[Snort-users] sudo snort -Tc snort.conf failure

David Montgomery davidmontgomery at ...11827...
Tue Feb 11 08:03:11 EST 2014


I fixed the error.  My bad.  I see what it is.

I am running ubuntu 12.04 on VB


But now I get this error

      invite cancel ack bye register options refer subscribe update join
info message notify benotify do qauth sprack publish service unsubscribe
prack
IMAP Config:
    Ports: 143
    IMAP Memcap: 838860
    Base64 Decoding: Enabled
    Base64 Decoding Depth: Unlimited
    Quoted-Printable Decoding: Enabled
    Quoted-Printable Decoding Depth: Unlimited
    Unix-to-Unix Decoding: Enabled
    Unix-to-Unix Decoding Depth: Unlimited
    7bit/8bit/binary Extraction: Enabled
    7bit/8bit/binary Extraction Depth: Unlimited
POP Config:
    Ports: 110
    POP Memcap: 838860
    Base64 Decoding: Enabled
    Base64 Decoding Depth: Unlimited
    Quoted-Printable Decoding: Enabled
    Quoted-Printable Decoding Depth: Unlimited
    Unix-to-Unix Decoding: Enabled
    Unix-to-Unix Decoding Depth: Unlimited
    7bit/8bit/binary Extraction: Enabled
    7bit/8bit/binary Extraction Depth: Unlimited

+++++++++++++++++++++++++++++++++++++++++++++++++++
Initializing rule chains...
WARNING /etc/snort/rules/chat.rules(33) threshold (in rule) is deprecated;
use detection_filter instead.

ERROR: /etc/snort/rules/community-virus.rules(19) !any is not allowed:
!$DNS_SERVERS.






On Tue, Feb 11, 2014 at 8:50 PM, David Montgomery <davidmontgomery at ...11827...
> wrote:

> Hi,
>
> Newbie trying to setup snort on ubuntu 12.04.  Proving to be a disaster.
>
> apt-get install snort snort-mysql
>
> sudo snort -Tc snort.conf
>
> what is wrong with this line?
> output database: log, mysql, user=root password=test test dbname=snort
> host=localhost
>
> How to I translate the below into English?
>
>
>
>
>
> sudo service snort restart
>  * Starting Network Intrusion Detection System
> snort
> [fail]
> ubuntu at ...16692...:/etc/snort$ sudo snort -Tc snort.conf
> Running in Test mode
>
>         --== Initializing Snort ==--
> Initializing Output Plugins!
> Initializing Preprocessors!
> Initializing Plug-ins!
> Parsing Rules file "snort.conf"
> PortVar 'HTTP_PORTS' defined :  [ 80:81 311 591 593 901 1220 1414 1830
> 2301 2381 2809 3128 3702 5250 7001 7777 7779 8000 8008 8028 8080 8088 8118
> 8123 8180:8181 8243 8280 8888 9090:9091 9443 9999 11371 ]
> PortVar 'SHELLCODE_PORTS' defined :  [ 0:79 81:65535 ]
> PortVar 'ORACLE_PORTS' defined :  [ 1024:65535 ]
> PortVar 'SSH_PORTS' defined :  [ 22 ]
> PortVar 'FTP_PORTS' defined :  [ 21 2100 3535 ]
> PortVar 'SIP_PORTS' defined :  [ 5060:5061 5600 ]
> Detection:
>    Search-Method = AC-Full-Q
>     Split Any/Any group = enabled
>     Search-Method-Optimizations = enabled
>     Maximum pattern length = 20
> Tagged Packet Limit: 256
> Loading dynamic engine /usr/lib/snort_dynamicengine/libsf_engine.so... done
> Loading all dynamic preprocessor libs from
> /usr/lib/snort_dynamicpreprocessor/...
>   Loading dynamic preprocessor library
> /usr/lib/snort_dynamicpreprocessor//libsf_dce2_preproc.so... done
>   Loading dynamic preprocessor library
> /usr/lib/snort_dynamicpreprocessor//libsf_dns_preproc.so... done
>   Loading dynamic preprocessor library
> /usr/lib/snort_dynamicpreprocessor//libsf_smtp_preproc.so... done
>   Loading dynamic preprocessor library
> /usr/lib/snort_dynamicpreprocessor//libsf_reputation_preproc.so... done
>   Loading dynamic preprocessor library
> /usr/lib/snort_dynamicpreprocessor//libsf_ftptelnet_preproc.so... done
>   Loading dynamic preprocessor library
> /usr/lib/snort_dynamicpreprocessor//libsf_pop_preproc.so... done
>   Loading dynamic preprocessor library
> /usr/lib/snort_dynamicpreprocessor//libsf_sdf_preproc.so... done
>   Loading dynamic preprocessor library
> /usr/lib/snort_dynamicpreprocessor//libsf_ssh_preproc.so... done
>   Loading dynamic preprocessor library
> /usr/lib/snort_dynamicpreprocessor//libsf_ssl_preproc.so... done
>   Loading dynamic preprocessor library
> /usr/lib/snort_dynamicpreprocessor//libsf_gtp_preproc.so... done
>   Loading dynamic preprocessor library
> /usr/lib/snort_dynamicpreprocessor//libsf_modbus_preproc.so... done
>   Loading dynamic preprocessor library
> /usr/lib/snort_dynamicpreprocessor//libsf_dnp3_preproc.so... done
>   Loading dynamic preprocessor library
> /usr/lib/snort_dynamicpreprocessor//libsf_imap_preproc.so... done
>   Loading dynamic preprocessor library
> /usr/lib/snort_dynamicpreprocessor//libsf_sip_preproc.so... done
>   Finished Loading all dynamic preprocessor libs from
> /usr/lib/snort_dynamicpreprocessor/
> Log directory = /var/log/snort
> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
> !! WARNING: The database output plugins are considered deprecated as
> !!          of Snort 2.9.2 and will be removed in Snort 2.9.3.
> !!          The recommended approach to logging is to use unified2 with
> !!          barnyard2 or similar.
> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
> database: must enter database name in configuration file
>
>
> USAGE: database plugin
>
>  output database: [log | alert], [type of database], [parameter list]
>
>  [log | alert] selects whether the plugin will use the alert or
>  log facility.
>
>  For the first argument, you must supply the type of database.
>  The possible values are mysql, postgresql, odbc, oracle and
>  mssql
>  The parameter list consists of key value pairs. The proper
>  format is a list of key=value pairs each separated a space.
>
>  The only parameter that is absolutely necessary is "dbname".
>  All other parameters are optional but may be necessary
>  depending on how you have configured your RDBMS.
>
>  dbname - the name of the database you are connecting to
>
>  host - the host the RDBMS is on
>
>  port - the port number the RDBMS is listening on
>
>  user - connect to the database as this user
>
>  password - the password for given user
>
>  sensor_name - specify your own name for this snort sensor. If you
>         do not specify a name one will be generated automatically
>
>  encoding - specify a data encoding type (hex, base64, or ascii)
>
>  detail - specify a detail level (full or fast)
>
>  ignore_bpf - specify if you want to ignore the BPF part for a sensor
>
>               definition (yes or no, no is default)
>
>  FOR EXAMPLE:
>  The configuration I am currently using is MySQL with the database
>  name of "snort". The user "snortusr at ...274..." has INSERT and SELECT
>  privileges on the "snort" database and does not require a password.
>  The following line enables snort to log to this database.
>
>  output database: log, mysql, dbname=snort user=snortusr host=localhost
>
> ERROR:
> Fatal Error, Quitting..
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140211/b208dbb4/attachment.html>


More information about the Snort-users mailing list