Snort mailing list archives
Snort 1.8.7 with -z est|all switch fails to start
From: Dushyanth Harinath <dushy () symonds net>
Date: Fri, 12 Jul 2002 15:44:22 +0530
Hi folks,
Just downloaded and compiled Snort 1.8.7 on my slackware 8.0 machine
(Intel arch) with the options (--with-mysql --with-openssl --enable-debug).
Starting snort with -z switch quits with the error given below. It works
without the -z switch.
root@ghost /etc/snort> snort -v -c /etc/snort/rules/snort.conf -o -z all -T
snort.c:678: Parsing command line...
snort.c:698: Processing cmd line switch: v
snort.c:1158: Verbose Flag active
snort.c:698: Processing cmd line switch: c
snort.c:774: Config file = /etc/snort/rules/snort.conf, config dir =
/etc/snort/rules/
snort.c:698: Processing cmd line switch: o
snort.c:1020: Rule application order changed to Pass->Alert->Log
snort.c:698: Processing cmd line switch: z
snort.c:698: Processing cmd line switch: T
snort.c:1105: Snort starting in test mode...
snort.c:1244: pcap_cmd is all
Log directory = /var/log/snort
snort.c:172: Opening interface: eth0
Initializing Network Interface eth0
snaplength info: set=1514/compiled=1514/wanted=0
ERROR: OpenPcap() FSM compilation failed:
parse error
PCAP command: all
Fatal Error, Quitting..
libpcap version is 0.6.1. Using stable rules not snortcurrent.
<snippets snort.conf>
output log_tcpdump: snort.log
output alert_full: /var/log/snort/snort_full
output alert_fast: /var/log/snort/snort_fast
output alert_full: snort_full
output alert_fast: snort_fast
output database: alert, mysql, user=snort password=* dbname=snort host=localhost
preprocessor frag2
preprocessor stream4: detect_scans keepstats binary
preprocessor stream4_reassemble
preprocessor http_decode: 80 -unicode -cginull
preprocessor rpc_decode: 111 32771
preprocessor bo
preprocessor telnet_decode
preprocessor portscan: $HOME_NET 4 3 portscan.log
Snort 1.8.6 works perfectly fine with the same snort.conf.
Any more info , please let me know..
TIA
dushyanth
--
To err is human...to really foul up requires the root password.
http://symonds.net/~dushy
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Gadgets, caffeine, t-shirts, fun stuff.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort 1.8.7 with -z est|all switch fails to start Dushyanth Harinath (Jul 12)
- Re: Snort 1.8.7 with -z est|all switch fails to start Erek Adams (Jul 12)
- Re: Snort 1.8.7 with -z est|all switch fails to start Dushyanth Harinath (Jul 12)
- Re: Snort 1.8.7 with -z est|all switch fails to start Erek Adams (Jul 12)