Snort mailing list archives

snort -c /etc/snort/snort.conf fatal error

From: "VanZee, Timothy" <T-VANZEE () govst edu>
Date: Sat, 17 Apr 2004 07:30:54 -0500

Can anyone help me out?  I am not getting any alerts even after running CIS Scanner against the box.
I installed according to Install Guide by Patrick S. Harper on snort.org/docs.
 
Here is the output from snort -c /etc/snort/snort.conf
 
 
######################################################
 
# snort -c /etc/snort/snort.conf
Running in IDS mode
Log directory = /var/log/snort
Initializing Network Interface eth0
        --== Initializing Snort ==--
Initializing Output Plugins!
Decoding Ethernet on interface eth0
Initializing Preprocessors!
Initializing Plug-ins!
Parsing Rules file /etc/snort/snort.conf
+++++++++++++++++++++++++++++++++++++++++++++++++++
Initializing rule chains...
,-----------[Flow Config]----------------------
| Stats Interval:  0
| Hash Method:     2
| Memcap:          10485760
| Rows  :          4099
| Overhead Bytes:  16400(%0.16)
`----------------------------------------------
No arguments to frag2 directive, setting defaults to:
    Fragment timeout: 60 seconds
    Fragment memory cap: 4194304 bytes
    Fragment min_ttl:   0
    Fragment ttl_limit: 5
    Fragment Problems: 0
    Self preservation threshold: 500
    Self preservation period: 90
    Suspend threshold: 1000
    Suspend period: 30
Stream4 config:
    Stateful inspection: ACTIVE
    Session statistics: INACTIVE
    Session timeout: 30 seconds
    Session memory cap: 8388608 bytes
    State alerts: INACTIVE
    Evasion alerts: INACTIVE
    Scan alerts: INACTIVE
    Log Flushed Streams: INACTIVE
    MinTTL: 1
    TTL Limit: 5
    Async Link: 0
    State Protection: 0
    Self preservation threshold: 50
    Self preservation period: 90
    Suspend threshold: 200
    Suspend period: 30
Stream4_reassemble config:
    Server reassembly: INACTIVE
    Client reassembly: ACTIVE
    Reassembler alerts: ACTIVE
    Zero out flushed packets: INACTIVE
    flush_data_diff_size: 500
    Ports: 21 23 25 53 80 110 111 143 513 1433
    Emergency Ports: 21 23 25 53 80 110 111 143 513 1433
ERROR: /etc/snort/snort.conf(285) => Invalid file name for IIS Unicode Map file.
Fatal Error, Quitting..

 
 
 
######################################################
 
 
Here are lines 284 and 285 from my snort.conf
 
###############
 
preprocessor http_inspect: global \
    iis_unicode_map unicode.map 1252

###############
 
 
 
Thanks for your help as I'm new to snort.
 
 
N�HS^�隊X���'���u������S��+��l��.)��ۭ�����ޱ��y��
��zThm����޲'^�֧t!����:(��!��h�'�-櫝�ޯ+a�x����wZ���j[-�̬���vh���kjب�m���v�,vw(����

Current thread:

snort -c /etc/snort/snort.conf fatal error VanZee, Timothy (Apr 17)
- Re: snort -c /etc/snort/snort.conf fatal error Patrick S. Harper (Apr 17)
- <Possible follow-ups>
- Re: snort -c /etc/snort/snort.conf fatal error nhdave (Apr 17)
- RE: snort -c /etc/snort/snort.conf fatal error Harper, Patrick (Apr 21)
  - RE: snort -c /etc/snort/snort.conf fatal error Paul Schmehl (Apr 21)