Snort mailing list archives
Re: Problems with multipleconfigs.
From: Bhagya Bantwal <bbantwal () sourcefire com>
Date: Fri, 11 Mar 2011 12:13:30 -0500
Http Inspect needs to be enabled when using http content modifiers such as http_method, http_header, http_uri etc. It looks like you have rules with http content modifiers in your all.rules. You dont have to turn them on in all configs. Just turn them on in the config which includes the rule with http modifiers (In your case the config which includes all.rules). Without http inspect the HTTP headers, uri etc are not be extracted and hence the error. -B On Fri, Mar 11, 2011 at 11:25 AM, carlopmart <carlopmart () gmail com> wrote:
On 03/10/2011 11:12 PM, carlopmart wrote:On 03/10/2011 10:48 PM, carlopmart wrote:On 03/10/2011 10:08 PM, carlopmart wrote:OOps sorry. I have found the problem with RULE_PATH. All rules needs to be defined on prod_ids.conf and mgmt_ids.conf ... But another problem appears: FATAL ERROR: /data/config/etc/snort-common/rules/all.rules(50) Please enable the HTTP Inspect preprocessor before using the http content modifiers Do I need to define all preprocessors under secondary configuration files: prod_ids.conf and mgmt_ids.conf??Ok, one more time. I have "resolved" this issue. Finally, I have insert preprocessor http_inspect and preprocessor http_inspect_server (with the same values and options) on all configuration files. But, I don't understand why I need to do this. Can someone explain me??Please, any help? -- CL Martinez carlopmart {at} gmail {d0t} com ------------------------------------------------------------------------------ Colocation vs. Managed Hosting A question and answer guide to determining the best fit for your organization - today and in the future. http://p.sf.net/sfu/internap-sfd2d _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------------ Colocation vs. Managed Hosting A question and answer guide to determining the best fit for your organization - today and in the future. http://p.sf.net/sfu/internap-sfd2d
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Problems with multipleconfigs. carlopmart (Mar 10)
- Re: Problems with multipleconfigs. carlopmart (Mar 10)
- Re: Problems with multipleconfigs. carlopmart (Mar 10)
- Re: Problems with multipleconfigs. carlopmart (Mar 11)
- Re: Problems with multipleconfigs. Bhagya Bantwal (Mar 11)
- Re: Problems with multipleconfigs. carlopmart (Mar 11)
- Re: Problems with multipleconfigs. Bhagya Bantwal (Mar 11)
- Re: Problems with multipleconfigs. carlopmart (Mar 11)
- Re: Problems with multipleconfigs. Bhagya Bantwal (Mar 11)
- Re: Problems with multipleconfigs. carlopmart (Mar 12)
- Re: Problems with multipleconfigs. carlopmart (Mar 10)
- Re: Problems with multipleconfigs. carlopmart (Mar 10)