[Snort-users] =?ISO-8859-1?Q?Re=3A_=5BSnort-users=5D_AW=3A_=5BSnort-user?=

This is a discussion on [Snort-users] =?ISO-8859-1?Q?Re=3A_=5BSnort-users=5D_AW=3A_=5BSnort-user?= within the Snort forums, part of the System Security and Security Related category; It would be better to take the snort.conf from v 2.1 and edit it again=20 to fit ...


Go Back   Usenet Forums > System Security and Security Related > Snort

Reload this Page [Snort-users] =?ISO-8859-1?Q?Re=3A_=5BSnort-users=5D_AW=3A_=5BSnort-user?=

FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply

 

LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 01-10-2004
Scott Zawalski
 
Posts: n/a
Default [Snort-users] =?ISO-8859-1?Q?Re=3A_=5BSnort-users=5D_AW=3A_=5BSnort-user?=
It would be better to take the snort.conf from v 2.1 and edit it again=20
to fit your current setup. I had this error also upgrading from 2.0.6=20
and just using my old conf.


Scott


Poppi, Sandro wrote:

>Hi Tony,
>
>I would suggest running through your snort.conf and searching for "decod=
e"
>(without the quotes) somewhere after preprocessor stream4. Seems to me t=
hat
>a typo has made it accidently into the file.
>
>So long,
>Sandro
> =20
>
>>Hi,
>>
>>Just upgraded my Unstable Debian System. Snort upgraded to=20
>>2.1.0 (Build 9).
>>Since this upgrade i have the FATAL error :
>>
>>titine:/etc/snort# /usr/sbin/snort -T -c /etc/snort/snort.conf
>>...
>>
>>No arguments to frag2 directive, setting defaults to:
>> Fragment timeout: 60 seconds
>> Fragment memory cap: 4194304 bytes
>> Fragment min_ttl: 0
>> Fragment ttl_limit: 5
>> Fragment Problems: 0
>> Self preservation threshold: 500
>> Self preservation period: 90
>> Suspend threshold: 1000
>> Suspend period: 30
>>Stream4 config:
>> Stateful inspection: ACTIVE
>> Session statistics: INACTIVE
>> Session timeout: 30 seconds
>> Session memory cap: 8388608 bytes
>> State alerts: INACTIVE
>> Evasion alerts: INACTIVE
>> Scan alerts: ACTIVE
>> Log Flushed Streams: INACTIVE
>> MinTTL: 1
>> TTL Limit: 5
>> Async Link: 0
>> State Protection: 0
>> Self preservation threshold: 50
>> Self preservation period: 90
>> Suspend threshold: 200
>> Suspend period: 30
>>Stream4_reassemble config:
>> Server reassembly: INACTIVE
>> Client reassembly: ACTIVE
>> Reassembler alerts: ACTIVE
>> Zero out flushed packets: INACTIVE
>> flush_data_diff_size: 500
>> Ports: 21 23 25 53 80 110 111 143 513 1433
>> Emergency Ports: 21 23 25 53 80 110 111 143 513 1433
>>ERROR: unknown preprocessor "=E0_decode"
>>Fatal Error, Quitting..
>>
>>Recently , i just added some preprocessor portscan-ignorehosts, and=20
>>preprocessor portscan2-ignorehosts directive in my config file. Think=20
>>nothing to do with the error "a_decode"
>>
>>Some library version information on the system :
>>gcc version 3.3.3 20031229 (prerelease) (Debian)
>>libc6 2.3.2.ds1-10 GNU C Library: Shared libraries=20
>>and Timezone
>>libc6-dev 2.3.2.ds1-10 GNU C Library: Development=20
>>Libraries and Hea
>>
>>Thanks for your help.
>>
>>
>>-------------------------------------------------------
>>This SF.net email is sponsored by: Perforce Software.
>>Perforce is the Fast Software Configuration Management System offering
>>advanced branching capabilities and atomic changes on 50+ platforms.
>>Free Eval! http://www.perforce.com/perforce/loadprog.html
>>______________________________________________ _
>>Snort-users mailing list
>>Snort-users@lists.sourceforge.net
>>Go to this URL to change user options or unsubscribe:
>>https://lists.sourceforge.net/lists/...fo/snort-users
>>Snort-users list archive:
>>http://www.geocrawler.com/redir-sf.p...=3Dsnort-users
>>
>> =20
>>
>
>
>-------------------------------------------------------
>This SF.net email is sponsored by: Perforce Software.
>Perforce is the Fast Software Configuration Management System offering
>advanced branching capabilities and atomic changes on 50+ platforms.
>Free Eval! http://www.perforce.com/perforce/loadprog.html
>_______________________________________________
>Snort-users mailing list
>Snort-users@lists.sourceforge.net
>Go to this URL to change user options or unsubscribe:
>https://lists.sourceforge.net/lists/...fo/snort-users
>Snort-users list archive:
>http://www.geocrawler.com/redir-sf.p...st=3Dort-users
>
> =20
>



-------------------------------------------------------
This SF.net email is sponsored by: Perforce Software.
Perforce is the Fast Software Configuration Management System offering
advanced branching capabilities and atomic changes on 50+ platforms.
Free Eval! http://www.perforce.com/perforce/loadprog.html
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/...fo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.p...st=snort-users
Reply With Quote
Reply

« Previous Thread | Next Thread »

Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT +1. The time now is 01:04 AM.

Contact Us - Usenet Forums - Archive - Top

Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0