Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Testing 2.9.1 and getting 'Unknown preprocessor: "sip"'

From: Miguel Alvarez <miguellvrz9 () gmail com>
Date: Thu, 15 Sep 2011 17:33:36 -0600
I'm finally getting around to testing 2.9.1 but when I test my updated
snort.conf, I'm getting 'Unknown preprocessor: "sip"':

# which snort
/usr/sbin/snort

# /usr/sbin/snort -V

   ,,_     -*> Snort! <*-
  o"  )~   Version 2.9.1 IPv6 GRE (Build 71)
   ''''    By Martin Roesch & The Snort Team:
http://www.snort.org/snort/snort-team
           Copyright (C) 1998-2011 Sourcefire, Inc., et al.
           Using libpcap version 1.1.1
           Using PCRE version: 6.6 06-Feb-2006
           Using ZLIB version: 1.2.3


# /usr/sbin/snort -c /etc/snort.test/snort.conf -T
...
ERROR: /etc/snort.test/snort.conf(459) Unknown preprocessor: "sip".
Fatal Error, Quitting..

And here's the sip preprocessor section from snort.conf (should be
exactly the same from the stock 2.9.1 snort.conf):

# SIP Session Initiation Protocol preprocessor.  For more information
see README.sip
preprocessor sip: max_sessions 40000, \
   ports { 5060 5061 5600 }, \
   methods { invite \
             cancel \
             ack \
             bye \
             register \
             options \
             refer \
             subscribe \
             update \
             join \
             info \
             message \
             notify \
             benotify \
             do \
             qauth \
             sprack \
             publish \
             service \
             unsubscribe \
             prack }, \
   max_uri_len 512, \
   max_call_id_len 80, \
   max_requestName_len 20, \
   max_from_len 256, \
   max_to_len 256, \
   max_via_len 1024, \
   max_contact_len 512, \
   max_content_len 2048

This is on CentOS 5.6.  The only google result for this was from a
Japanese IRC chat and it didn't make any sense. :-( They also happened
to be running CentOS but I doubt that's the problem.

It was compiled with the following options (from the provided .spec file):

SNORT_BASE_CONFIG="--prefix=%{_prefix} \
                  --bindir=%{_sbindir} \
                  --sysconfdir=%{_sysconfdir}/snort \
                  --enable-decoder-preprocessor-rules \
                  --enable-targetbased \
                  --enable-zlib \
                  --enable-sourcefire \
                  --enable-ipv6 \
                  --enable-perfprofiling \
                  --enable-gre \
                  --enable-ppm \
                  --enable-normalizer \
                  --enable-reload"

Does anyone have any suggestions?

Thank you

------------------------------------------------------------------------------
BlackBerry&reg; DevCon Americas, Oct. 18-20, San Francisco, CA
http://p.sf.net/sfu/rim-devcon-copy2
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: