[Snort-users] snort.conf problem: i think

Matt Kettler mkettler at ...4108...
Fri Jan 25 13:09:03 EST 2002


It looks like you're using a rather old version of snort (1.7), with a 
fairly new rules file.. Upgrade to a 1.8.x version of snort and you should 
be fine.

-*> Snort! <*-
Version 1.7-WIN32


As a side note, this is a list with several text/shell-mode UNIX users on 
it. If you want to reach all of the people that can help you try not to use 
colorized, stylized, HTML mail, such emails become illegible to the ones 
using simple text readers. (yes my mailer does add a HTML tag at the top, 
but it doesn't add 5 tags per line resetting the font face, color and size 
constantly like several unnamed mailing products do).

My mailer can read HTML mail, but even in my case I find colored-text email 
to be generally harder to read than the defaults I've set. Which isn't a 
surprise as I carefully chose the defaults to match the size, color and 
contrast I find easiest on my eyes. (ie: bright blue text is much harder 
for me to stare at than my default black on dull-off-white, but at least 
it's not bright red on white in 6pt arial. ugh!)

(I've attempted to de-html this.)
At 03:16 PM 1/25/2002 -0500, Kevin Moker wrote:
>Can someone tell me what I am doing wrong?  I am running snort on win2k 
>(yeah, I know, that's my first mistake) and need to figure out why the 
>following error is coming up.  I am new to snort and I am having some 
>difficulties with it.
>
>Here is the error:
>
>C:\snort>snort -dev -l c:\inetpub\wwwroot\Logs -h 10.0.0.13/24 -c snort.conf
>
>         --== Initializing Snort ==--
>
>Initializing Network Interface 
>\Device\Packet_{A4B3B48F-2737-45FB-82D6-D79E5EA5C55D}
>Decoding Ethernet on interface 
>\Device\Packet_{A4B3B48F-2737-45FB-82D6-D79E5EA5C55D}
>Initializing Preprocessors!
>Initializing Plug-ins!
>Initializating Output Plugins!
>
>+++++++++++++++++++++++++++++++++++++++++++++++++++
>Initializing rule chains...
>
>*WARNING*: unknown preprocessor "frag2", ignoring!
>
>
>*WARNING*: unknown preprocessor "stream4", ignoring!
>
>
>*WARNING*: unknown preprocessor "stream4_reassemble", ignoring!
>
>
>*WARNING*: unknown preprocessor "rpc_decode", ignoring!
>
>
>*WARNING*: unknown preprocessor "bo", ignoring!
>
>
>*WARNING*: unknown preprocessor "telnet_decode", ignoring!
>
>Using LOCAL time
>Error: Unknown config: classification
>
>This command works:
>
>C:\snort>snort -dev -l c:\inetpub\wwwroot\Logs -h 10.0.0.13/24
>
>         --== Initializing Snort ==--
>
>Initializing Network Interface 
>\Device\Packet_{A4B3B48F-2737-45FB-82D6-D79E5EA5C55D}
>Decoding Ethernet on interface 
>\Device\Packet_{A4B3B48F-2737-45FB-82D6-D79E5EA5C55D}
>
>         --== Initialization Complete ==--
>
>-*> Snort! <*-
>Version 1.7-WIN32
>By Martin Roesch (roesch at ...66..., www.snort.org)
>WIN32 Port By Michael Davis (mike at ...92..., www.datanerds.net/~mike)
>
>This is why I think it's the conf file but I don't have enough knowledge 
>yet on this. Can someone help?





More information about the Snort-users mailing list