[Snort-users] new snort install, error when starting snort service

Joel Esler joel.esler at ...1935...
Wed Apr 18 16:42:30 EDT 2007


WEB-MISC is a vrt ruleset.  Not community.

How did you install Snort?  Via package?

Joel


On Wed, Apr 18, 2007 at 04:37:28PM -0400, it looks like Michael Giornesto sent me:
> tried rules update to latest community version...no luck.  Also PCRE = 
> version 6.6
> 
> ...still resulting in same error when attempting to start snort service
> 
> How do I determine where the error is located?
> 
> Thanks,
> Mike
> 
> 
> Justin Heath wrote:
> > Looks like you are running an old revision of rule 3545. Update your
> > rules to the latest and try again.
> >
> > Also, make sure you are running a version of pcre >= 4.0.
> >
> >
> > Cheers,
> > Justin Heath
> >
> > On 4/18/07, Michael Giornesto <mcg12 at ...11968...> wrote:
> >>
> >>  I have a new install that is throwing an error when trying to start the
> >> snort service...certainly seems to be a config error in
> >> /etc/snort/snort.conf...but I am unsure how to locate problem.
> >>
> >>  ERROR: ERROR /etc/snort/rules/web-misc.rules Line 452 => unable to 
> >> parse
> >> pcre regex "fn=Eye\d{4}_\d{2}.log/Rmsi"
> >>
> >>  Line 452 in /etc/snort/rules/web-misc.rules shows...
> >>
> >>  alert tcp $EXTERNAL_NET any -> $HOME_NET 8090 (msg:"WEB-MISC TrackerCam
> >> ComGetLogFile.php3 log information disclosure"; 
> >> flow:to_server,established;
> >> content:"/ComGetLogFile.php3"; alert tcp $EXTERNAL_NET any -> 
> >> $HOME_NET 8090
> >> (msg:"WEB-MISC TrackerCam ComGetLogFile.php3 log information 
> >> disclosure";
> >> flow:to_server,established; content:"/ComGetLogFile.php3";
> >>
> >>
> >>  running on...
> >>  FC6 2.6.20
> >>  Snort 2.6.1.4
> >>  Apache 2.2.3
> >>  Mysql 5.0.27
> >>
> >>  Any suggestions are appreciated
> >>
> >>  Thanks,
> >>  Mike
> >>
> >> ------------------------------------------------------------------------- 
> >>
> >> This SF.net email is sponsored by DB2 Express
> >> Download DB2 Express C - the FREE version of DB2 express and take
> >> control of your XML. No limits. Just data. Click to get it now.
> >> http://sourceforge.net/powerbar/db2/
> >> _______________________________________________
> >> Snort-users mailing list
> >> Snort-users at lists.sourceforge.net
> >> Go to this URL to change user options or unsubscribe:
> >> https://lists.sourceforge.net/lists/listinfo/snort-users
> >> Snort-users list archive:
> >> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> >>
> >
> >
> 
> 
> 
> -------------------------------------------------------------------------
> This SF.net email is sponsored by DB2 Express
> Download DB2 Express C - the FREE version of DB2 express and take
> control of your XML. No limits. Just data. Click to get it now.
> http://sourceforge.net/powerbar/db2/
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 



+---------------------------------------------------------------------+
Joel Esler                                          Security Consultant
        gpg key: http://demo.sourcefire.com/jesler.pgp.key
+---------------------------------------------------------------------+




More information about the Snort-users mailing list