[Snort-users] snort 2.9.9.0 error

Michael Steele michaels at ...9077...
Fri Jan 13 08:45:23 EST 2017


What is the reason for changing the line below, shouldn’t it just be hashed out?

 

325:    decompress_swf { deflate lzma } \
325:    decompress_swf { deflate } \

Kindest regards,

Michael...

 

WINSNORT.com Management Team Member

--

****************** Established ~ 2001 *******************

*          Visit Us @  <http://www.winsnort.com> http://www.winsnort.com           *

*      ~~ FREE WinIDS Snort installation guides ~~      *

*               ~~ FREE support forums ~~               *

* Snort: Open Source Network IDS -  <http://www.snort.org> http://www.snort.org *

*********************************************************

 

From: Kumarswamy H N (kumhn) [mailto:kumhn at ...589...] 
Sent: Friday, January 13, 2017 4:29 AM
To: Mojtaba Haghighipour <moj.haghighipour at ...11827...>; Michael Steele <michaels at ...9077...>
Cc: snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] snort 2.9.9.0 error

 

Either you can install lzma package  or change the line 325 to decompress_swf { deflate } \

 

From: Mojtaba Haghighipour [mailto:moj.haghighipour at ...11827...] 
Sent: Friday, January 13, 2017 2:42 PM
To: Michael Steele <michaels at ...9077... <mailto:michaels at ...9077...> >
Cc: snort-users at lists.sourceforge.net <mailto:snort-users at ...5870....net> 
Subject: Re: [Snort-users] snort 2.9.9.0 error

 

it's  my 325 and 326 line..
325:    decompress_swf { deflate lzma } \
326:    decompress_pdf { deflate }

what should I do now??

 

On Fri, Jan 13, 2017 at 12:39 AM, Michael Steele <michaels at ...9077... <mailto:michaels at ...9077...> > wrote:

This has been around for months and should displayed as a warning and not a fatal error.

 

Kindest regards,

Michael...

 

WINSNORT.com Management Team Member

--

****************** Established ~ 2001 *******************

*          Visit Us @  <http://www.winsnort.com> http://www.winsnort.com           *

*      ~~ FREE WinIDS Snort installation guides ~~      *

*               ~~ FREE support forums ~~               *

* Snort: Open Source Network IDS -  <http://www.snort.org> http://www.snort.org *

*********************************************************

 

From: Ed Borgoyn (eborgoyn) [mailto:eborgoyn at ...589... <mailto:eborgoyn at ...979...589...> ] 
Sent: Thursday, January 12, 2017 12:52 PM
To: Jim Campbell <jim at ...17675... <mailto:jim at ...17675...> >; snort-users at ...2902...ists.sourceforge.net <mailto:snort-users at lists.sourceforge.net> 
Subject: Re: [Snort-users] snort 2.9.9.0 error

 

Does line 326 of snort.conf look like:

 

decompress_swf { deflate lzma }

 

If so, then try removing the ‘lzma’ keyword.  If snort is not built with the LZMA libraries for LZMA SWF file decompression, then this keyword will lead to a syntax error.

 

 

Ed Borgoyn

Cisco Snort Development Team

 

 

From: Jim Campbell <jim at ...17675... <mailto:jim at ...17675...> >
Date: Thursday, January 12, 2017 at 12:20 PM
To: "snort-users at lists.sourceforge.net <mailto:snort-users at ...2652...e.net> " <snort-users at lists.sourceforge.net <mailto:snort-users at ...635...eforge.net> >
Subject: Re: [Snort-users] snort 2.9.9.0 error

 

It's telling you that line 326 of snort.conf has an error. Perhaps a mismatched or out of place '}'

On 1/12/2017 2:28 AM, Mojtaba Haghighipour wrote:

hi ... it's error when I run snort with command:

snort -c  /etc/snort/rules/etc/snort.conf

ERROR: /etc/snort/rules/etc/snort.conf(326) => Invalid keyword '}' for server configuration.
Fatal Error, Quitting..
 
 
Please help me..
 

 

 


------------------------------------------------------------------------------
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today. http://sdm.link/xeonphi
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net <mailto:Snort-users at lists.sourceforge.net> 
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20170113/b6439970/attachment.html>


More information about the Snort-users mailing list