[Snort-users] FATAL ERROR: /usr/local/etc/snort.conf(45) Unknown rule type: ipvar.

waldo kitty wkitty42 at ...14940...
Wed Aug 17 12:40:25 EDT 2011


On 8/17/2011 11:07, alexus wrote:
> it seems like it's failing on part #5 (preprocessors(rpc_decode))
>
>
> su-3.2# snort -sc /usr/local/etc/snort.conf
> Running in IDS mode
>
>          --== Initializing Snort ==--
[TRIM]
> rpc_decode arguments:
>      Ports to decode RPC on: 111 32770 32771 32772 32773 32774 32775
> 32776 32777 32778 32779
>      alert_fragments: INACTIVE
>      alert_large_fragments: INACTIVE
>      alert_incomplete: INACTIVE
>      alert_multiple_requests: INACTIVE
> Segmentation fault: 11 (core dumped)
> su-3.2#

in my (old) snort (Snort 2.8.6.1 GRE (Build 39)), the next line is the loading 
of the Portscan Detection Config... it is immediately after the 
alert_multiple_requests line... then i have the following sections...

  FTPTelnet Config
  SMTP Config
  SSH Config
  DCE/RPC 2 Preprocessor Configuration
  DNS Configuration
  SSLPP config
  Initializing rule chains...

maybe this helps somewhat?




More information about the Snort-users mailing list