[Snort-users] Running snort in IDS mode

Plantier, Spencer spencer.plantier at ...12801...
Wed Feb 9 10:12:47 EST 2005


It seems like this is the problem:

 

 

preprocessor flow: stats_interval 0 hash 2

 

Thanks,

 

 

Spencer

________________________________

From: Ron Jenkins [mailto:rjenkins at ...12829...] 
Sent: Wednesday, February 09, 2005 12:34 PM
To: Plantier, Spencer
Cc: snort-users
Subject: RE: [Snort-users] Running snort in IDS mode

 

This is not the snort.conf file.

 

Also, the load line should look something like:

 

snort -e -d -D -c /etc/snort/snort.conf -l /var/log/snort

 

________________________________

From: Plantier, Spencer [mailto:spencer.plantier at ...12801...] 
Sent: Wednesday, February 09, 2005 11:35 AM
To: Ron Jenkins
Subject: RE: [Snort-users] Running snort in IDS mode

 

My snort.conf file

 

nclude $RULE_PATH /var/tmp/snort-2.3.0/rules/local.rules

include $RULE_PATH /var/tmp/snort-2.3.0/bad-traffic.rules

include $RULE_PATH /var/tmp/snort-2.3.0/exploit.rules

include $RULE_PATH /var/tmp/snort-2.3.0/scan.rules

include $RULE_PATH /var/tmp/snort-2.3.0/finger.rules

include $RULE_PATH /var/tmp/snort-2.3.0/ftp.rules

include $RULE_PATH /var/tmp/snort-2.3.0/telnet.rules

include $RULE_PATH /var/tmp/snort-2.3.0/rpc.rules

include $RULE_PATH /var/tmp/snort-2.3.0/rservices.rules

include $RULE_PATH /var/tmp/snort-2.3.0/dos.rules

include $RULE_PATH /var/tmp/snort-2.3.0/ddos.rules

include $RULE_PATH /var/tmp/snort-2.3.0/dns.rules

include $RULE_PATH /var/tmp/snort-2.3.0/tftp.rules

 

include $RULE_PATH /var/tmp/snort-2.3.0/web-cgi.rules

include $RULE_PATH /var/tmp/snort-2.3.0/web-coldfusion.rules

include $RULE_PATH /var/tmp/snort-2.3.0/web-iis.rules

include $RULE_PATH /var/tmp/snort-2.3.0/web-frontpage.rules

include $RULE_PATH /var/tmp/snort-2.3.0/web-misc.rules

include $RULE_PATH /var/tmp/snort-2.3.0/web-client.rules

include $RULE_PATH /var/tmp/snort-2.3.0/web-php.rules

 

include $RULE_PATH /var/tmp/snort-2.3.0/sql.rules

include $RULE_PATH /var/tmp/snort-2.3.0/x11.rules

include $RULE_PATH /var/tmp/snort-2.3.0/icmp.rules

include $RULE_PATH /var/tmp/snort-2.3.0/netbios.rules

include $RULE_PATH /var/tmp/snort-2.3.0/misc.rules

include $RULE_PATH /var/tmp/snort-2.3.0/attack-responses.rules

include $RULE_PATH /var/tmp/snort-2.3.0/oracle.rules

include $RULE_PATH /var/tmp/snort-2.3.0/mysql.rules

include $RULE_PATH /var/tmp/snort-2.3.0/snmp.rules

 

include $RULE_PATH /var/tmp/snort-2.3.0/smtp.rules

include $RULE_PATH /var/tmp/snort-2.3.0/imap.rules

include $RULE_PATH /var/tmp/snort-2.3.0/pop2.rules

include $RULE_PATH /var/tmp/snort-2.3.0/pop3.rules

 

include $RULE_PATH /var/tmp/snort-2.3.0/nntp.rules

include $RULE_PATH /var/tmp/snort-2.3.0/other-ids.rules

include $RULE_PATH /var/tmp/snort-2.3.0/web-attacks.rules

include $RULE_PATH /var/tmp/snort-2.3.0/backdoor.rules

include $RULE_PATH /var/tmp/snort-2.3.0/shellcode.rules

include $RULE_PATH /var/tmp/snort-2.3.0/policy.rules

include $RULE_PATH /var/tmp/snort-2.3.0/porn.rules

include $RULE_PATH /var/tmp/snort-2.3.0/info.rules

include $RULE_PATH /var/tmp/snort-2.3.0/icmp-info.rules

include $RULE_PATH /var/tmp/snort-2.3.0/virus.rules

include $RULE_PATH /var/tmp/snort-2.3.0/chat.rules

include $RULE_PATH /var/tmp/snort-2.3.0/multimedia.rules

include $RULE_PATH /var/tmp/snort-2.3.0/p2p.rules

include $RULE_PATH /var/tmp/snort-2.3.0/experimental.rules

 

Thanks,

 

 

Spencer

________________________________

From: Ron Jenkins [mailto:rjenkins at ...12829...] 
Sent: Wednesday, February 09, 2005 12:28 PM
To: Plantier, Spencer
Subject: RE: [Snort-users] Running snort in IDS mode

 

Is this Windows or Linux?

 

Place the full path to the snort.conf and log directories?

 

 

 

________________________________

From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Plantier,
Spencer
Sent: Wednesday, February 09, 2005 11:27 AM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] Running snort in IDS mode

 

I tried running the following command and get the following error:

snort -d -h 172.30.16.0/22 -l ./log -c snort.conf

Running in IDS mode

Log directory = ./log

Initializing Network Interface hme0

        --== Initializing Snort ==--

Initializing Output Plugins!

Decoding Ethernet on interface hme0

Initializing Preprocessors!

Initializing Plug-ins!

Parsing Rules file snort.conf

+++++++++++++++++++++++++++++++++++++++++++++++++++

Initializing rule chains...

ERROR:  unknown preprocessor "flow"

Fatal Error, Quitting..

#

Any help would be appreciated. 

Spencer Plantier

System Network Administrator

 

301 Gregson Dr

Cary, NC  27511

Office 919-379-8513

Cell    919-272-8833

spencer.plantier at ...12801...

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20050209/29cd8f70/attachment.html>


More information about the Snort-users mailing list