[Snort-users] setting up snort for the first time
wybnormal at ...1926...
Sat Oct 19 18:40:03 EDT 2002
I had this on my new install of version 1.9 and trying to use an older config file. While I am NOT an expert with Snort, there are differences between the snort.conf files. I started with a new snort.conf from the new rule set for 1.9 and life has been good.
You did not specify which version of Snort you are using so this is an observation and with the hope it might be useful.
"he who has relied least on fortune is established the strongest"
Quoting Bob Dixon <bob.dixon at ...4371...>:
> I am following Steven Scott's pdf guide to setting up Snort, MySQL, and
> ACID on Redhat 7.3. I am at the point where I have copied Steven's snort
> startup script "snortd". When I run "snortd start", I get a response of
> [OK], but a "ps -ef | grep snort" doesn't turn up the process. When I
> try to run snort manually with the following command, here's what I get.
> Any help is appreciated. Thanks...
> [root at ...7221... root]# snort -A full -c /etc/snort/snort.conf
> Log directory = /var/log/snort
> Initializing Network Interface eth0
> --== Initializing Snort ==--
> Decoding Ethernet on interface eth0
> Initializing Preprocessors!
> Initializing Plug-ins!
> Initializating Output Plugins!
> Parsing Rules file /etc/snort/snort.conf
> Initializing rule chains...
> No arguments to frag2 directive, setting defaults to:
> Fragment timeout: 60 seconds
> Fragment memory cap: 4194304 bytes
> Fragment min_ttl: 0
> Fragment ttl_limit: 5
> Fragment Problems: 0
> Stream4 config:
> Stateful inspection: ACTIVE
> Session statistics: INACTIVE
> Session timeout: 30 seconds
> Session memory cap: 8388608 bytes
> State alerts: INACTIVE
> Evasion alerts: INACTIVE
> Scan alerts: ACTIVE
> Log Flushed Streams: INACTIVE
> MinTTL: 1
> TTL Limit: 5
> No arguments to stream4_reassemble, setting defaults:
> Reassemble client: ACTIVE
> Reassemble server: INACTIVE
> Reassemble ports: 21 23 25 53 80 143 110 111 513
> Reassembly alerts: ACTIVE
> Reassembly method: FAVOR_OLD
> ERROR /etc/snort/snort.conf(243) => Unknown argument to http_decode
> preprocessor: "unicode"
> [root at ...7221... root]# /etc/rc.d/init.d/snortd start
> Starting snort: [ OK ]
> [root at ...7221... root]# ps -ef | grep snort
> [root at ...7221... root]#
> This sf.net email is sponsored by:
> Access Your PC Securely with GoToMyPC. Try Free Now
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> Snort-users list archive:
More information about the Snort-users