[Snort-users] new snort install, error when starting snort service

Michael Giornesto mcg12 at ...11968...
Wed Apr 18 16:37:28 EDT 2007


tried rules update to latest community version...no luck.  Also PCRE = 
version 6.6

...still resulting in same error when attempting to start snort service

How do I determine where the error is located?

Thanks,
Mike


Justin Heath wrote:
> Looks like you are running an old revision of rule 3545. Update your
> rules to the latest and try again.
>
> Also, make sure you are running a version of pcre >= 4.0.
>
>
> Cheers,
> Justin Heath
>
> On 4/18/07, Michael Giornesto <mcg12 at ...11968...> wrote:
>>
>>  I have a new install that is throwing an error when trying to start the
>> snort service...certainly seems to be a config error in
>> /etc/snort/snort.conf...but I am unsure how to locate problem.
>>
>>  ERROR: ERROR /etc/snort/rules/web-misc.rules Line 452 => unable to 
>> parse
>> pcre regex "fn=Eye\d{4}_\d{2}.log/Rmsi"
>>
>>  Line 452 in /etc/snort/rules/web-misc.rules shows...
>>
>>  alert tcp $EXTERNAL_NET any -> $HOME_NET 8090 (msg:"WEB-MISC TrackerCam
>> ComGetLogFile.php3 log information disclosure"; 
>> flow:to_server,established;
>> content:"/ComGetLogFile.php3"; alert tcp $EXTERNAL_NET any -> 
>> $HOME_NET 8090
>> (msg:"WEB-MISC TrackerCam ComGetLogFile.php3 log information 
>> disclosure";
>> flow:to_server,established; content:"/ComGetLogFile.php3";
>>
>>
>>  running on...
>>  FC6 2.6.20
>>  Snort 2.6.1.4
>>  Apache 2.2.3
>>  Mysql 5.0.27
>>
>>  Any suggestions are appreciated
>>
>>  Thanks,
>>  Mike
>>
>> ------------------------------------------------------------------------- 
>>
>> This SF.net email is sponsored by DB2 Express
>> Download DB2 Express C - the FREE version of DB2 express and take
>> control of your XML. No limits. Just data. Click to get it now.
>> http://sourceforge.net/powerbar/db2/
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>
>
>






More information about the Snort-users mailing list