[Snort-devel] DNS Dynamic Preprocessor Question

Erickson Brent W KPWA erickson at ...593...
Thu Feb 1 09:50:29 EST 2007


Hello all,

I just started utilizing the DNS and SMTP dynamic preprocessors and have a
brief question about an error I receive from Snort during startup. Snort
runs after the error message occurs.

We are running version 2.6.1.2 and we have upgraded 7 Snort systems so far,
and we greatly appreciate your efforts.

They are all running like rock solid.

We are running Snort on a stripped down install of Windows XP Pro.

Here is the snort.conf configuration line:

preprocessor dns: ports { 53 } enable_rdata_overflow

When we start Snort, we see the error: 

(876) => No arguments to alert_syslog preprocessor!

Line 876 is this line -- preprocessor dns: ports { 53 }
enable_rdata_overflow

I've searched through the Snort 2.6.1 manual, looked in the forums, and also
read the DNS readme file.

I can't figure out what I'm over looking.

I am also running the SMTP dynamic preprocessor.

If I comment out the DNS config, then I receive the same error at line 695,
which is the last line of the SMTP config.

We have never configured the alert_syslog preprocessor before and never
needed to.

Appreciate your advice.

Brent Erickson












More information about the Snort-devel mailing list