|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
RE: [Snort-users] Snort - Fatal Error
From: Shankar (list
zeeaccess.com)
Date: Mon Jul 26 2004 - 07:51:27 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Dear Patrick Harper,
i have installed both, here is the output. pls help to overcome this
problem.
[rootIDS snort]# rpm -qa | grep snort
snort-mysql-2.1.3-0.fdr.1
snort-2.1.3-0.fdr.1
[rootIDS snort]#
Regards,
Shankar.
-----Original Message-----
From: Harper, Patrick [mailto:patrick.harperphns.com]
Sent: Monday, July 26, 2004 6:10 PM
To: Shankar; Snort-Users
Subject: RE: [Snort-users] Snort - Fatal Error
Sounds like you only got the snort RPM installed and not the snort-mysql
rpm as well.
To find out do the following and you should see the output like is
listed
[rootwww snort]# rpm -qa |grep snort
snort-mysql-2.1.2-2
snort-2.1.2-2
[rootwww snort]#
-----Original Message-----
From: Shankar [mailto:listzeeaccess.com]
Sent: Monday, July 26, 2004 5:22 AM
To: Snort-Users
Subject: [Snort-users] Snort - Fatal Error
Hi Snort Users,
I am new to snort, read the snort manual by Patrick Harper (manual ver
7.2) and implemented the same , as it is.
I get an error, ERROR: Undefined variable name:
(/etc/snort/snort.conf:453):
Fatal Error, Quitting..
Line-453 output database: log, mysql, user=snort password=mypassword
dbname=snort host=localhost
[rootsnort]# snort -c /etc/snort/snort.conf Running in IDS mode Log
directory = /var/log/snort
Initializing Network Interface eth0
--== Initializing Snort ==--
Initializing Output Plugins!
Decoding Ethernet on interface eth0
Initializing Preprocessors!
Initializing Plug-ins!
Parsing Rules file /etc/snort/snort.conf
+++++++++++++++++++++++++++++++++++++++++++++++++++
Initializing rule chains...
,-----------[Flow Config]----------------------
| Stats Interval: 0
| Hash Method: 2
| Memcap: 10485760
| Rows : 4099
| Overhead Bytes: 16400(%0.16)
`----------------------------------------------
No arguments to frag2 directive, setting defaults to:
Fragment timeout: 60 seconds
Fragment memory cap: 4194304 bytes
Fragment min_ttl: 0
Fragment ttl_limit: 5
Fragment Problems: 0
Self preservation threshold: 500
Self preservation period: 90
Suspend threshold: 1000
Suspend period: 30
Stream4 config:
Stateful inspection: ACTIVE
Session statistics: INACTIVE
Session timeout: 30 seconds
Session memory cap: 8388608 bytes
State alerts: INACTIVE
Evasion alerts: INACTIVE
Scan alerts: INACTIVE
Log Flushed Streams: INACTIVE
MinTTL: 1
TTL Limit: 5
Async Link: 0
State Protection: 0
Self preservation threshold: 50
Self preservation period: 90
Suspend threshold: 200
Suspend period: 30
Stream4_reassemble config:
Server reassembly: INACTIVE
Client reassembly: ACTIVE
Reassembler alerts: ACTIVE
Zero out flushed packets: INACTIVE
flush_data_diff_size: 500
Ports: 21 23 25 53 80 110 111 143 513 1433
Emergency Ports: 21 23 25 53 80 110 111 143 513 1433 HttpInspect
Config:
GLOBAL CONFIG
Max Pipeline Requests: 0
Inspection Type: STATELESS
Detect Proxy Usage: NO
IIS Unicode Map Filename: /etc/snort/unicode.map
IIS Unicode Map Codepage: 1252
DEFAULT SERVER CONFIG:
Ports: 80 8080 8180
Flow Depth: 300
Max Chunk Length: 500000
Inspect Pipeline Requests: YES
URI Discovery Strict Mode: NO
Allow Proxy Usage: NO
Disable Alerting: NO
Oversize Dir Length: 500
Only inspect URI: NO
Ascii: YES alert: NO
Double Decoding: YES alert: YES
%U Encoding: YES alert: YES
Bare Byte: YES alert: YES
Base36: OFF
UTF 8: OFF
IIS Unicode: YES alert: YES
Multiple Slash: YES alert: NO
IIS Backslash: YES alert: NO
Directory: YES alert: NO
Apache WhiteSpace: YES alert: YES
IIS Delimiter: YES alert: YES
IIS Unicode Map: GLOBAL IIS UNICODE MAP CONFIG
Non-RFC Compliant Characters: NONE rpc_decode arguments:
Ports to decode RPC on: 111 32771
alert_fragments: INACTIVE
alert_large_fragments: ACTIVE
alert_incomplete: ACTIVE
alert_multiple_requests: ACTIVE
telnet_decode arguments:
Ports to decode telnet on: 21 23 25 119 [rootsnort]# OS is Fedora
Core-1 with all updates from freshrpms snort-2.1.3-0 snort-mysql-2.1.3-0
adodb411
acid-0.9.6b23
zlib-1.2.1
jpgraph-1.14
libpcap-0.8.3
pcre-4.4
where did i go wrong, pls help, thx in advance.
Regards,
Shankar.
-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java
Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click
_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Disclaimer:
This electronic message, including any attachments, is confidential and
intended solely for use of the intended recipient(s). This message may
contain information that is privileged or otherwise protected from
disclosure by applicable law. Any unauthorized disclosure, dissemination,
use or reproduction is strictly prohibited. If you have received this
message in error, please delete it and notify the sender immediately.
-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click
_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]