[Snort-users] Snort Beta v2.6

Ron Jenkins rjenkins at ...12829...
Mon Mar 20 17:55:01 EST 2006


I got it to load with the following; thanks Jason:

 

/usr/local/bin/snort -e -i eth1 -d -c /etc/snort/snort.conf -l
/var/log/snort --dynamic-preprocessor-lib
/usr/local/lib/snort_dynamicpreprocessor/libsf_ftptelnet_preproc.so
--dynamic-preprocessor-lib
/usr/local/lib/snort_dynamicpreprocessor/libsf_smtp_preproc.so

 

 

Does anyone know what these messages refer too?

 

Warning: flowbits key 'http.jpeg' is checked but not ever set.

Warning: flowbits key 'ms_sql_seen_dns' is checked but not ever set.

Warning: flowbits key 'dce.bind.veritas' is set but not ever checked.

Warning: flowbits key 'netbios.lsass.bind.attempt' is checked but not
ever set.

Warning: flowbits key 'dce.isystemactivator.bind.call.attempt' is set
but not ever checked.

Warning: flowbits key 'trojan' is set but not ever checked.

Warning: flowbits key 'realplayer.playlist' is checked but not ever set.

 

Not Using PCAP_FRAMES

 

 

FYI...

It does that a minute or so to fully initialize.

 

Thanks...

 

-----Original Message-----
From: Jason Brvenik [mailto:jasonb at ...1935...] 
Sent: Monday, March 20, 2006 6:52 PM
To: Ron Jenkins
Cc: snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] Snort Beta v2.6

 

A few questions.

 

Did you build with --enable-dynamicplugin

Install using make install?

Ensure that the plugins are located in is valid for shared objects?

 

you can also use --dynamic-preprocessor-lib-dir on the command line to

specify the path the plugins are located in. There is a config file

param that will also work for this.

 

 

 

Ron Jenkins wrote:

> Is anyone else having these problems?

> 

>  

> 

>  

> 

> / /

> 

> /ERROR: /etc/snort/snort.conf(519) unknown preprocessor "ftp_telnet"

> Fatal Error, Quitting..

> 

> ERROR: /etc/snort/snort.conf(523) unknown preprocessor

> "ftp_telnet_protocol"

> Fatal Error, Quitting..

> 

> ERROR: /etc/snort/snort.conf(571) unknown preprocessor "smtp"

> Fatal Error, Quitting..

> 

> Rule application order: ->activation->dynamic->pass->drop->alert->log

> Log directory = /var/log/snort

> Verifying Preprocessor Configurations!

> Warning: flowbits key 'trojan' is set but not ever checked.

> Warning: flowbits key 'dce.bind.veritas' is set but not ever checked.

> Warning: flowbits key 'dce.isystemactivator.bind.call.attempt' is set

> but not ever checked.

> Warning: flowbits key 'http.jpeg' is checked but not ever set.

> Warning: flowbits key 'realplayer.playlist' is checked but not ever
set.

> Warning: flowbits key 'ms_sql_seen_dns' is checked but not ever set.

> Warning: flowbits key 'netbios.lsass.bind.attempt' is checked but not

> ever set./

> 

> / /

> 

> / /

> 

> /After  a short period of time snort exits with the following:

> 

> Not Using PCAP_FRAMES/

> 

>  

> 

>  

> 

> Also, the server drive becomes very busy.

> 

>  

> 

> Thanks...

> 

>  

> 

> Ron Jenkins (SnortCP, MCNE, CNE6, MCP, CCNA, CCEA)

> Senior Architect

> Data Integrity, LLC

> "We Integrate People with Solutions"

> 1724 Dallas Drive

> Suite 11

> Baton Rouge, La 70806

> Office. 225.927.8030

> Fax. 225.927.8033

> Cell225.931.1632

> 

> Email. rjenkins at ...12829...

> Web. http://www.dibr.net

> 

> (Aanval Reseller and Technology Partner)

> 

> http://www.aanval.com/tour/dibr

> 

>  

> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20060320/09f45984/attachment.html>


More information about the Snort-users mailing list