|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[Snort-users] AW: [Snort-users] 2.1.0 (build9) ERROR: unknown preprocessor "à_decode"
From: Poppi, Sandro (Sandro.Poppi
wacker.com)
Date: Fri Jan 09 2004 - 07:15:04 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi Tony,
I would suggest running through your snort.conf and searching for "decode"
(without the quotes) somewhere after preprocessor stream4. Seems to me that
a typo has made it accidently into the file.
So long,
Sandro
>
> Hi,
>
> Just upgraded my Unstable Debian System. Snort upgraded to
> 2.1.0 (Build 9).
> Since this upgrade i have the FATAL error :
>
> titine:/etc/snort# /usr/sbin/snort -T -c /etc/snort/snort.conf
> ...
>
> No arguments to frag2 directive, setting defaults to:
> Fragment timeout: 60 seconds
> Fragment memory cap: 4194304 bytes
> Fragment min_ttl: 0
> Fragment ttl_limit: 5
> Fragment Problems: 0
> Self preservation threshold: 500
> Self preservation period: 90
> Suspend threshold: 1000
> Suspend period: 30
> Stream4 config:
> Stateful inspection: ACTIVE
> Session statistics: INACTIVE
> Session timeout: 30 seconds
> Session memory cap: 8388608 bytes
> State alerts: INACTIVE
> Evasion alerts: INACTIVE
> Scan alerts: ACTIVE
> Log Flushed Streams: INACTIVE
> MinTTL: 1
> TTL Limit: 5
> Async Link: 0
> State Protection: 0
> Self preservation threshold: 50
> Self preservation period: 90
> Suspend threshold: 200
> Suspend period: 30
> Stream4_reassemble config:
> Server reassembly: INACTIVE
> Client reassembly: ACTIVE
> Reassembler alerts: ACTIVE
> Zero out flushed packets: INACTIVE
> flush_data_diff_size: 500
> Ports: 21 23 25 53 80 110 111 143 513 1433
> Emergency Ports: 21 23 25 53 80 110 111 143 513 1433
> ERROR: unknown preprocessor "à_decode"
> Fatal Error, Quitting..
>
> Recently , i just added some preprocessor portscan-ignorehosts, and
> preprocessor portscan2-ignorehosts directive in my config file. Think
> nothing to do with the error "a_decode"
>
> Some library version information on the system :
> gcc version 3.3.3 20031229 (prerelease) (Debian)
> libc6 2.3.2.ds1-10 GNU C Library: Shared libraries
> and Timezone
> libc6-dev 2.3.2.ds1-10 GNU C Library: Development
> Libraries and Hea
>
> Thanks for your help.
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by: Perforce Software.
> Perforce is the Fast Software Configuration Management System offering
> advanced branching capabilities and atomic changes on 50+ platforms.
> Free Eval! http://www.perforce.com/perforce/loadprog.html
> _______________________________________________
> Snort-users mailing list
> Snort-userslists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
-------------------------------------------------------
This SF.net email is sponsored by: Perforce Software.
Perforce is the Fast Software Configuration Management System offering
advanced branching capabilities and atomic changes on 50+ platforms.
Free Eval! http://www.perforce.com/perforce/loadprog.html
_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]