Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Snrot 2.8.6 HTTP_Inspect fatal error?

From: "Andy Berryman" <aberryman () Cymtec com>
Date: Wed, 12 May 2010 10:43:54 -0500
Nevermind, found my error was in the threshold.conf file. I had this
which is what was causing the error. 

 

suppress gen_id 119, sig_id 4 # http_inspect: BARE BYTE UNICODE ENCODING

 

Thanks, 

Andy 

 

From: Andy Berryman 
Sent: Wednesday, May 12, 2010 10:37 AM
To: snort-users () lists sourceforge net
Subject: Snrot 2.8.6 HTTP_Inspect fatal error? 

 

When I try to start Snort 2.8.6 I'm getting a fatal error. 

 

FATAL ERROR: suppress: sig_id: Invalid integer input: 4 # http_inspect:
BARE BYTE UNICODE ENCODING

 

Here's my http_inspect output from snort.conf, it's just the default
settings. What am I missing here? 

 

preprocessor http_inspect: global iis_unicode_map unicode.map 1252

preprocessor http_inspect_server: server default \

    apache_whitespace no \

    ascii no \

        bare_byte no \

        chunk_length 500000 \

        flow_depth 1460 \

        directory no \

        double_decode no \

        iis_backslash no \

        iis_delimiter no \

        iis_unicode no \

        multi_slash no \

        non_strict \

        oversize_dir_length 500 \

        ports { 80 2301 3128 7777 7779 8000 8008 8028 8080 8180 8888
9999 } \

        u_encode yes \

        non_rfc_char { 0x00 0x01 0x02 0x03 0x04 0x05 0x06 0x07 } \

        webroot no

 

Thanks,

Andy Berryman


###############################################################################
This message from Cymtec Systems, Inc. contains confidential information and is solely for the use of the recipient(s) 
named above.  If you are not the intended recipient or an agent responsible for delivering it to the intended 
recipient, you are hereby notified that you have received this message in error and that any review, disclosure, 
copying, distribution or use of the contents of this message is strictly prohibited.  If you have received this message 
in error, please destroy it immediately and notify Cymtec Systems, Inc. by telephone at +1.314.993.8700 or by return 
e-mail.                    
###############################################################################

------------------------------------------------------------------------------


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: