Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: snort.conf problem: i think

From: Matt Kettler <mkettler () evi-inc com>
Date: Fri, 25 Jan 2002 16:09:54 -0500
It looks like you're using a rather old version of snort (1.7), with a fairly new rules file.. Upgrade to a 1.8.x version of snort and you should be fine. 

-*> Snort! <*-
Version 1.7-WIN32
As a side note, this is a list with several text/shell-mode UNIX users on it. If you want to reach all of the people that can help you try not to use colorized, stylized, HTML mail, such emails become illegible to the ones using simple text readers. (yes my mailer does add a HTML tag at the top, but it doesn't add 5 tags per line resetting the font face, color and size constantly like several unnamed mailing products do).
My mailer can read HTML mail, but even in my case I find colored-text email to be generally harder to read than the defaults I've set. Which isn't a surprise as I carefully chose the defaults to match the size, color and contrast I find easiest on my eyes. (ie: bright blue text is much harder for me to stare at than my default black on dull-off-white, but at least it's not bright red on white in 6pt arial. ugh!) 

(I've attempted to de-html this.)
At 03:16 PM 1/25/2002 -0500, Kevin Moker wrote:
Can someone tell me what I am doing wrong? I am running snort on win2k (yeah, I know, that's my first mistake) and need to figure out why the following error is coming up. I am new to snort and I am having some difficulties with it. 

Here is the error:

C:\snort>snort -dev -l c:\inetpub\wwwroot\Logs -h 10.0.0.13/24 -c snort.conf

        --== Initializing Snort ==--
Initializing Network Interface \Device\Packet_{A4B3B48F-2737-45FB-82D6-D79E5EA5C55D} Decoding Ethernet on interface \Device\Packet_{A4B3B48F-2737-45FB-82D6-D79E5EA5C55D} 
Initializing Preprocessors!
Initializing Plug-ins!
Initializating Output Plugins!

+++++++++++++++++++++++++++++++++++++++++++++++++++
Initializing rule chains...

*WARNING*: unknown preprocessor "frag2", ignoring!


*WARNING*: unknown preprocessor "stream4", ignoring!


*WARNING*: unknown preprocessor "stream4_reassemble", ignoring!


*WARNING*: unknown preprocessor "rpc_decode", ignoring!


*WARNING*: unknown preprocessor "bo", ignoring!


*WARNING*: unknown preprocessor "telnet_decode", ignoring!

Using LOCAL time
Error: Unknown config: classification

This command works:

C:\snort>snort -dev -l c:\inetpub\wwwroot\Logs -h 10.0.0.13/24

        --== Initializing Snort ==--
Initializing Network Interface \Device\Packet_{A4B3B48F-2737-45FB-82D6-D79E5EA5C55D} Decoding Ethernet on interface \Device\Packet_{A4B3B48F-2737-45FB-82D6-D79E5EA5C55D} 

        --== Initialization Complete ==--

-*> Snort! <*-
Version 1.7-WIN32
By Martin Roesch (roesch () clark net, www.snort.org)
WIN32 Port By Michael Davis (mike () datanerds net, www.datanerds.net/~mike)
This is why I think it's the conf file but I don't have enough knowledge yet on this. Can someone help? 


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: