Re: Unknown argument to http_decode preprocessor:

[Andreas Östling <andreaso () it su se>]

On Mon, 12 Aug 2002, Augustinho Catto wrote:

> Hi,
> Excuse me, I am a newbie but I think something is wrong becouse I
> downloaded a "stable" version of signatures. I used oinkmaster.pl
> and It was started from my cron to perform download from:
> url = http://www.snort.org/dl/signatures/snortrules.tar.gz

In snort.conf from the above url, the http_decode line
says "preprocessor http_decode: 80 -unicode -cginull", which works with
the 1.8 branch of snort. Your line is from the -current version of the
rules, which is not to be used with the 1.8 branch of snort.

The problem may be that you first had the -current rules and then
"updated" them to the stable version. By default, Oinkmaster does not
update snort.conf (for reasons mentioned in its README).
Or maybe you're simply pointing to the wrong snort.conf when starting
snort?

/Andreas



-------------------------------------------------------
This sf.net email is sponsored by: Dice - The leading online job board
for high-tech professionals. Search and apply for tech jobs today!
http://seeker.dice.com/seeker.epl?rel_code=31
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users