Snort mailing list archives
Re: Preprocessor Question.
From: "Al Lewis (allewi)" <allewi () cisco com>
Date: Tue, 1 Mar 2016 14:06:38 +0000
Without any preprocessors enabled you wont get much use as stream5 and/or frag should be enabled almost always for any type of inspection. Are you just trying to log traffic or inspect it? Albert Lewis QA Software Engineer SOURCEfire, Inc. now part of Cisco 9780 Patuxent Woods Drive Columbia, MD 21046 Phone: (office) 443.430.7112 Email: allewi () cisco com From: David A. [mailto:ti1ion2005 () gmail com] Sent: Tuesday, March 01, 2016 8:43 AM To: snort-users () lists sourceforge net Subject: [Snort-users] Preprocessor Question. Hello everyone, I am currently using Snort version 2.9.6.0 successfully with a very simple, custom snort.conf file that defines a few variables, allows some traffic to be ignored and then forwards everything else to a syslog server. Recently, I have set up a second machine -- in this case a Raspberry Pi -- with Snort 2.9.7.0-3 and intend to use it the same way as the previous system. However, it seems that the new version of Snort has introduced functionality that adds a "WARNING: No preprocessors configured for policy 0" to everything Snort processes. I am not using preprocessors and don't have anything defined in my snort.conf. I am not using decoders and don't have them defined, either. I tried the "autoconfigure" command in my snort.conf, but that did not do anything. As a result, my logs are filling up with this warning message and I have not been able to find a way of stopping it. I have Googled this issue and the answer always comes back to reading the Snort manual (I have read the portions linked) and defining preprocessors. I don't have any preprocessors and don't wish to have any. Is there something I can do to stop Snort from issuing this warning? Thank you for your help.
------------------------------------------------------------------------------ Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Preprocessor Question. David A. (Mar 01)
- Re: Preprocessor Question. Al Lewis (allewi) (Mar 01)
- Re: Preprocessor Question. David A. (Mar 01)
- Re: Preprocessor Question. Al Lewis (allewi) (Mar 01)
- Re: Preprocessor Question. David A. (Mar 01)
- Re: Preprocessor Question. David A. (Mar 08)
- Re: Preprocessor Question. David A. (Mar 01)
- Re: Preprocessor Question. Al Lewis (allewi) (Mar 01)