[Snort-users] nubie first attempt to start snort failed

Jeff Dell jdell at ...1095...
Mon Sep 12 22:25:19 EDT 2005


http_decode was no longer supported around version 2.1. I am not sure what
all this stuff is on your IDS sensor, but in a typical install I would
suggest upgrading your snort installation to the latest version, currently
version 2.4.0.

Cheers,
Jeff

> -----Original Message-----
> From: snort-users-admin at lists.sourceforge.net 
> [mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of 
> James Beistle
> Sent: Tuesday, September 13, 2005 12:38 AM
> To: snort-users at lists.sourceforge.net
> Subject: [Snort-users] nubie first attempt to start snort failed
> 
> Unusual System Events
> =-=-=-=-=-=-=-=-=-=-=
> Sep 12 22:59:36 server1 snort: Initializing daemon mode 
> Sep 12 22:59:36 server1 kernel: device eth0 entered promiscuous mode
> Sep 12 22:59:36 server1 snort: PID path stat checked out ok, 
> PID path set to
> /var/run/ 
> Sep 12 22:59:36 server1 snort: Writing PID "11060" to file
> "/var/run//snort_eth0.pid" 
> Sep 12 22:59:36 server1 snort: Parsing Rules file /usr/bin/snort.conf 
> Sep 12 22:59:36 server1 snort: FATAL ERROR:  unknown preprocessor
> "http_decode" 
> Sep 12 22:59:36 server1 kernel: device eth0 left promiscuous mode
> 
> Point me toward faqs or old messages that will help 
> Linux RH dedicated apache server with Plesk is my control pnl
> Running apf,bfd,portsentry,psad, almost snort 
> Snort shares rules with psad
> 
> Had trouble accessing mysql because of Plesk /// no data base 
> implemented in
> the firewall logs or rules/confs
> 
> Primary application is Php Nuke and html static pages
> 
> Jim
> 
>  
>  
>  
>  
>  
> 
> 
> 
> 
> 
> -------------------------------------------------------
> SF.Net email is Sponsored by the Better Software Conference & EXPO
> September 19-22, 2005 * San Francisco, CA * Development 
> Lifecycle Practices
> Agile & Plan-Driven Development * Managing Projects & Teams * 
> Testing & QA
> Security * Process Improvement & Measurement * 
> http://www.sqe.com/bsce5sf
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=ort-users
> 






More information about the Snort-users mailing list