Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: setting up snort for the first time

From: Mike Sweeney <wybnormal () spamcop net>
Date: Sat, 19 Oct 2002 18:39:01 -0700
I had this on my new install of version 1.9 and trying to use an older config file. While I am NOT an expert with 
Snort, there are differences between the snort.conf files. I started with a new snort.conf from the new rule set for 
1.9 and life has been good.

You did not specify which version of Snort you are using so this is an observation and with the hope it might be useful.

MikeS
www.packetattack.com

"he who has relied least on fortune is established the strongest" 
Machiavelli


Quoting Bob Dixon <bob.dixon () attbi com>:


I am following Steven Scott's pdf guide to setting up Snort, MySQL, and
ACID on Redhat 7.3. I am at the point where I have copied Steven's snort
startup script "snortd". When I run "snortd start", I get a response of
[OK], but a "ps -ef | grep snort" doesn't turn up the process. When I
try to run snort manually with the following command, here's what I get.
Any help is appreciated. Thanks...

[root@mars root]# snort -A full -c /etc/snort/snort.conf
Log directory = /var/log/snort

Initializing Network Interface eth0

        --== Initializing Snort ==--
Decoding Ethernet on interface eth0
Initializing Preprocessors!
Initializing Plug-ins!
Initializating Output Plugins!
Parsing Rules file /etc/snort/snort.conf

+++++++++++++++++++++++++++++++++++++++++++++++++++
Initializing rule chains...
No arguments to frag2 directive, setting defaults to:
    Fragment timeout: 60 seconds
    Fragment memory cap: 4194304 bytes
    Fragment min_ttl:   0
    Fragment ttl_limit: 5
    Fragment Problems: 0
Stream4 config:
    Stateful inspection: ACTIVE
    Session statistics: INACTIVE
    Session timeout: 30 seconds
    Session memory cap: 8388608 bytes
    State alerts: INACTIVE
    Evasion alerts: INACTIVE
    Scan alerts: ACTIVE
    Log Flushed Streams: INACTIVE
    MinTTL: 1
    TTL Limit: 5
No arguments to stream4_reassemble, setting defaults:
     Reassemble client: ACTIVE
     Reassemble server: INACTIVE
     Reassemble ports: 21 23 25 53 80 143 110 111 513
     Reassembly alerts: ACTIVE
     Reassembly method: FAVOR_OLD
ERROR /etc/snort/snort.conf(243) => Unknown argument to http_decode
preprocessor: "unicode"

___________________________________________


[root@mars root]# /etc/rc.d/init.d/snortd start
Starting snort: [  OK  ]
[root@mars root]# ps -ef | grep snort
[root@mars root]#



-------------------------------------------------------
This sf.net email is sponsored by:
Access Your PC Securely with GoToMyPC. Try Free Now
https://www.gotomypc.com/s/OSND/DD
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users



-------------------------------------------------------
This sf.net email is sponsored by:
Access Your PC Securely with GoToMyPC. Try Free Now
https://www.gotomypc.com/s/OSND/DD
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: