyone else's... your line numbers don't mean anything outside of your configuration which is why we need to see your conf file ;) -- NOTE: No off-list assistance is given without prior approval. *Please keep mailing list traffic on the list* unless private contact is specifically requested and granted. ------------------------------ Message: 2 Date: Fri, 2 Dec 2016 15:34:45 +0530 From: Gurram Vinay <gurramvinayiiit () gmail com> Subject: [Snort-users] ERROR size 1240 != 864 To: Snort-users () lists sourceforge net Message-ID: <CALFqm54DUQOgC1fsxLnTKPoAVzSm7Hr=PzRD23ZoT29tJ2iS_Q () mail gmail com> Content-Type: text/plain; charset="utf-8" Hello everyone, I am newbie to snort , I am having trouble in below error, $ sudo snort -q -A console -i eth0 -c /etc/snort/snort.conf ERROR size 1240 != 864 ERROR: Failed to initialize dynamic preprocessor: SF_REPUTATION version 1.1.1 (-2) Fatal Error, Quitting.. -- Thanks & Best regards, VINAY GURRAM -------------- next part -------------- An HTML attachment was scrubbed... ------------------------------ Message: 3 Date: Fri, 2 Dec 2016 10:14:54 +0000 From: Y M <snort () outlook com> Subject: Re: [Snort-users] ERROR size 1240 != 864 To: "snort-users () lists sourceforge net" <snort-users () lists sourceforge net> Message-ID: <CY1PR17MB0170A7C6D38A4A2186B93FC5A88E0 () CY1PR17MB0170 namprd17 prod outlook com> Content-Type: text/plain; charset="us-ascii" Make sure that Snort's shared objects match the intended version of Snort. It looks like your are using shared objects not complied against the Snort version you are are running. Usually this happens during Snort upgrades when one forgets to copy the shared objects that ship with upgrade code of Snort. This also may happen when an older Snort version may have been installed through repo and then upgraded through source code compilation. Either ways, make sure sure that shared objects in use the ones that come with the version of Snort you are running. YM On Fri, Dec 2, 2016 at 1:07 PM +0300, "Gurram Vinay" <gurramvinayiiit () gmail com<mailto:gurramvinayiiit () gmail com>> wrote: Hello everyone, I am newbie to snort , I am having trouble in below error, $ sudo snort -q -A console -i eth0 -c /etc/snort/snort.conf ERROR size 1240 != 864 ERROR: Failed to initialize dynamic preprocessor: SF_REPUTATION version 1.1.1 (-2) Fatal Error, Quitting.. -- Thanks & Best regards, VINAY GURRAM -------------- next part -------------- An HTML attachment was scrubbed... ------------------------------ Message: 4 Date: Fri, 2 Dec 2016 12:11:54 +0000 From: "Joel Esler (jesler)" <jesler () cisco com> Subject: Re: [Snort-users] ERROR size 1240 != 864 To: Y M <snort () outlook com> Cc: "snort-users () lists sourceforge net" <snort-users () lists sourceforge net> Message-ID: <EE870BAD-AECE-4F6A-A7FA-C5611588CE6E () cisco com> Content-Type: text/plain; charset="us-ascii" Close. But in this case it's not the shared objects. It's the preprocessors. You have to remove the old preprocessors before you install a new version of Snort. -- Sent from my iPhone On Dec 2, 2016, at 5:17 AM, Y M <snort () outlook com<mailto:snort () outlook com>> wrote: Make sure that Snort's shared objects match the intended version of Snort. It looks like your are using shared objects not complied against the Snort version you are are running. Usually this happens during Snort upgrades when one forgets to copy the shared objects that ship with upgrade code of Snort. This also may happen when an older Snort version may have been installed through repo and then upgraded through source code compilation. Either ways, make sure sure that shared objects in use the ones that come with the version of Snort you are running. YM On Fri, Dec 2, 2016 at 1:07 PM +0300, "Gurram Vinay" <gurramvinayiiit () gmail com<mailto:gurramvinayiiit () gmail com>> wrote: Hello everyone, I am newbie to snort , I am having trouble in below error, $ sudo snort -q -A console -i eth0 -c /etc/snort/snort.conf ERROR size 1240 != 864 ERROR: Failed to initialize dynamic preprocessor: SF_REPUTATION version 1.1.1 (-2) Fatal Error, Quitting.. -- Thanks & Best regards, VINAY GURRAM ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org<http://SlashDot.org>! http://sdm.link/slashdot _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net<mailto:Snort-users () lists sourceforge net> Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news! -------------- next part -------------- An HTML attachment was scrubbed... ------------------------------ Message: 5 Date: Fri, 2 Dec 2016 12:19:35 +0000 From: Y M <snort () outlook com> Subject: Re: [Snort-users] ERROR size 1240 != 864 To: "Joel Esler (jesler)" <jesler () cisco com> Cc: "snort-users () lists sourceforge net" <snort-users () lists sourceforge net> Message-ID: <CY1PR17MB017012EC274A7BC38472FECFA88E0 () CY1PR17MB0170 namprd17 prod outlook com> Content-Type: text/plain; charset="us-ascii" Aaah, this is the cost of reading without actually reading. Thanks for the correction. YM On Fri, Dec 2, 2016 at 3:11 PM +0300, "Joel Esler (jesler)" <jesler () cisco com<mailto:jesler () cisco com>> wrote: Close. But in this case it's not the shared objects. It's the preprocessors. You have to remove the old preprocessors before you install a new version of Snort. -- Sent from my iPhone On Dec 2, 2016, at 5:17 AM, Y M <snort () outlook com<mailto:snort () outlook com>> wrote: Make sure that Snort's shared objects match the intended version of Snort. It looks like your are using shared objects not complied against the Snort version you are are running. Usually this happens during Snort upgrades when one forgets to copy the shared objects that ship with upgrade code of Snort. This also may happen when an older Snort version may have been installed through repo and then upgraded through source code compilation. Either ways, make sure sure that shared objects in use the ones that come with the version of Snort you are running. YM On Fri, Dec 2, 2016 at 1:07 PM +0300, "Gurram Vinay" <gurramvinayiiit () gmail com<mailto:gurramvinayiiit () gmail com>> wrote: Hello everyone, I am newbie to snort , I am having trouble in below error, $ sudo snort -q -A console -i eth0 -c /etc/snort/snort.conf ERROR size 1240 != 864 ERROR: Failed to initialize dynamic preprocessor: SF_REPUTATION version 1.1.1 (-2) Fatal Error, Quitting.. -- Thanks & Best regards, VINAY GURRAM ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org<http://SlashDot.org>! http://sdm.link/slashdot _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net<mailto:Snort-users () lists sourceforge net> Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news! -------------- next part -------------- An HTML attachment was scrubbed... ------------------------------ ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot ------------------------------ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-users End of Snort-users Digest, Vol 127, Issue 7 *******************************************
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Re: Snort-users Digest, Vol 127, Issue 7 金欣 (Dec 02)
- Re: Snort-users Digest, Vol 127, Issue 7 Joel Esler (jesler) (Dec 02)