[Snort-users] Fwd: new snort install, error when starting snort service

Darryl Taylor darryl.taylor at ...1935...
Wed Apr 18 22:53:10 EDT 2007


Didn't reply-all the first time.

------------------

Darryl Taylor

Fingerprint: AEA7 16DB 2DC3 0C3E 43A9 F1B6 E25A 6A7C 16F2 68B6
Key: http://demo.sourcefire.com/dtaylor.pgp.key









Begin forwarded message:

> From: Darryl Taylor <darryl.taylor at ...1935...>
> Date: April 18, 2007 4:50:35 PM EDT
> To: Michael Giornesto <mcg12 at ...11968...>
> Subject: Re: [Snort-users] new snort install, error when starting  
> snort service
>
> If that is actually what it showed for that line then the line is  
> wrong. Looks like somehow that line got corrupted. There are two  
> alerts on the same line. Also the line is improperly terminated  
> among other omissions. Try commenting out that line.
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pastedGraphic.tiff
Type: image/tiff
Size: 52302 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20070418/8de7644e/attachment.tiff>
-------------- next part --------------
>
>
> ------------------
>
> Darryl Taylor
>
> Fingerprint: AEA7 16DB 2DC3 0C3E 43A9 F1B6 E25A 6A7C 16F2 68B6
> Key: http://demo.sourcefire.com/dtaylor.pgp.key
>
>
>
>
>
>
>
>
>
> On Apr 18, 2007, at 3:49 PM, Michael Giornesto wrote:
>
>> I have a new install that is throwing an error when trying to  
>> start the snort service...certainly seems to be a config error in / 
>> etc/snort/snort.conf...but I am unsure how to locate problem.
>>
>> ERROR: ERROR /etc/snort/rules/web-misc.rules Line 452 => unable to  
>> parse pcre regex "fn=Eye\d{4}_\d{2}.log/Rmsi"
>>
>> Line 452 in /etc/snort/rules/web-misc.rules shows...
>>
>> alert tcp $EXTERNAL_NET any -> $HOME_NET 8090 (msg:"WEB-MISC  
>> TrackerCam ComGetLogFile.php3 log information disclosure";  
>> flow:to_server,established; content:"/ComGetLogFile.php3"; alert  
>> tcp $EXTERNAL_NET any -> $HOME_NET 8090 (msg:"WEB-MISC TrackerCam  
>> ComGetLogFile.php3 log information disclosure";  
>> flow:to_server,established; content:"/ComGetLogFile.php3";
>>
>>
>> running on...
>> FC6 2.6.20
>> Snort 2.6.1.4
>> Apache 2.2.3
>> Mysql 5.0.27
>>
>> Any suggestions are appreciated
>>
>> Thanks,
>> Mike
>> --------------------------------------------------------------------- 
>> ----
>> This SF.net email is sponsored by DB2 Express
>> Download DB2 Express C - the FREE version of DB2 express and take
>> control of your XML. No limits. Just data. Click to get it now.
>> http://sourceforge.net/powerbar/db2/ 
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 186 bytes
Desc: This is a digitally signed message part
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20070418/8de7644e/attachment.sig>


More information about the Snort-users mailing list