Snort mailing list archives
Re: Problems with multipleconfigs.
From: Bhagya Bantwal <bbantwal () sourcefire com>
Date: Fri, 11 Mar 2011 13:34:22 -0500
On Fri, Mar 11, 2011 at 12:34 PM, carlopmart <carlopmart () gmail com> wrote:
On 03/11/2011 06:13 PM, Bhagya Bantwal wrote:Http Inspect needs to be enabled when using http content modifiers such as http_method, http_header, http_uri etc. It looks like you have rules with http content modifiers in your all.rules. You dont have to turn them on in all configs. Just turn them on in the config which includes the rule with http modifiers (In your case the config which includes all.rules). Without http inspect the HTTP headers, uri etc are not be extracted and hence the error. -BThanks Bhagya for your response. I have turn on only on the secondary snort configuration, but if doesn't exists an entry about http instpect on snort.conf, snort doesn't starts. I have not activated any rule in the main configuration file. Only on the secondaries config files.
What is your http config? If you are using the http config variables such as compress_depth and decompress_depth you need to specify these in your base conf ( snort.conf in your case). -B
-- CL Martinez carlopmart {at} gmail {d0t} com ------------------------------------------------------------------------------ Colocation vs. Managed Hosting A question and answer guide to determining the best fit for your organization - today and in the future. http://p.sf.net/sfu/internap-sfd2d _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------------ Colocation vs. Managed Hosting A question and answer guide to determining the best fit for your organization - today and in the future. http://p.sf.net/sfu/internap-sfd2d
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Problems with multipleconfigs. carlopmart (Mar 10)
- Re: Problems with multipleconfigs. carlopmart (Mar 10)
- Re: Problems with multipleconfigs. carlopmart (Mar 10)
- Re: Problems with multipleconfigs. carlopmart (Mar 11)
- Re: Problems with multipleconfigs. Bhagya Bantwal (Mar 11)
- Re: Problems with multipleconfigs. carlopmart (Mar 11)
- Re: Problems with multipleconfigs. Bhagya Bantwal (Mar 11)
- Re: Problems with multipleconfigs. carlopmart (Mar 11)
- Re: Problems with multipleconfigs. Bhagya Bantwal (Mar 11)
- Re: Problems with multipleconfigs. carlopmart (Mar 12)
- Re: Problems with multipleconfigs. carlopmart (Mar 10)
- Re: Problems with multipleconfigs. carlopmart (Mar 10)