Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Snort Beta v2.6

From: "Will Metcalf" <william.metcalf () gmail com>
Date: Mon, 20 Mar 2006 18:47:56 -0600
make distclean
./autojunk.sh

./configure && make && make install
(or whatever)

Regards,

Will

On 3/20/06, Ron Jenkins <rjenkins () dibr net> wrote:




Is anyone else having these problems?







ERROR: /etc/snort/snort.conf(519) unknown preprocessor "ftp_telnet"
 Fatal Error, Quitting..

 ERROR: /etc/snort/snort.conf(523) unknown preprocessor
"ftp_telnet_protocol"
 Fatal Error, Quitting..

 ERROR: /etc/snort/snort.conf(571) unknown preprocessor "smtp"
 Fatal Error, Quitting..

 Rule application order:
->activation->dynamic->pass->drop->alert->log
 Log directory = /var/log/snort
 Verifying Preprocessor Configurations!
 Warning: flowbits key 'trojan' is set but not ever checked.
 Warning: flowbits key 'dce.bind.veritas' is set but not ever checked.
 Warning: flowbits key
'dce.isystemactivator.bind.call.attempt' is set but not
ever checked.
 Warning: flowbits key 'http.jpeg' is checked but not ever set.
 Warning: flowbits key 'realplayer.playlist' is checked but not ever set.
 Warning: flowbits key 'ms_sql_seen_dns' is checked but not ever set.
 Warning: flowbits key 'netbios.lsass.bind.attempt' is checked but not ever
set.





After  a short period of time snort exits with the following:

 Not Using PCAP_FRAMES





Also, the server drive becomes very busy.



Thanks…



Ron Jenkins (SnortCP, MCNE, CNE6, MCP, CCNA, CCEA)
 Senior Architect
 Data Integrity, LLC
 "We Integrate People with Solutions"
 1724 Dallas Drive
 Suite 11
 Baton Rouge, La 70806
 Office. 225.927.8030
 Fax. 225.927.8033
 Cell225.931.1632

Email. rjenkins () dibr net
 Web. http://www.dibr.net

(Aanval Reseller and Technology Partner)

http://www.aanval.com/tour/dibr





-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid0944&bid$1720&dat1642
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: