Snort mailing list archives
Errors starting Snort...
From: Lorenzo Rossi <condor_rl () libero it>
Date: Mon, 1 Nov 2004 17:35:19 +0100
HI, some time ago I configured Snort 2.0 with mysql and Acid on my linux Debian box. I was very happy all was working ok! Then I updated snort-mysql and mysql packages using Debian utility "apt-get", and snort stop working but but I have not enought time to investigate the problem. Only now I have found the time to working back on snort so I updated again my snort-mysql and mysql packages and I tried to startup snort, but it generate an error. And I do not know why? My Debian packages are: snort-mysql: Installed: 2.2.0-4 Candidate: 2.2.0-4 Snort version is: Version 2.2.0 (Build 30) mysql-server: Installed: 4.0.21-7 Candidate: 4.0.21-7 Below is the output of the /var/log/daemon.log Could you give me some advices to bring me on the corrct way? Thanks Lorenzo ============================================================================= Nov 1 17:04:09 europa snort: OpenPcap() device eth0 network lookup: ^Ieth0: no IPv4 address assigned Nov 1 17:04:09 europa snort: Initializing daemon mode Nov 1 17:04:09 europa snort: PID path stat checked out ok, PID path set to /var/run/ Nov 1 17:04:09 europa snort: Writing PID "12509" to file "/var/run//snort_eth0.pid" Nov 1 17:04:09 europa snort: ,-----------[Flow Config]---------------------- Nov 1 17:04:09 europa snort: | Stats Interval: 0 Nov 1 17:04:09 europa snort: | Hash Method: 2 Nov 1 17:04:09 europa snort: | Memcap: 10485760 Nov 1 17:04:09 europa snort: | Rows : 4099 Nov 1 17:04:09 europa snort: | Overhead Bytes: 16400(%0.16) Nov 1 17:04:09 europa snort: `---------------------------------------------- Nov 1 17:04:09 europa snort: HttpInspect Config: Nov 1 17:04:09 europa snort: GLOBAL CONFIG Nov 1 17:04:09 europa snort: Max Pipeline Requests: 0 Nov 1 17:04:09 europa snort: Inspection Type: STATELESS Nov 1 17:04:09 europa snort: Detect Proxy Usage: NO Nov 1 17:04:09 europa snort: IIS Unicode Map Filename: /etc/snort/unicode.map Nov 1 17:04:09 europa snort: IIS Unicode Map Codepage: 1252 Nov 1 17:04:09 europa snort: DEFAULT SERVER CONFIG: Nov 1 17:04:09 europa snort: Ports: Nov 1 17:04:09 europa snort: 80 Nov 1 17:04:09 europa snort: 8080 Nov 1 17:04:09 europa snort: 8180 Nov 1 17:04:10 europa snort: Nov 1 17:04:10 europa snort: Flow Depth: 300 Nov 1 17:04:10 europa snort: Max Chunk Length: 500000 Nov 1 17:04:10 europa snort: Inspect Pipeline Requests: YES Nov 1 17:04:10 europa snort: URI Discovery Strict Mode: NO Nov 1 17:04:10 europa snort: Allow Proxy Usage: NO Nov 1 17:04:10 europa snort: Disable Alerting: NO Nov 1 17:04:10 europa snort: Oversize Dir Length: 500 Nov 1 17:04:10 europa snort: Only inspect URI: NO Nov 1 17:04:10 europa snort: Ascii: YES alert: NO Nov 1 17:04:10 europa snort: Double Decoding: YES alert: YES Nov 1 17:04:10 europa snort: %U Encoding: YES alert: YES Nov 1 17:04:10 europa snort: Bare Byte: YES alert: YES Nov 1 17:04:10 europa snort: Base36: OFF Nov 1 17:04:10 europa snort: UTF 8: OFF Nov 1 17:04:10 europa snort: IIS Unicode: YES alert: YES Nov 1 17:04:10 europa snort: Multiple Slash: YES alert: NO Nov 1 17:04:10 europa snort: IIS Backslash: YES alert: NO Nov 1 17:04:10 europa snort: Directory Traversal: YES alert: NO Nov 1 17:04:10 europa snort: Web Root Traversal: YES alert: YES Nov 1 17:04:10 europa snort: Apache WhiteSpace: YES alert: YES Nov 1 17:04:10 europa snort: IIS Delimiter: YES alert: YES Nov 1 17:04:10 europa snort: IIS Unicode Map: GLOBAL IIS UNICODE MAP CONFIG Nov 1 17:04:10 europa snort: Non-RFC Compliant Characters: Nov 1 17:04:10 europa snort: NONE Nov 1 17:04:10 europa snort: Nov 1 17:04:10 europa snort: rpc_decode arguments: Nov 1 17:04:10 europa snort: Ports to decode RPC on: 111 32771 Nov 1 17:04:10 europa snort: alert_fragments: INACTIVE Nov 1 17:04:10 europa snort: alert_large_fragments: ACTIVE Nov 1 17:04:10 europa snort: alert_incomplete: ACTIVE Nov 1 17:04:10 europa snort: alert_multiple_requests: ACTIVE Nov 1 17:04:10 europa snort: telnet_decode arguments: Nov 1 17:04:10 europa snort: Ports to decode telnet on: 21 23 25 119 Nov 1 17:04:10 europa snort: /etc/snort/snort.eth0.conf(357) Unable to create an IPSet from [any] =============================================================================================== -- LinuxUser: 71680 OpenPGP-> KeyID: 0x25B9E15E =================================================== Fingerprint: BF76 8EC9 A14D 2CD4 195F 9E7D 6834 A8AE 25B9 E15E --------------------------------------------------- ------------------------------------------------------- This SF.Net email is sponsored by: Sybase ASE Linux Express Edition - download now for FREE LinuxWorld Reader's Choice Award Winner for best database on Linux. http://ads.osdn.com/?ad_id=5588&alloc_id=12065&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Errors starting Snort... Lorenzo Rossi (Nov 01)
- Re: Errors starting Snort... James Riden (Nov 01)
- Re: Errors starting Snort... Lorenzo Rossi (Nov 02)
- <Possible follow-ups>
- RE: Errors starting Snort... M. Shirk (Nov 01)
- Re: Errors starting Snort... Nigel Houghton (Nov 02)
- RE: Errors starting Snort... Bristol, Gary L. (Nov 03)
- Re: Errors starting Snort... Nigel Houghton (Nov 02)
- Re: Errors starting Snort... James Riden (Nov 01)