Re: Snort install on windows

[Lee Brown <leeb () ratnaling org>]

On Fri, Apr 6, 2018 at 7:39 PM, Lee Brown <leeb () ratnaling org> wrote:

> On Fri, Apr 6, 2018 at 7:22 PM, CJ Lorenz via Snort-users <
> snort-users () lists snort org> wrote:
>
> > I've got an issue escaping me at the moment while installing Snort.
> > When I run
> > C:\Snort\bin>snort -v -c C:\Snort\etc\snort.conf -l C:\snort\log -K ascii
> >
> > I get an error at the end... Error: C:\Snort\etc\snort.conf(334) =>
> > Invalid keyword '}" for server configuration. Fatal Error, Quitting.. Could
> > not create the registry key.
> >
> > I'm completely at a loss on this... I'm installing and setting up Snort
> > 2.9 on Windows Server 2016
> > CPU: W3520 Xeon
> > RAM: 16 GB DDR3
> >
> > Any and all help would be appreciative.. Been bashing my head on the desk
> > all day with this one.
> >
> > Thank you
> >
> > Find the thread titled "2.9.11.1 on windows 10 issue snort.conf", answer
> is there.
> sry, on mobile, hard to copy/paste links, etc.
>
> Does line 334 of snort.conf look like:

decompress_swf { deflate lzma }

If so, then try removing the ‘lzma’ keyword.  See below (reference
<http://manual-snort-org.s3-website-us-east-1.amazonaws.com/node17.html>).

> *Note:  * LZMA decompression is only available if Snort is built with the
> liblzma package present and functional. If the LZMA package is not present,
> then the lzma option will indicate a fatal parsing error. If the liblzma
> package IS present, but one desires to disable LZMA support, then the
> -disable-lzma option on configure will disable usage of the library.
_______________________________________________
Snort-users mailing list
Snort-users () lists snort org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette