Snort mailing list archives

Previous By Date Next
Previous By Thread Next

setting up snort for the first time

From: "Bob Dixon" <bob.dixon () attbi com>
Date: Sat, 19 Oct 2002 14:42:35 -0400
I am following Steven Scott's pdf guide to setting up Snort, MySQL, and
ACID on Redhat 7.3. I am at the point where I have copied Steven's snort
startup script "snortd". When I run "snortd start", I get a response of
[OK], but a "ps -ef | grep snort" doesn't turn up the process. When I
try to run snort manually with the following command, here's what I get.
Any help is appreciated. Thanks...

[root@mars root]# snort -A full -c /etc/snort/snort.conf
Log directory = /var/log/snort

Initializing Network Interface eth0

        --== Initializing Snort ==--
Decoding Ethernet on interface eth0
Initializing Preprocessors!
Initializing Plug-ins!
Initializating Output Plugins!
Parsing Rules file /etc/snort/snort.conf

+++++++++++++++++++++++++++++++++++++++++++++++++++
Initializing rule chains...
No arguments to frag2 directive, setting defaults to:
    Fragment timeout: 60 seconds
    Fragment memory cap: 4194304 bytes
    Fragment min_ttl:   0
    Fragment ttl_limit: 5
    Fragment Problems: 0
Stream4 config:
    Stateful inspection: ACTIVE
    Session statistics: INACTIVE
    Session timeout: 30 seconds
    Session memory cap: 8388608 bytes
    State alerts: INACTIVE
    Evasion alerts: INACTIVE
    Scan alerts: ACTIVE
    Log Flushed Streams: INACTIVE
    MinTTL: 1
    TTL Limit: 5
No arguments to stream4_reassemble, setting defaults:
     Reassemble client: ACTIVE
     Reassemble server: INACTIVE
     Reassemble ports: 21 23 25 53 80 143 110 111 513
     Reassembly alerts: ACTIVE
     Reassembly method: FAVOR_OLD
ERROR /etc/snort/snort.conf(243) => Unknown argument to http_decode
preprocessor: "unicode"

___________________________________________


[root@mars root]# /etc/rc.d/init.d/snortd start
Starting snort: [  OK  ]
[root@mars root]# ps -ef | grep snort
[root@mars root]#



-------------------------------------------------------
This sf.net email is sponsored by:
Access Your PC Securely with GoToMyPC. Try Free Now
https://www.gotomypc.com/s/OSND/DD
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: