[Snort-devel] DNS Dynamic Preprocessor Question

Steven Sturges steve.sturges at ...402...
Thu Feb 1 09:57:48 EST 2007


Hi Brent--

Can you forward the command-line arguments you are passing to Snort?
This looks like something that is specific to Win32 platforms.

Cheers.
-steve

Erickson Brent W KPWA wrote:
> Hello all,
> 
> I just started utilizing the DNS and SMTP dynamic preprocessors and have a
> brief question about an error I receive from Snort during startup. Snort
> runs after the error message occurs.
> 
> We are running version 2.6.1.2 and we have upgraded 7 Snort systems so far,
> and we greatly appreciate your efforts.
> 
> They are all running like rock solid.
> 
> We are running Snort on a stripped down install of Windows XP Pro.
> 
> Here is the snort.conf configuration line:
> 
> preprocessor dns: ports { 53 } enable_rdata_overflow
> 
> When we start Snort, we see the error: 
> 
> (876) => No arguments to alert_syslog preprocessor!
> 
> Line 876 is this line -- preprocessor dns: ports { 53 }
> enable_rdata_overflow
> 
> I've searched through the Snort 2.6.1 manual, looked in the forums, and also
> read the DNS readme file.
> 
> I can't figure out what I'm over looking.
> 
> I am also running the SMTP dynamic preprocessor.
> 
> If I comment out the DNS config, then I receive the same error at line 695,
> which is the last line of the SMTP config.
> 
> We have never configured the alert_syslog preprocessor before and never
> needed to.
> 
> Appreciate your advice.
> 
> Brent Erickson
> 
> 
> 
> 
> 
> 
> 
> 
> 
> -------------------------------------------------------------------------
> Using Tomcat but need to do more? Need to support web services, security?
> Get stuff done quickly with pre-integrated technology to make your job easier.
> Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
> _______________________________________________
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-devel
> 





More information about the Snort-devel mailing list