[Snort-users] snort 2.9.9.0 error

Kumarswamy H N (kumhn) kumhn at ...589...
Fri Jan 13 04:28:44 EST 2017


Either you can install lzma package  or change the line 325 to decompress_swf { deflate } \

From: Mojtaba Haghighipour [mailto:moj.haghighipour at ...11827...]
Sent: Friday, January 13, 2017 2:42 PM
To: Michael Steele <michaels at ...9077...>
Cc: snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] snort 2.9.9.0 error

it's  my 325 and 326 line..
325:    decompress_swf { deflate lzma } \
326:    decompress_pdf { deflate }
what should I do now??

On Fri, Jan 13, 2017 at 12:39 AM, Michael Steele <michaels at ...9077...<mailto:michaels at ...9077...>> wrote:
This has been around for months and should displayed as a warning and not a fatal error.

Kindest regards,
Michael...

WINSNORT.com Management Team Member
--
****************** Established ~ 2001 *******************
*          Visit Us @ http://www.winsnort.com           *
*      ~~ FREE WinIDS Snort installation guides ~~      *
*               ~~ FREE support forums ~~               *
* Snort: Open Source Network IDS - http://www.snort.org *
*********************************************************

From: Ed Borgoyn (eborgoyn) [mailto:eborgoyn at ...589...<mailto:eborgoyn at ...589...>]
Sent: Thursday, January 12, 2017 12:52 PM
To: Jim Campbell <jim at ...17675...<mailto:jim at ...17675...>>; snort-users at lists.sourceforge.net<mailto:snort-users at lists.sourceforge.net>
Subject: Re: [Snort-users] snort 2.9.9.0 error

Does line 326 of snort.conf look like:


decompress_swf { deflate lzma }


If so, then try removing the ‘lzma’ keyword.  If snort is not built with the LZMA libraries for LZMA SWF file decompression, then this keyword will lead to a syntax error.


Ed Borgoyn
Cisco Snort Development Team


From: Jim Campbell <jim at ...17675...<mailto:jim at ...17675...>>
Date: Thursday, January 12, 2017 at 12:20 PM
To: "snort-users at lists.sourceforge.net<mailto:snort-users at lists.sourceforge.net>" <snort-users at lists.sourceforge.net<mailto:snort-users at lists.sourceforge.net>>
Subject: Re: [Snort-users] snort 2.9.9.0 error

It's telling you that line 326 of snort.conf has an error. Perhaps a mismatched or out of place '}'
On 1/12/2017 2:28 AM, Mojtaba Haghighipour wrote:
hi ... it's error when I run snort with command:
snort -c  /etc/snort/rules/etc/snort.conf

ERROR: /etc/snort/rules/etc/snort.conf(326) => Invalid keyword '}' for server configuration.

Fatal Error, Quitting..





Please help me..





------------------------------------------------------------------------------
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today. http://sdm.link/xeonphi
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net<mailto:Snort-users at lists.sourceforge.net>
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20170113/eb600f7b/attachment.html>


More information about the Snort-users mailing list