Re: Error: Unknown preprocessor: "normalize_ip4"

[Joel Esler <jesler () sourcefire com>]

Yes. 

Sent from my iPad

On Jan 1, 2011, at 9:59 PM, "Michael Steele" <michaels () winsnort com> wrote:

> Joe,
>
>  
>
> This is a Windows environment, and inline is not possible?
>
>  
>
> Unless you can direct me to some information Windows / Snort / inline?
>
>  
>
> If “preprocessor normalize_*”  is not usable in Windows, then should all the “preprocessor normalize_” lines be # out?
>
>  
>
> Kindest regards,
>
> Michael...
>
>  
>
> From: Joel Esler [mailto:jesler () sourcefire com] 
> Sent: Saturday, January 01, 2011 7:08 PM
> To: Michael Steele
> Cc: <snort-users () lists sourceforge net>
> Subject: Re: [Snort-users] Error: Unknown preprocessor: "normalize_ip4"
>
>  
>
> http://vrt-sourcefire.blogspot.com/2010/11/inline-normalization-with-snort-290.html
>
> --
>
> Sent from my iPhone
>
> Skype:eslerjoel
>
>
> On Jan 1, 2011, at 5:53 PM, "Michael Steele" <michaels () winsnort com> wrote:
>
> Working with Snort 2.9.3 –
>
>  
>
> Snort it throws  -> ERROR: d:\snort\etc\snort.conf(186) Unknown preprocessor: "normalize_ip4"
>
>  
>
> I see the options in the snort.conf:
>
> --------------------\
>
> # Inline packet normalization. For more information, see README.normalize
>
> # Does nothing in IDS mode
>
> preprocessor normalize_ip4
>
> preprocessor normalize_tcp: ips ecn stream
>
> preprocessor normalize_icmp4
>
> preprocessor normalize_ip6
>
> preprocessor normalize_icmp6
>
> --------------------/
>
> The above lines are causing the errors, however the snort.conf states “# Does nothing in IDS mode”. However, windows 
> is reading in the those configuration lines and trying to process them, so it appears to be actually doing something?
>
>  
>
> In UNIX it appears that the normalize function needs to be enabled on compiling. If it’s not enabled, does UNIX throw 
> errors if the functions are not committed out?
>
>   
>
> Is commenting out the normalizes lines the proper way to get around these errors in Windows, and is this how it’s 
> supposed to work?
>
>  
>
> This also might be a Windows bug?
>
>  
>
> The normalize function appears to be related to Barnyard?
>
>  
>
> Kindest regards,
>
> Michael...
>
> ------------------------------------------------------------------------------
> Learn how Oracle Real Application Clusters (RAC) One Node allows customers
> to consolidate database storage, standardize their database environment, and, 
> should the need arise, upgrade to a full multi-node Oracle RAC database 
> without downtime or disruption
> http://p.sf.net/sfu/oracle-sfdevnl
>
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------------
Learn how Oracle Real Application Clusters (RAC) One Node allows customers
to consolidate database storage, standardize their database environment, and, 
should the need arise, upgrade to a full multi-node Oracle RAC database 
without downtime or disruption
http://p.sf.net/sfu/oracle-sfdevnl

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users