[Snort-users] Error while parsing

ecmproute ecmproute at ...11827...
Wed Dec 21 20:42:00 EST 2005


Hello,
I am using snort 2.3.x
After loading the latest signature file for snort-2.3, I am getting a parser
error:
        --== Initializing Snort ==--
Checking PID path...
Writing PID "15854" to file "/var/run//snort.pid"
Decoding LoopBack on interface (null)
Initializing Preprocessors!
Initializing Plug-ins!
Parsing Rules file ./snort.conf

+++++++++++++++++++++++++++++++++++++++++++++++++++
Initializing rule chains.........................
Stream4 config:
    Stateful inspection: ACTIVE
    Session statistics: INACTIVE
    Session timeout: 30 seconds
    Session memory cap: 8388608 bytes
    State alerts: INACTIVE
    Evasion alerts: INACTIVE
    Scan alerts: INACTIVE
    Log Flushed Streams: INACTIVE
    MinTTL: 1
    TTL Limit: 5
    Async Link: 0
    State Protection: 0
    Self preservation threshold: 50
    Self preservation period: 90
    Suspend threshold: 200
    Suspend period: 30
    Enforce TCP State: INACTIVE
    Midstream Drop Alerts: INACTIVE

Stream4_reassemble config:
    Server reassembly: INACTIVE
    Client reassembly: ACTIVE
    Reassembler alerts: ACTIVE
    Zero out flushed packets: INACTIVE
    flush_data_diff_size: 500
    Ports: 21 23 25 53 80 110 111 143 513 1433 5119 9215 13311 17407
21503 25599 29695 33791 37887 41983 46079 ...
Terminated
+ ERR=143
+ [ 143 != 0 ]

The 143 is the error code returned to me from snort-parser when run from a
shell script.
Also, I have added the following lines in snort.conf:
+config flowbits_size: 256
preprocessor flow: stats_interval 0 hash 2
.....
Can you help me out on this?

Thanks & regards,
Arindam Roy
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20051221/fd62b660/attachment.html>


More information about the Snort-users mailing list