[Snort-users] snort FATAL errors on start

Erek Adams erek at ...577...
Sun Sep 1 19:51:34 EDT 2002


On Sun, 1 Sep 2002, Donnie Green wrote:

> I am running snort-1.8.7 on RH 7.3 (libpcap-0.6.2-12).  When I attempt to
> start snort, I get the following errors:
> Sep  1 20:42:14 pandora snort: Initializing daemon mode
> Sep  1 20:42:14 pandora snortd: snort startup succeeded
> Sep  1 20:42:14 pandora snort: PID stat checked out ok, PID set to /var/run/
> Sep  1 20:42:14 pandora snort: Writing PID file to "/var/run/"
> Sep  1 20:42:14 pandora snort: FATAL ERROR: ERROR /etc/snort/snort.conf(242)
> => Unknown argument to http_decode preprocessor: "unicode"
> Sep  1 20:42:14 pandora kernel: device eth0 left promiscuous mode
>
> Also, when I attempt to stop snort I get the following error:
> Sep  1 20:42:01 pandora snortd: snort shutdown failed
>
> This is strange because this seemed to work out the box on my laptop.  Can
> anyone help?

You're using an older .conf file with a newer version of snort.  When you
update version of snort, you _must_ update to the new version of the .conf.
Many times things will change in the .conf due to code changes.

Also, save yourself a problem later.  Ditch the RPM for libpcap and go get the
version from tcpdump.org.

Cheers!

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net





More information about the Snort-users mailing list