[Snort-devel] DNS Dynamic Preprocessor Question

Erickson Brent W KPWA erickson at ...593...
Thu Feb 1 10:09:15 EST 2007


Hi Steve,

Thank you for the quick response.

I believe you are right.

Here is the bat file command line we run:

snort -o -i 3 -E -d -l log -F f13 -K ascii -h xxx.yyy.0.0/16 -c snort.conf

We send alerts to the Windows Event viewer and also log to the log folder.

We don't use data bases.

Brent


-----Original Message-----
From: Steven Sturges [mailto:steve.sturges at ...402...] 
Sent: Thursday, February 01, 2007 6:58 AM
To: Erickson Brent W KPWA
Cc: 'snort-devel at lists.sourceforge.net'
Subject: Re: [Snort-devel] DNS Dynamic Preprocessor Question


Hi Brent--

Can you forward the command-line arguments you are passing to Snort? This
looks like something that is specific to Win32 platforms.

Cheers.
-steve

Erickson Brent W KPWA wrote:
> Hello all,
> 
> I just started utilizing the DNS and SMTP dynamic preprocessors and 
> have a brief question about an error I receive from Snort during 
> startup. Snort runs after the error message occurs.
> 
> We are running version 2.6.1.2 and we have upgraded 7 Snort systems so 
> far, and we greatly appreciate your efforts.
> 
> They are all running like rock solid.
> 
> We are running Snort on a stripped down install of Windows XP Pro.
> 
> Here is the snort.conf configuration line:
> 
> preprocessor dns: ports { 53 } enable_rdata_overflow
> 
> When we start Snort, we see the error:
> 
> (876) => No arguments to alert_syslog preprocessor!
> 
> Line 876 is this line -- preprocessor dns: ports { 53 } 
> enable_rdata_overflow
> 
> I've searched through the Snort 2.6.1 manual, looked in the forums, 
> and also read the DNS readme file.
> 
> I can't figure out what I'm over looking.
> 
> I am also running the SMTP dynamic preprocessor.
> 
> If I comment out the DNS config, then I receive the same error at line 
> 695, which is the last line of the SMTP config.
> 
> We have never configured the alert_syslog preprocessor before and 
> never needed to.
> 
> Appreciate your advice.
> 
> Brent Erickson
> 
> 
> 
> 
> 
> 
> 
> 
> 
> ----------------------------------------------------------------------
> ---
> Using Tomcat but need to do more? Need to support web services, security?
> Get stuff done quickly with pre-integrated technology to make your job
easier.
> Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
> _______________________________________________
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-devel
> 






More information about the Snort-devel mailing list