[Snort-users] new snort install, error when starting snort service

Justin Heath justin.heath at ...11827...
Wed Apr 18 16:05:01 EDT 2007


Looks like you are running an old revision of rule 3545. Update your
rules to the latest and try again.

Also, make sure you are running a version of pcre >= 4.0.


Cheers,
Justin Heath

On 4/18/07, Michael Giornesto <mcg12 at ...11968...> wrote:
>
>  I have a new install that is throwing an error when trying to start the
> snort service...certainly seems to be a config error in
> /etc/snort/snort.conf...but I am unsure how to locate problem.
>
>  ERROR: ERROR /etc/snort/rules/web-misc.rules Line 452 => unable to parse
> pcre regex "fn=Eye\d{4}_\d{2}.log/Rmsi"
>
>  Line 452 in /etc/snort/rules/web-misc.rules shows...
>
>  alert tcp $EXTERNAL_NET any -> $HOME_NET 8090 (msg:"WEB-MISC TrackerCam
> ComGetLogFile.php3 log information disclosure"; flow:to_server,established;
> content:"/ComGetLogFile.php3"; alert tcp $EXTERNAL_NET any -> $HOME_NET 8090
> (msg:"WEB-MISC TrackerCam ComGetLogFile.php3 log information disclosure";
> flow:to_server,established; content:"/ComGetLogFile.php3";
>
>
>  running on...
>  FC6 2.6.20
>  Snort 2.6.1.4
>  Apache 2.2.3
>  Mysql 5.0.27
>
>  Any suggestions are appreciated
>
>  Thanks,
>  Mike
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by DB2 Express
> Download DB2 Express C - the FREE version of DB2 express and take
> control of your XML. No limits. Just data. Click to get it now.
> http://sourceforge.net/powerbar/db2/
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>




More information about the Snort-users mailing list