[Snort-users] error when pushing sigs from snortcenter

Joel Esler joel.esler at ...1935...
Wed May 10 14:52:01 EDT 2006


What is line "1116" in your /etc/snort/snort.eth1.conf file?

Joel

martin wrote:
> Anybody have an idea what the error message ' getservbyname()
> failed on "any" ' means? I am including the full error message below.
> TIA
> 
> 
> ********************************
> 
> Push: Successfully send file: /etc/snort/snort.eth1.conf
> Initiate a Reload to activate new configuration.
> 
> 
> 
> 
> Reload: Current config file error:
> Running in IDS mode
> Log directory = /var/log/snort
> 
> Initializing Network Interface eth1
> OpenPcap() device eth1 network lookup:
> eth1: no IPv4 address assigned
> 
> --== Initializing Snort ==--
> Rule application order changed to Pass->Alert->Log
> Initializing Output Plugins!
> Decoding Ethernet on interface eth1
> Initializing Preprocessors!
> Initializing Plug-ins!
> Parsing Rules file /etc/snort/snort.eth1.conf
> 
> +++++++++++++++++++++++++++++++++++++++++++++++++++
> Initializing rule chains...
> No arguments to frag2 directive, setting defaults to:
> Fragment timeout: 60 seconds
> Fragment memory cap: 4194304 bytes
> Fragment min_ttl: 0
> Fragment ttl_limit: 5
> Fragment Problems: 0
> Self preservation threshold: 500
> Self preservation period: 90
> Suspend threshold: 1000
> Suspend period: 30
> Stream4 config:
> Stateful inspection: ACTIVE
> Session statistics: INACTIVE
> Session timeout: 30 seconds
> Session memory cap: 8388608 bytes
> State alerts: INACTIVE
> Evasion alerts: INACTIVE
> Scan alerts: INACTIVE
> Log Flushed Streams: INACTIVE
> MinTTL: 1
> TTL Limit: 5
> Async Link: 0
> State Protection: 0
> Self preservation threshold: 50
> Self preservation period: 90
> Suspend threshold: 200
> Suspend period: 30
> rpc_decode arguments:
> Ports to decode RPC on: 111 32771
> alert_fragments: INACTIVE
> alert_large_fragments: ACTIVE
> alert_incomplete: ACTIVE
> alert_multiple_requests: ACTIVE
> telnet_decode arguments:
> Ports to decode telnet on: 21 23 25 119
> Stream4_reassemble config:
> Server reassembly: INACTIVE
> Client reassembly: ACTIVE
> Reassembler alerts: ACTIVE
> Zero out flushed packets: INACTIVE
> flush_data_diff_size: 500
> Ports: 21 23 25 53 80 110 111 143 513 1433
> Emergency Ports: 21 23 25 53 80 110 111 143 513 1433
> ,-----------[Flow Config]----------------------
> | Stats Interval: 0
> | Hash Method: 2
> | Memcap: 10485760
> | Rows : 4099
> | Overhead Bytes: 16400(%0.16)
> `----------------------------------------------
> HttpInspect Config:
> GLOBAL CONFIG
> Max Pipeline Requests: 0
> Inspection Type: STATELESS
> Detect Proxy Usage: NO
> IIS Unicode Map Filename: /etc/snort/unicode.map
> IIS Unicode Map Codepage: 1252
> DEFAULT SERVER CONFIG:
> Ports: 80
> Flow Depth: 300
> Max Chunk Length: 500000
> Inspect Pipeline Requests: YES
> URI Discovery Strict Mode: NO
> Allow Proxy Usage: NO
> Disable Alerting: YES
> Oversize Dir Length: 0
> Only inspect URI: NO
> Ascii: YES alert: NO
> Double Decoding: YES alert: YES
> %U Encoding: YES alert: YES
> Bare Byte: YES alert: YES
> Base36: OFF
> UTF 8: OFF
> IIS Unicode: YES alert: YES
> Multiple Slash: YES alert: NO
> IIS Backslash: YES alert: NO
> Directory: YES alert: NO
> Apache WhiteSpace: YES alert: YES
> IIS Delimiter: YES alert: YES
> IIS Unicode Map: GLOBAL IIS UNICODE MAP CONFIG
> Non-RFC Compliant Characters: NONE
> database: inconsistent cid information for sid=8
> Recovering by rolling forward the cid=10010431
> database: compiled support for ( mysql )
> database: configured to use mysql
> database: user = snort
> database: password is set
> database: database name = snort
> database: host = snort.testdomain.com
> database: sensor name = ext
> database: sensor id = 8
> database: schema version = 106
> database: using the "alert" facility
> ERROR: /etc/snort/snort.eth1.conf(1116) => getservbyname() failed on "any"
> Fatal Error, Quitting..
> 
> Reload: SIGHUP has not been sent to snort pid!
> 
> 
> -------------------------------------------------------
> Using Tomcat but need to do more? Need to support web services, security?
> Get stuff done quickly with pre-integrated technology to make your job 
> easier
> Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
> http://sel.as-us.falkag.net/sel?cmd=k&kid0709&bid&3057&dat1642
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=ort-users
> 




More information about the Snort-users mailing list