|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[Snort-users] Re: [Snort-users] AW: [Snort-users] 2.1.0 (build9) ERROR: unknown preprocessor "à_decode"
From: Scott Zawalski (scott.zawalski
web.de)
Date: Fri Jan 09 2004 - 18:18:41 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
It would be better to take the snort.conf from v 2.1 and edit it again
to fit your current setup. I had this error also upgrading from 2.0.6
and just using my old conf.
Scott
Poppi, Sandro wrote:
>Hi Tony,
>
>I would suggest running through your snort.conf and searching for "decode"
>(without the quotes) somewhere after preprocessor stream4. Seems to me that
>a typo has made it accidently into the file.
>
>So long,
>Sandro
>
>
>>Hi,
>>
>>Just upgraded my Unstable Debian System. Snort upgraded to
>>2.1.0 (Build 9).
>>Since this upgrade i have the FATAL error :
>>
>>titine:/etc/snort# /usr/sbin/snort -T -c /etc/snort/snort.conf
>>...
>>
>>No arguments to frag2 directive, setting defaults to:
>> Fragment timeout: 60 seconds
>> Fragment memory cap: 4194304 bytes
>> Fragment min_ttl: 0
>> Fragment ttl_limit: 5
>> Fragment Problems: 0
>> Self preservation threshold: 500
>> Self preservation period: 90
>> Suspend threshold: 1000
>> Suspend period: 30
>>Stream4 config:
>> Stateful inspection: ACTIVE
>> Session statistics: INACTIVE
>> Session timeout: 30 seconds
>> Session memory cap: 8388608 bytes
>> State alerts: INACTIVE
>> Evasion alerts: INACTIVE
>> Scan alerts: ACTIVE
>> Log Flushed Streams: INACTIVE
>> MinTTL: 1
>> TTL Limit: 5
>> Async Link: 0
>> State Protection: 0
>> Self preservation threshold: 50
>> Self preservation period: 90
>> Suspend threshold: 200
>> Suspend period: 30
>>Stream4_reassemble config:
>> Server reassembly: INACTIVE
>> Client reassembly: ACTIVE
>> Reassembler alerts: ACTIVE
>> Zero out flushed packets: INACTIVE
>> flush_data_diff_size: 500
>> Ports: 21 23 25 53 80 110 111 143 513 1433
>> Emergency Ports: 21 23 25 53 80 110 111 143 513 1433
>>ERROR: unknown preprocessor "à_decode"
>>Fatal Error, Quitting..
>>
>>Recently , i just added some preprocessor portscan-ignorehosts, and
>>preprocessor portscan2-ignorehosts directive in my config file. Think
>>nothing to do with the error "a_decode"
>>
>>Some library version information on the system :
>>gcc version 3.3.3 20031229 (prerelease) (Debian)
>>libc6 2.3.2.ds1-10 GNU C Library: Shared libraries
>>and Timezone
>>libc6-dev 2.3.2.ds1-10 GNU C Library: Development
>>Libraries and Hea
>>
>>Thanks for your help.
>>
>>
>>-------------------------------------------------------
>>This SF.net email is sponsored by: Perforce Software.
>>Perforce is the Fast Software Configuration Management System offering
>>advanced branching capabilities and atomic changes on 50+ platforms.
>>Free Eval! http://www.perforce.com/perforce/loadprog.html
>>_______________________________________________
>>Snort-users mailing list
>>Snort-userslists.sourceforge.net
>>Go to this URL to change user options or unsubscribe:
>>https://lists.sourceforge.net/lists/listinfo/snort-users
>>Snort-users list archive:
>>http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>
>>
>>
>
>
>-------------------------------------------------------
>This SF.net email is sponsored by: Perforce Software.
>Perforce is the Fast Software Configuration Management System offering
>advanced branching capabilities and atomic changes on 50+ platforms.
>Free Eval! http://www.perforce.com/perforce/loadprog.html
>_______________________________________________
>Snort-users mailing list
>Snort-userslists.sourceforge.net
>Go to this URL to change user options or unsubscribe:
>https://lists.sourceforge.net/lists/listinfo/snort-users
>Snort-users list archive:
>http://www.geocrawler.com/redir-sf.php3?list=ort-users
>
>
>
-------------------------------------------------------
This SF.net email is sponsored by: Perforce Software.
Perforce is the Fast Software Configuration Management System offering
advanced branching capabilities and atomic changes on 50+ platforms.
Free Eval! http://www.perforce.com/perforce/loadprog.html
_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]