Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Snort-users digest, Vol 1 #4273 - 4 msgs

From: "Pedro Jorge Barradas" <pedro.barradas () cpp pt>
Date: Tue, 1 Jun 2004 13:35:13 +0100
Mark, in the snort.conf is a reference to the unicode file.

Like this:

preprocessor http_inspect: global \
    iis_unicode_map unicode.map 1252

My snort.conf file is located in /etc/snort
My rules files (including the unicode.map) is on /etc/snort/rules.
So, the lines in my snort.conf read like:

preprocessor http_inspect: global \
    iis_unicode_map rules/unicode.map 1252

If your case is similar, I think this will solve the problem.

BR


Message: 4
From: "Mark Wade" <mark-wade () comcast net>
To: <snort-users () lists sourceforge net>
Date: Mon, 31 May 2004 22:44:57 -0400
Subject: [Snort-users] Unknown rule type: iis_unicode_map

I am a new user to snort.  I am running Snort 2.1.0 Ruleset.  
I am trying to run snort in the NIDS mode and keep getting 
the same error:
ERROR: /etc/snort/snort.conf(285) => Unknown rule type: 
iis_unicode_map Fatal Error, Quitting..


After doing a bunch of research I found out that I have to install:
Unicode-Map-0.112.tar.gz, so I did, and did so successfully.  
After doing the install I still can not find the file 
iis_unicode_map.  I do have this
file: unicode.map located in my rules dir.  I have been 
looking into this for two days and I finally said its time to 
ask for help.

thanks, in advance.

Mark

*** AVISO ***
Esta mensagem é confidencial e dirigida apenas ao destinatário. Se a recebeu por erro solicitamos que o comunique ao 
remetente e a elimine assim como qualquer documento anexo. Não há renuncia à confidencialidade nem a nenhum privilégio 
devido a erro de transmissão.
Qualquer opinião expressa nesta mensagem pertence unicamente ao autor remetente, e não representa necessariamente a 
opinião do Grupo Totta, a não ser que expressamente se diga que o remetente está autorizado para o efectuar.
*** DISCLAIMER ***
This message is confidential and intended exclusively for the addressee. If you received this message by mistake please 
inform the sender and delete the message and attachments. No confidentiality nor any privilege regarding the 
information is waived or lost by any mistransmission.
Any views or opinions contained in this message are solely those of the author, and do not necessarily represent those 
of Grupo Totta, unless otherwise specifically stated and the sender is authorized to do so.
Previous By Date Next
Previous By Thread Next

Current thread: