[Snort-users] snort FATAL errors on start
erek at ...577...
Sun Sep 1 19:51:34 EDT 2002
On Sun, 1 Sep 2002, Donnie Green wrote:
> I am running snort-1.8.7 on RH 7.3 (libpcap-0.6.2-12). When I attempt to
> start snort, I get the following errors:
> Sep 1 20:42:14 pandora snort: Initializing daemon mode
> Sep 1 20:42:14 pandora snortd: snort startup succeeded
> Sep 1 20:42:14 pandora snort: PID stat checked out ok, PID set to /var/run/
> Sep 1 20:42:14 pandora snort: Writing PID file to "/var/run/"
> Sep 1 20:42:14 pandora snort: FATAL ERROR: ERROR /etc/snort/snort.conf(242)
> => Unknown argument to http_decode preprocessor: "unicode"
> Sep 1 20:42:14 pandora kernel: device eth0 left promiscuous mode
> Also, when I attempt to stop snort I get the following error:
> Sep 1 20:42:01 pandora snortd: snort shutdown failed
> This is strange because this seemed to work out the box on my laptop. Can
> anyone help?
You're using an older .conf file with a newer version of snort. When you
update version of snort, you _must_ update to the new version of the .conf.
Many times things will change in the .conf due to code changes.
Also, save yourself a problem later. Ditch the RPM for libpcap and go get the
version from tcpdump.org.
More information about the Snort-users