Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Can't get Snort to run on Win2008

From: "Ed Borgoyn (eborgoyn)" <eborgoyn () cisco com>
Date: Mon, 20 Mar 2017 20:48:25 +0000
Matt,
  On line 333 of snort.conf there probably is the ‘lzma’ keyword.  Please remove this keyword, leaving the rest of the 
line intact.  This keyword is not recognized if/when snort is not built with the lzma decompression libraries.  For 
some reason the default windows build doesn’t have lzma support but still has the lzma keyword in the snort.conf.  Give 
this a try.
    Ed Borgoyn
    Cisco Snort Development Team


On 3/20/17, 3:31 PM, "Matt H" <vikingfan_913 () yahoo com> wrote:

    I'm having trouble getting Snort working on a Windows server.  I followed these steps (though on a 2008 server) 
http://www.javaguicodexample.com/snortiisphpbaseperladodb6.html
    but when I runsnort -i 1 -c C:\Snort\etc\snort.conf -b -N -K none -A nonethe output is:
    Running in IDS mode
    
    --==Initializing Snort ==--Initializing Output Plugins!Initializing Preprocessors!Initializing Plug-ins!            
... cutting out a bunchHttpInspect Config:            ... cutting out details  Gzip Decompress Depth: 65535ERROR: 
c:\snort\etc\snort.conf(333) => Invalid keyword '}' for server configuration.Fatal Error, Quitting..Could not set the 
event message file.
    Please let me know what other details I can provide to get effective help from any of you.  Thanks
    ------------------------------------------------------------------------------
    Check out the vibrant tech community on one of the world's most
    engaging tech sites, Slashdot.org! http://sdm.link/slashdot
    _______________________________________________
    Snort-users mailing list
    Snort-users () lists sourceforge net
    Go to this URL to change user options or unsubscribe:
    https://lists.sourceforge.net/lists/listinfo/snort-users
    Snort-users list archive:
    http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
    
    Please visit http://blog.snort.org to stay current on all the latest Snort news!

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: