Snort mailing list archives

Re: Problem with latest snort.conf file

From: "Michael Steele" <michaels () winsnort com>
Date: Thu, 20 Oct 2016 15:05:40 -0400

I just checked my snortrules-snapshot-2983.tar.gz dated 9/28/2016. The decompress lines 325 and 326 are in the 
snort.conf. I’ve always used the one from the rules taball.                                                             
                                         

 

Kindest regards,

Michael...

 

WINSNORT.com Management Team Member

--

****************** Established ~ 2001 *******************

*          Visit Us @  <http://www.winsnort.com> http://www.winsnort.com           *

*      ~~ FREE WinIDS Snort installation guides ~~      *

*               ~~ FREE support forums ~~               *

* Snort: Open Source Network IDS -  <http://www.snort.org> http://www.snort.org *

*********************************************************

 

From: Joel Esler (jesler) [mailto:jesler () cisco com] 
Sent: Thursday, October 20, 2016 10:43 AM
To: Markus Thiemann <kassebohmer () gmail com>
Cc: snort-users () lists sourceforge net
Subject: Re: [Snort-users] Problem with latest snort.conf file

 

Markus, 

 

Thanks for that.  As always, the Snort.conf in the rule package is definitely the one to us (as we keep it up to date, 
whereas the snort.conf in the tarball does not get updated)

 

 

--

Joel Esler | Talos: Manager| jesler () cisco com <mailto:jesler () cisco com> 

 

 

 

 

On Oct 20, 2016, at 10:31 AM, Markus Thiemann <kassebohmer () gmail com <mailto:kassebohmer () gmail com> > wrote:

 

Hi Michael,

I had the same error message some weeks ago. Turns out I've used the snort.conf file included in 
snortrules-snapshot-2983.tar.gz. I replaced that one with the one included in the snort source package 
(snort-2.9.8.3.tar.gz). This fixed the issue for me. Hope it's helpful for you, too.

Markus

 

Am 19.10.2016 um 22:44 schrieb Michael Steele:

Testing new installations of the snort.conf file using the –T switch on Windows. There seems to be a problem with line 
326, and it is being reported by multiple installers at the same point.

 

---------------------------------------------

      Gzip Compress Depth: 65535

      Gzip Decompress Depth: 65535

ERROR: d:\winids\snort\etc\snort.conf(326) => Invalid keyword '}' for server configuration.

Fatal Error, Quitting..

---------------------------------------------

 

Line 324:  webroot no \

Line 325: decompress_swf { deflate lzma } \

Line 326: decompress_pdf { deflate }

 

Michael…






------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most 
engaging tech sites, SlashDot.org <http://SlashDot.org> !  <http://sdm.link/slashdot> http://sdm.link/slashdot






_______________________________________________
Snort-users mailing list
 <mailto:Snort-users () lists sourceforge net> Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
 <https://lists.sourceforge.net/lists/listinfo/snort-users> https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
 <http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users> 
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
 
Please visit  <http://blog.snort.org/> http://blog.snort.org to stay current on all the latest Snort news!


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most 
engaging tech sites,  <http://slashdot.org/> SlashDot.org!  
<http://sdm.link/slashdot_______________________________________________> 
http://sdm.link/slashdot_______________________________________________
Snort-users mailing list
 <mailto:Snort-users () lists sourceforge net> Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
 <https://lists.sourceforge.net/lists/listinfo/snort-users> https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
 <http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users> 
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit  <http://blog.snort.org/> http://blog.snort.org to stay current on all the latest Snort news!

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most 
engaging tech sites, SlashDot.org! http://sdm.link/slashdot

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

Problem with latest snort.conf file Michael Steele (Oct 19)
- Re: Problem with latest snort.conf file Seshaiah Erugu (serugu) (Oct 19)
- Re: Problem with latest snort.conf file Markus Thiemann (Oct 20)
  - Re: Problem with latest snort.conf file Joel Esler (jesler) (Oct 20)
    - Re: Problem with latest snort.conf file Michael Steele (Oct 20)