[Snort-users] [Snort-devel] Snort Configuration Problems

Michael Steele michaels at ...9077...
Sun Dec 30 09:01:05 EST 2012


I've seen this happen when the \ has been added to the tail if the
configuration line. It must be removed in Windows.

 

When Snort is installed the folder 'snort\lib\snort_dynamicrules' is
created, and there should be several files inside that folder.

 

Directory of c:\snort\lib\snort_dynamicpreprocessor

 

11/16/2012  02:40 PM           196,608 sf_dce2.dll

11/16/2012  02:41 PM            32,768 sf_dnp3.dll

11/16/2012  02:39 PM            24,576 sf_dns.dll

11/16/2012  02:39 PM            65,536 sf_ftptelnet.dll

11/16/2012  02:41 PM            36,864 sf_gtp.dll

11/16/2012  02:40 PM           192,512 sf_imap.dll

11/16/2012  02:41 PM            24,576 sf_modbus.dll

11/16/2012  02:41 PM           192,512 sf_pop.dll

11/16/2012  02:41 PM            32,768 sf_reputation.dll

11/16/2012  02:40 PM            32,768 sf_sdf.dll

11/16/2012  02:40 PM            45,056 sf_sip.dll

11/16/2012  02:39 PM           208,896 sf_smtp.dll

11/16/2012  02:39 PM            24,576 sf_ssh.dll

11/16/2012  02:39 PM            28,672 sf_ssl.dll

              14 File(s)      1,138,688 bytes

 

If listing the Snort files and folders is a problem, try uninstalling Snort,
and reinstalling. If file and folder problems persist there might be a
hardware issue.

 

Best regards,

Michael...

 

WINSNORT.com Management Team Member

--

****************** Established ~ 2001 *******************

*          Visit Us @  <http://www.winsnort.com/> http://www.winsnort.com
*

*      ~~ FREE WinIDS Snort installation guides ~~      *

*               ~~ FREE support forums ~~               *

* Snort: Open Source Network IDS -  <http://www.snort.org/>
http://www.snort.org *

*********************************************************

 

From: Natalie Woh [mailto:lunchisserved at ...125...] 
Sent: Sunday, December 30, 2012 1:24 AM
To: michaels at ...9077...; snort-devel at lists.sourceforge.net
Subject: RE: [Snort-devel] Snort Configuration Problems

 

Hi Michael 

 

Thank you for your reply.

I think I am missing some file. When I ran Snort in IDS mode, I got this
message:

ERROR: c:\snort\etc\snort.conf(253) Could not stat dynamic module path
"c:\snort

\lib\snort_dynamicrules": No such file or directory.

 

I hope to hear from you at your earliest convenience.

 

Thank you for your time.

 

Best Regards

Natalie

 

  _____  

From: michaels at ...9077... <mailto:michaels at ...9077...> 
To: lunchisserved at ...125... <mailto:lunchisserved at ...125...> ;
snort-devel at lists.sourceforge.net <mailto:snort-devel at lists.sourceforge.net>

Subject: RE: [Snort-devel] Snort Configuration Problems
Date: Sat, 29 Dec 2012 16:44:01 -0500

Natalie,

 

Original Line(s): dynamicpreprocessor directory
/usr/local/lib/snort_dynamicpreprocessor/
Change to: dynamicpreprocessor directory
c:\snort\lib\snort_dynamicpreprocessor

 

Best regards,

Michael...

 

WINSNORT.com Management Team Member

--

****************** Established ~ 2001 *******************

*          Visit Us @  <http://www.winsnort.com/> http://www.winsnort.com
*

*      ~~ FREE WinIDS Snort installation guides ~~      *

*               ~~ FREE support forums ~~               *

* Snort: Open Source Network IDS -  <http://www.snort.org/>
http://www.snort.org *

*********************************************************

 

From: Natalie Woh [mailto:lunchisserved at ...125...] 
Sent: Wednesday, December 26, 2012 1:27 AM
To: snort-devel at lists.sourceforge.net
<mailto:snort-devel at lists.sourceforge.net> 
Subject: [Snort-devel] Snort Configuration Problems

 

Dear Sir/Mdm

 

I am experiencing problems configuring Snort.

 

I typed "dir" and got this message:

C:\Snort\bin>dir

 Volume in drive C has no label.

 Volume Serial Number is 4EC9-0980

 

 Directory of C:\Snort\bin

 

05/12/2012  02:47 PM    <DIR>          .

05/12/2012  02:47 PM    <DIR>          ..

24/06/2010  09:58 PM            54,784 npptools.dll

02/11/2010  02:16 AM           274,489 ntwdblib.dll

02/11/2010  02:16 AM           262,226 Packet.dll

03/12/2003  11:22 PM            94,208 pcre.dll

01/08/2012  01:34 AM         1,167,360 snort.exe

02/11/2010  02:16 AM            53,326 WanPacket.dll

25/06/2010  01:41 AM           258,126 wpcap.dll

28/01/2010  05:50 AM            73,728 zlib1.dll

               8 File(s)      2,238,247 bytes

               2 Dir(s)  229,230,264,320 bytes free

 

While running Snort in IDS mode, I got this message:

Initializing Output Plugins!

Initializing Preprocessors!

Initializing Plug-ins!

Parsing Rules file "C:\Snort\etc\snort.conf"

PortVar 'HTTP_PORTS' defined :  [ 80:81 311 591 593 901 1220 1414 1830 2301
2381

 2809 3128 3702 4343 5250 7001 7145 7510 7777 7779 8000 8008 8014 8028 8080
8088

 8118 8123 8180:8181 8243 8280 8800 8888 8899 9080 9090:9091 9443 9999 11371
555

55 ]

PortVar 'SHELLCODE_PORTS' defined :  [ 0:79 81:65535 ]

PortVar 'ORACLE_PORTS' defined :  [ 1024:65535 ]

PortVar 'SSH_PORTS' defined :  [ 22 ]

PortVar 'FTP_PORTS' defined :  [ 21 2100 3535 ]

PortVar 'SIP_PORTS' defined :  [ 5060:5061 5600 ]

PortVar 'FILE_DATA_PORTS' defined :  [ 80:81 110 143 311 591 593 901 1220
1414 1

830 2301 2381 2809 3128 3702 4343 5250 7001 7145 7510 7777 7779 8000 8008
8014 8

028 8080 8088 8118 8123 8180:8181 8243 8280 8800 8888 8899 9080 9090:9091
9443 9

999 11371 55555 ]

PortVar 'GTP_PORTS' defined :  [ 2123 2152 3386 ]

Detection:

   Search-Method = AC-Full-Q

    Split Any/Any group = enabled

    Search-Method-Optimizations = enabled

    Maximum pattern length = 20

ERROR: C:\Snort\etc\snort.conf(247) Could not stat dynamic module path
"c:snort\

lib\snort_dynamicpreprocessor": No such file or directory.

 

Fatal Error, Quitting..

Could not create the registry key.

 

I hope to hear from you at your earliest convenience.

 

Thank you for your time.

 

Best Regards

Natalie

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20121230/43ee5875/attachment.html>


More information about the Snort-users mailing list