Snort mailing list archives

Errors starting Snort...

From: Lorenzo Rossi <condor_rl () libero it>
Date: Mon, 1 Nov 2004 17:35:19 +0100

HI, 

some time ago I configured Snort 2.0 with mysql and Acid on my linux Debian
box. I was very happy all was working ok! 
Then I updated snort-mysql and mysql packages using Debian utility "apt-get", and snort stop working
but but I have not enought time to  investigate the problem.

Only now I have found the time to working back on snort so I updated
again my snort-mysql and mysql packages and I tried to startup snort, but it
generate an error. And I do not know why?
My Debian packages are:


snort-mysql:
  Installed: 2.2.0-4
  Candidate: 2.2.0-4

Snort version is:
Version 2.2.0 (Build 30)


mysql-server:
  Installed: 4.0.21-7
  Candidate: 4.0.21-7


Below is the output of the /var/log/daemon.log

Could you give me some advices to bring me on the corrct way?

Thanks Lorenzo

=============================================================================
Nov  1 17:04:09 europa snort: OpenPcap() device eth0 network lookup:
^Ieth0: no IPv4 address assigned
Nov  1 17:04:09 europa snort: Initializing daemon mode
Nov  1 17:04:09 europa snort: PID path stat checked out ok, PID path set
to /var/run/
Nov  1 17:04:09 europa snort: Writing PID "12509" to file
"/var/run//snort_eth0.pid"
Nov  1 17:04:09 europa snort: ,-----------[Flow
Config]----------------------
Nov  1 17:04:09 europa snort: | Stats Interval:  0
Nov  1 17:04:09 europa snort: | Hash Method:     2
Nov  1 17:04:09 europa snort: | Memcap:          10485760
Nov  1 17:04:09 europa snort: | Rows  :          4099
Nov  1 17:04:09 europa snort: | Overhead Bytes:  16400(%0.16)
Nov  1 17:04:09 europa snort:
`----------------------------------------------
Nov  1 17:04:09 europa snort: HttpInspect Config:
Nov  1 17:04:09 europa snort:     GLOBAL CONFIG
Nov  1 17:04:09 europa snort:       Max Pipeline Requests:    0
Nov  1 17:04:09 europa snort:       Inspection Type:          STATELESS
Nov  1 17:04:09 europa snort:       Detect Proxy Usage:       NO
Nov  1 17:04:09 europa snort:       IIS Unicode Map Filename:
/etc/snort/unicode.map
Nov  1 17:04:09 europa snort:       IIS Unicode Map Codepage: 1252
Nov  1 17:04:09 europa snort:     DEFAULT SERVER CONFIG:
Nov  1 17:04:09 europa snort:       Ports:
Nov  1 17:04:09 europa snort: 80
Nov  1 17:04:09 europa snort: 8080
Nov  1 17:04:09 europa snort: 8180
Nov  1 17:04:10 europa snort:
Nov  1 17:04:10 europa snort:       Flow Depth: 300
Nov  1 17:04:10 europa snort:       Max Chunk Length: 500000
Nov  1 17:04:10 europa snort:       Inspect Pipeline Requests: YES
Nov  1 17:04:10 europa snort:       URI Discovery Strict Mode: NO
Nov  1 17:04:10 europa snort:       Allow Proxy Usage: NO
Nov  1 17:04:10 europa snort:       Disable Alerting: NO
Nov  1 17:04:10 europa snort:       Oversize Dir Length: 500
Nov  1 17:04:10 europa snort:       Only inspect URI: NO
Nov  1 17:04:10 europa snort:       Ascii: YES alert: NO
Nov  1 17:04:10 europa snort:       Double Decoding: YES alert: YES
Nov  1 17:04:10 europa snort:       %U Encoding: YES alert: YES
Nov  1 17:04:10 europa snort:       Bare Byte: YES alert: YES
Nov  1 17:04:10 europa snort:       Base36: OFF
Nov  1 17:04:10 europa snort:       UTF 8: OFF
Nov  1 17:04:10 europa snort:       IIS Unicode: YES alert: YES
Nov  1 17:04:10 europa snort:       Multiple Slash: YES alert: NO
Nov  1 17:04:10 europa snort:       IIS Backslash: YES alert: NO
Nov  1 17:04:10 europa snort:       Directory Traversal: YES alert: NO
Nov  1 17:04:10 europa snort:       Web Root Traversal: YES alert: YES
Nov  1 17:04:10 europa snort:       Apache WhiteSpace: YES alert: YES
Nov  1 17:04:10 europa snort:       IIS Delimiter: YES alert: YES
Nov  1 17:04:10 europa snort:       IIS Unicode Map: GLOBAL IIS UNICODE
MAP CONFIG
Nov  1 17:04:10 europa snort:       Non-RFC Compliant Characters:
Nov  1 17:04:10 europa snort: NONE
Nov  1 17:04:10 europa snort:
Nov  1 17:04:10 europa snort: rpc_decode arguments:
Nov  1 17:04:10 europa snort:     Ports to decode RPC on: 111 32771
Nov  1 17:04:10 europa snort:     alert_fragments: INACTIVE
Nov  1 17:04:10 europa snort:     alert_large_fragments: ACTIVE
Nov  1 17:04:10 europa snort:     alert_incomplete: ACTIVE
Nov  1 17:04:10 europa snort:     alert_multiple_requests: ACTIVE
Nov  1 17:04:10 europa snort: telnet_decode arguments:
Nov  1 17:04:10 europa snort:     Ports to decode telnet on: 21 23 25
119
Nov  1 17:04:10 europa snort: /etc/snort/snort.eth0.conf(357) Unable to
create an IPSet from [any]

===============================================================================================


-- 
LinuxUser: 71680        OpenPGP-> KeyID: 0x25B9E15E
===================================================
Fingerprint:
BF76 8EC9 A14D 2CD4 195F  9E7D 6834 A8AE 25B9 E15E
---------------------------------------------------


-------------------------------------------------------
This SF.Net email is sponsored by:
Sybase ASE Linux Express Edition - download now for FREE
LinuxWorld Reader's Choice Award Winner for best database on Linux.
http://ads.osdn.com/?ad_id=5588&alloc_id=12065&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:

Errors starting Snort... Lorenzo Rossi (Nov 01)
- Re: Errors starting Snort... James Riden (Nov 01)
  - Re: Errors starting Snort... Lorenzo Rossi (Nov 02)
- <Possible follow-ups>
- RE: Errors starting Snort... M. Shirk (Nov 01)
- Re: Errors starting Snort... Nigel Houghton (Nov 02)
- RE: Errors starting Snort... Bristol, Gary L. (Nov 03)
  - Re: Errors starting Snort... Nigel Houghton (Nov 02)