[Snort-users] Errors starting Snort...

Lorenzo Rossi condor_rl at ...2470...
Mon Nov 1 08:40:26 EST 2004


HI, 

some time ago I configured Snort 2.0 with mysql and Acid on my linux Debian
box. I was very happy all was working ok! 
Then I updated snort-mysql and mysql packages using Debian utility "apt-get", and snort stop working
but but I have not enought time to  investigate the problem.

Only now I have found the time to working back on snort so I updated
again my snort-mysql and mysql packages and I tried to startup snort, but it
generate an error. And I do not know why?
My Debian packages are:


snort-mysql:
  Installed: 2.2.0-4
  Candidate: 2.2.0-4

Snort version is:
Version 2.2.0 (Build 30)


mysql-server:
  Installed: 4.0.21-7
  Candidate: 4.0.21-7


Below is the output of the /var/log/daemon.log

Could you give me some advices to bring me on the corrct way?

Thanks Lorenzo

=============================================================================
Nov  1 17:04:09 europa snort: OpenPcap() device eth0 network lookup:
^Ieth0: no IPv4 address assigned
Nov  1 17:04:09 europa snort: Initializing daemon mode
Nov  1 17:04:09 europa snort: PID path stat checked out ok, PID path set
to /var/run/
Nov  1 17:04:09 europa snort: Writing PID "12509" to file
"/var/run//snort_eth0.pid"
Nov  1 17:04:09 europa snort: ,-----------[Flow
Config]----------------------
Nov  1 17:04:09 europa snort: | Stats Interval:  0
Nov  1 17:04:09 europa snort: | Hash Method:     2
Nov  1 17:04:09 europa snort: | Memcap:          10485760
Nov  1 17:04:09 europa snort: | Rows  :          4099
Nov  1 17:04:09 europa snort: | Overhead Bytes:  16400(%0.16)
Nov  1 17:04:09 europa snort:
`----------------------------------------------
Nov  1 17:04:09 europa snort: HttpInspect Config:
Nov  1 17:04:09 europa snort:     GLOBAL CONFIG
Nov  1 17:04:09 europa snort:       Max Pipeline Requests:    0
Nov  1 17:04:09 europa snort:       Inspection Type:          STATELESS
Nov  1 17:04:09 europa snort:       Detect Proxy Usage:       NO
Nov  1 17:04:09 europa snort:       IIS Unicode Map Filename:
/etc/snort/unicode.map
Nov  1 17:04:09 europa snort:       IIS Unicode Map Codepage: 1252
Nov  1 17:04:09 europa snort:     DEFAULT SERVER CONFIG:
Nov  1 17:04:09 europa snort:       Ports:
Nov  1 17:04:09 europa snort: 80
Nov  1 17:04:09 europa snort: 8080
Nov  1 17:04:09 europa snort: 8180
Nov  1 17:04:10 europa snort:
Nov  1 17:04:10 europa snort:       Flow Depth: 300
Nov  1 17:04:10 europa snort:       Max Chunk Length: 500000
Nov  1 17:04:10 europa snort:       Inspect Pipeline Requests: YES
Nov  1 17:04:10 europa snort:       URI Discovery Strict Mode: NO
Nov  1 17:04:10 europa snort:       Allow Proxy Usage: NO
Nov  1 17:04:10 europa snort:       Disable Alerting: NO
Nov  1 17:04:10 europa snort:       Oversize Dir Length: 500
Nov  1 17:04:10 europa snort:       Only inspect URI: NO
Nov  1 17:04:10 europa snort:       Ascii: YES alert: NO
Nov  1 17:04:10 europa snort:       Double Decoding: YES alert: YES
Nov  1 17:04:10 europa snort:       %U Encoding: YES alert: YES
Nov  1 17:04:10 europa snort:       Bare Byte: YES alert: YES
Nov  1 17:04:10 europa snort:       Base36: OFF
Nov  1 17:04:10 europa snort:       UTF 8: OFF
Nov  1 17:04:10 europa snort:       IIS Unicode: YES alert: YES
Nov  1 17:04:10 europa snort:       Multiple Slash: YES alert: NO
Nov  1 17:04:10 europa snort:       IIS Backslash: YES alert: NO
Nov  1 17:04:10 europa snort:       Directory Traversal: YES alert: NO
Nov  1 17:04:10 europa snort:       Web Root Traversal: YES alert: YES
Nov  1 17:04:10 europa snort:       Apache WhiteSpace: YES alert: YES
Nov  1 17:04:10 europa snort:       IIS Delimiter: YES alert: YES
Nov  1 17:04:10 europa snort:       IIS Unicode Map: GLOBAL IIS UNICODE
MAP CONFIG
Nov  1 17:04:10 europa snort:       Non-RFC Compliant Characters:
Nov  1 17:04:10 europa snort: NONE
Nov  1 17:04:10 europa snort:
Nov  1 17:04:10 europa snort: rpc_decode arguments:
Nov  1 17:04:10 europa snort:     Ports to decode RPC on: 111 32771
Nov  1 17:04:10 europa snort:     alert_fragments: INACTIVE
Nov  1 17:04:10 europa snort:     alert_large_fragments: ACTIVE
Nov  1 17:04:10 europa snort:     alert_incomplete: ACTIVE
Nov  1 17:04:10 europa snort:     alert_multiple_requests: ACTIVE
Nov  1 17:04:10 europa snort: telnet_decode arguments:
Nov  1 17:04:10 europa snort:     Ports to decode telnet on: 21 23 25
119
Nov  1 17:04:10 europa snort: /etc/snort/snort.eth0.conf(357) Unable to
create an IPSet from [any]

===============================================================================================


-- 
LinuxUser: 71680	OpenPGP-> KeyID: 0x25B9E15E
===================================================
Fingerprint:
BF76 8EC9 A14D 2CD4 195F  9E7D 6834 A8AE 25B9 E15E
---------------------------------------------------




More information about the Snort-users mailing list