Fw: [Snort-users] Snort - Fatal Error

prabu prabu333 at ...8908...
Mon Jul 26 05:07:37 EDT 2004


> Hello Shankar,
>       First tell about your database configuration.I guess that u might
have
> not commented the (/etc/snort/snort.conf:453 line,since it is used for
> enabling log alerts to syslog.U should comment this line,if u want to
enable
> the databes loggging,since that line of the config file specifies to alert
> the output of logs to syslog.
>
> if u r using databes logging ,then ur snort.conf should have line as,
> for example,output database: log, mysql, dbname=snort user=root
> host=localhost password=kovai
> For better understanding,go to directory /src/doc,See the README.database
> file for more information about configuring and using this plugin.
>
> -Prabu.S
> > Hi Snort Users,
> >
> > I am new to snort, read the snort manual by Patrick Harper (manual ver
> 7.2)
> > and implemented the same , as it is.
> > I get an error, ERROR: Undefined variable name:
> (/etc/snort/snort.conf:453):
> > Fatal Error, Quitting..
> > Line-453 output database: log, mysql, user=snort password=mypassword
> > dbname=snort host=localhost
> >
> > [root at ...2306...]# snort -c /etc/snort/snort.conf
> > Running in IDS mode
> > Log directory = /var/log/snort
> >
> > Initializing Network Interface eth0
> >
> >         --== Initializing Snort ==--
> > Initializing Output Plugins!
> > Decoding Ethernet on interface eth0
> > Initializing Preprocessors!
> > Initializing Plug-ins!
> > Parsing Rules file /etc/snort/snort.conf
> >
> > +++++++++++++++++++++++++++++++++++++++++++++++++++
> > Initializing rule chains...
> > ,-----------[Flow Config]----------------------
> > | Stats Interval:  0
> > | Hash Method:     2
> > | Memcap:          10485760
> > | Rows  :          4099
> > | Overhead Bytes:  16400(%0.16)
> > `----------------------------------------------
> > No arguments to frag2 directive, setting defaults to:
> >     Fragment timeout: 60 seconds
> >     Fragment memory cap: 4194304 bytes
> >     Fragment min_ttl:   0
> >     Fragment ttl_limit: 5
> >     Fragment Problems: 0
> >     Self preservation threshold: 500
> >     Self preservation period: 90
> >     Suspend threshold: 1000
> >     Suspend period: 30
> > Stream4 config:
> >     Stateful inspection: ACTIVE
> >     Session statistics: INACTIVE
> >     Session timeout: 30 seconds
> >     Session memory cap: 8388608 bytes
> >     State alerts: INACTIVE
> >     Evasion alerts: INACTIVE
> >     Scan alerts: INACTIVE
> >     Log Flushed Streams: INACTIVE
> >     MinTTL: 1
> >     TTL Limit: 5
> >     Async Link: 0
> >     State Protection: 0
> >     Self preservation threshold: 50
> >     Self preservation period: 90
> >     Suspend threshold: 200
> >     Suspend period: 30
> > Stream4_reassemble config:
> >     Server reassembly: INACTIVE
> >     Client reassembly: ACTIVE
> >     Reassembler alerts: ACTIVE
> >     Zero out flushed packets: INACTIVE
> >     flush_data_diff_size: 500
> >     Ports: 21 23 25 53 80 110 111 143 513 1433
> >     Emergency Ports: 21 23 25 53 80 110 111 143 513 1433
> > HttpInspect Config:
> >     GLOBAL CONFIG
> >       Max Pipeline Requests:    0
> >       Inspection Type:          STATELESS
> >       Detect Proxy Usage:       NO
> >       IIS Unicode Map Filename: /etc/snort/unicode.map
> >       IIS Unicode Map Codepage: 1252
> >     DEFAULT SERVER CONFIG:
> >       Ports: 80 8080 8180
> >       Flow Depth: 300
> >       Max Chunk Length: 500000
> >       Inspect Pipeline Requests: YES
> >       URI Discovery Strict Mode: NO
> >       Allow Proxy Usage: NO
> >       Disable Alerting: NO
> >       Oversize Dir Length: 500
> >       Only inspect URI: NO
> >       Ascii: YES alert: NO
> >       Double Decoding: YES alert: YES
> >       %U Encoding: YES alert: YES
> >       Bare Byte: YES alert: YES
> >       Base36: OFF
> >       UTF 8: OFF
> >       IIS Unicode: YES alert: YES
> >       Multiple Slash: YES alert: NO
> >       IIS Backslash: YES alert: NO
> >       Directory: YES alert: NO
> >       Apache WhiteSpace: YES alert: YES
> >       IIS Delimiter: YES alert: YES
> >       IIS Unicode Map: GLOBAL IIS UNICODE MAP CONFIG
> >       Non-RFC Compliant Characters: NONE
> > rpc_decode arguments:
> >     Ports to decode RPC on: 111 32771
> >     alert_fragments: INACTIVE
> >     alert_large_fragments: ACTIVE
> >     alert_incomplete: ACTIVE
> >     alert_multiple_requests: ACTIVE
> > telnet_decode arguments:
> >     Ports to decode telnet on: 21 23 25 119
> > [root at ...2306...]#
> > OS is Fedora Core-1 with all updates from freshrpms
> > snort-2.1.3-0
> > snort-mysql-2.1.3-0
> > adodb411
> > acid-0.9.6b23
> > zlib-1.2.1
> > jpgraph-1.14
> > libpcap-0.8.3
> > pcre-4.4
> > where did i go wrong, pls help, thx in advance.
> >
> > Regards,
> > Shankar.
> >



---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.726 / Virus Database: 481 - Release Date: 7/22/2004






More information about the Snort-users mailing list