Re: [Snort-users] Snort isn't starting at the Ubuntu:

This is a discussion on Re: [Snort-users] Snort isn't starting at the Ubuntu: within the Snort forums, part of the System Security and Security Related category; --===============1202135183== Content-Type: multipart/alternative; boundary=Apple-Mail-30-1030860245 --Apple-Mail-30-1030860245 Content-Type: text/plain; charset=US-...


Go Back   Usenet Forums > System Security and Security Related > Snort

Reload this Page Re: [Snort-users] Snort isn't starting at the Ubuntu:

FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply

 

LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 03-31-2008
Leon
 
Posts: n/a
Default Re: [Snort-users] Snort isn't starting at the Ubuntu:

--===============1202135183==
Content-Type: multipart/alternative; boundary=Apple-Mail-30-1030860245


--Apple-Mail-30-1030860245
Content-Type: text/plain;
charset=US-ASCII;
format=flowed;
delsp=yes
Content-Transfer-Encoding: 7bit

Hi.

You are using a snort.conf from an old version (2.3) of Snort, use the
one that came with the 2.8 source and you should get on fine.
I guess that you installed an older version of snort from the apt
repository.

You will want to remove the old versions and then use the snort.conf,
and associated stuff from 2.8. You will find them under etc/ in the
tarball.

-Leon




On 31 Mar 2008, at 14:33, jose wilter frazao wrote:

> Hi,
> I change parameter frag2 to frag3 in the /etc/snort/snot.conf, but
> is showing the next message:
>
> Tagged Packet Limit: 256
> /etc/snort/snort.conf(214) unknown dynamic preprocessor "frag3"
> /etc/snort/snort.conf(360) unknown dynamic preprocessor
> "telnet_decode"
> /etc/snort/snort.conf(500) unknown dynamic preprocessor "xlink2state"
> ERROR: Misconfigured dynamic preprocessor(s)
> Fatal Error, Quitting..
>
>
> 2008/3/29, Leon <seclists@rm-rf.co.uk>:
> Hi
>
> Looks like there are some problems with your snort.conf
>
>> Mar 28 09:23:17 wilter-ubuntu snort[24673]: /etc/snort/
>> snort.conf(214) unknown dynamic preprocessor "frag2"
>
> frag2 has been replaced with frag3, You shouldn't have it enabled on
> line 214 of your snort.conf
>
> As for the other errors, post your snort.conf with the full output
> of a snort -c /etc/snort/snort.conf -T and ill take a look.
>
> -Leon
>
>
> On 28 Mar 2008, at 17:45, jose wilter frazao wrote:
>> Hello,
>>
>> I do downloaded of snort from www.snort.com and compiled the
>> Snort with support to Mysql, and I installed in the Ubuntu 7.04.
>> When I insert the command "/usr/local/bin/snort -D -c /etc/snort/
>> snort.conf" for start the daemon of the Snort show the massage in
>> the "/var/log/syslog":
>>
>> Mar 28 09:23:17 wilter-ubuntu snort[24673]: /etc/snort/
>> snort.conf(214) unknown dynamic preprocessor "frag2"
>> Mar 28 09:23:17 wilter-ubuntu snort[24673]: /etc/snort/
>> snort.conf(360) unknown dynamic preprocessor "telnet_decode"
>> Mar 28 09:23:17 wilter-ubuntu snort[24673]: /etc/snort/
>> snort.conf(500) unknown dynamic preprocessor "xlink2state"
>> Mar 28 09:23:17 wilter-ubuntu snort[24673]: FATAL ERROR:
>> Misconfigured dynamic preprocessor(s)
>>
>> What should I do to correct this problem?
>>
>> -------------------------------------------------------------------------
>> Check out the new SourceForge.net Marketplace.
>> It's the best place to buy or sell services for
>> just about anything Open Source.
>> http://ad.doubleclick.net/clk;164216...______________
>> Snort-users mailing list
>> Snort-users@lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/...fo/snort-users
>> Snort-users list archive:
>> http://www.geocrawler.com/redir-sf.p...st=snort-users
>
>
> <snort.conf><output-snort>


--Apple-Mail-30-1030860245
Content-Type: text/html;
charset=US-ASCII
Content-Transfer-Encoding: quoted-printable

<html><body style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; =
-webkit-line-break: after-white-space; ">Hi.<div><br></div><div>You are =
using a snort.conf from an old version (2.3) of Snort, use the one that =
came with the 2.8 source and you should get on fine.<div>I guess that =
you installed an older version of snort from the =
apt&nbsp;repository.</div><div><br></div><div>You will want to remove =
the old versions and then use the snort.conf, and associated stuff from =
2.8. You will find them under etc/ in the =
tarball.</div><div><br></div><div>-Leon</div><div><br></div><div><div>&nbs=
p;</div><div><br></div><div>&nbsp;&nbsp;<br><div><html>On 31 Mar 2008, =
at 14:33, jose wilter frazao wrote:</html><br =
class=3D"Apple-interchange-newline"><blockquote type=3D"cite">Hi,<br>I =
change parameter frag2 to frag3 in the /etc/snort/snot.conf, but is =
showing the next message:<br><br>Tagged Packet Limit: =
256<br>/etc/snort/snort.conf(214) unknown dynamic preprocessor =
"frag3"<br>/etc/snort/snort.conf(360) unknown dynamic preprocessor =
"telnet_decode"<br> /etc/snort/snort.conf(500) unknown dynamic =
preprocessor "xlink2state"<br>ERROR: Misconfigured dynamic =
preprocessor(s)<br>Fatal Error, Quitting..<br><br><br><div><span =
class=3D"gmail_quote">2008/3/29, Leon &lt;<a =
href=3D"mailto:seclists@rm-rf.co.uk">seclists@rm-rf.co.uk</a>>:</span><blo=
ckquote class=3D"gmail_quote" style=3D"border-left: 1px solid rgb(204, =
204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"> <div =
style=3D"">Hi&nbsp;<div><br></div><div>Looks like there are some =
problems with your snort.conf</div><span =
class=3D"q"><div><br></div><div><blockquote type=3D"cite"><span =
style=3D"font-family: Arial;">Mar 28 09:23:17 wilter-ubuntu =
snort[24673]: /etc/snort/snort.conf(214) unknown dynamic preprocessor =
"frag2"</span></blockquote> <br></div></span><div>frag2 has been =
replaced with frag3, You shouldn't have it enabled on line 214 of your =
snort.conf</div><div><br></div><div>As for the other errors, post your =
snort.conf with the full output of a snort -c /etc/snort/snort.conf -T =
and ill take a look.</div> =
<div><br></div><div>-Leon</div><div>&nbsp;</div><div><br></div><div><div><=
div><span class=3D"e" id=3D"q_118fc631eadefaa2_3">On 28 Mar 2008, at =
17:45, jose wilter frazao wrote:<br></span></div><blockquote =
type=3D"cite"><div><span class=3D"e" id=3D"q_118fc631eadefaa2_5"><div> =
Hello,</div> <div>&nbsp;</div> <div>&nbsp;I do downloaded of&nbsp; snort =
from <a href=3D"http://www.snort.com/" target=3D"_blank" onclick=3D"return=
top.js.OpenExtLink(window,event,this)">www.snort.c om</a> and compiled =
the Snort with support to Mysql, and I installed in the Ubuntu 7.04.<br> =
When I insert the command "/usr/local/bin/snort -D -c =
/etc/snort/snort.conf" for start the daemon of the Snort show the =
massage in the "/var/log/syslog":</div> <div><p style=3D"margin: 0cm 0cm =
0pt; background: white none repeat scroll 0% 50%; -moz-background-clip: =
-moz-initial; -moz-background-origin: -moz-initial; =
-moz-background-inline-policy: -moz-initial;"> <span style=3D"font-family:=
Arial;" lang=3D"EN-US"></span>&nbsp;</p><div style=3D"margin: 0cm 0cm =
0pt; background-color: white;"><span style=3D"font-family: Arial;" =
lang=3D"EN-US">Mar 28 09:23:17 wilter-ubuntu snort[24673]: =
/etc/snort/snort.conf(214) unknown dynamic preprocessor =
"frag2"</span></div> <div style=3D"margin: 0cm 0cm 0pt; =
background-color: white;"><span style=3D"font-family: Arial;" =
lang=3D"EN-US">Mar 28 09:23:17 wilter-ubuntu snort[24673]: =
/etc/snort/snort.conf(360) unknown dynamic preprocessor =
"telnet_decode"</span></div> <div style=3D"margin: 0cm 0cm 0pt; =
background-color: white;"><span style=3D"font-family: Arial;" =
lang=3D"EN-US">Mar 28 09:23:17 wilter-ubuntu snort[24673]: =
/etc/snort/snort.conf(500) unknown dynamic preprocessor =
"xlink2state"</span></div> <div style=3D"margin: 0cm 0cm 0pt; =
background-color: white;"><span style=3D"font-family: Arial;" =
lang=3D"EN-US">Mar 28 09:23:17 wilter-ubuntu snort[24673]: FATAL ERROR: =
Misconfigured dynamic preprocessor(s)</span></div><p style=3D"margin: =
0cm 0cm 0pt; background: white none repeat scroll 0% 50%; =
-moz-background-clip: -moz-initial; -moz-background-origin: =
-moz-initial; -moz-background-inline-policy: -moz-initial;"> <span =
style=3D"font-family: Arial;" lang=3D"EN-US"></span>&nbsp;</p><span =
style=3D"font-family: Arial;" lang=3D"EN-US"> <div dir=3D"ltr">What =
should I do to correct this problem?</div></span><p style=3D"margin: 0cm =
0cm 0pt; background: white none repeat scroll 0% 50%; =
-moz-background-clip: -moz-initial; -moz-background-origin: =
-moz-initial; -moz-background-inline-policy: -moz-initial;"> <span =
style=3D"font-family: Arial;" =
lang=3D"EN-US"></span>&nbsp;</p></div></span></div> =
-------------------------------------------------------------------------<=
br>Check out the new SourceForge.net Marketplace.<br>It's the best place =
to buy or sell services for<br> just about anything Open Source.<br><a =
href=3D"http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/m=
arketplace________________________________________ _______" =
target=3D"_blank" onclick=3D"return =
top.js.OpenExtLink(window,event,this)">http://ad.doubleclick.net/clk;16421=
6239;13503038;w?http://sf.net/marketplace___________..._____________=
______________</a><br> Snort-users mailing list<br><a =
href=3D"mailto:Snort-users@lists.sourceforge.net" target=3D"_blank" =
onclick=3D"return =
top.js.OpenExtLink(window,event,this)">Snort-users@lists.sourceforge.net</=
a><br>Go to this URL to change user options or unsubscribe:<br> <a =
href=3D"https://lists.sourceforge.net/lists/listinfo/snort-users" =
target=3D"_blank" onclick=3D"return =
top.js.OpenExtLink(window,event,this)">https://lists.sourceforge.net/lists=
/listinfo/snort-users</a><br>Snort-users list archive:<br> <a =
href=3D"http://www.geocrawler.com/redir-sf.php3?list=3Dsnort-users" =
target=3D"_blank" onclick=3D"return =
top.js.OpenExtLink(window,event,this)">http://www.geocrawler.com/redir-sf.=
php3?list=3Dsnort-users</a></blockquote></div><br> =
</div></div></blockquote></div><br> =
<span>&lt;snort.conf></span><span>&lt;output-snort></span></blockquote></d=
iv><br></div></div></div></body></html>=

--Apple-Mail-30-1030860245--


--===============1202135183==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

-------------------------------------------------------------------------
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services for
just about anything Open Source.
http://ad.doubleclick.net/clk;164216...et/marketplace
--===============1202135183==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/...fo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.p...st=snort-users
--===============1202135183==--

Reply With Quote
Reply
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT +1. The time now is 02:42 AM.

Contact Us - Usenet Forums - Archive - Top

Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0