[Snort-users] EXTERNAL:Re: Snort.config isue

Carter Waxman (cwaxman) cwaxman at cisco.com
Thu Aug 16 11:10:07 EDT 2018


Go up to the end of http_inspect_server. That error is specific to that preprocessor.

From: Alec Mason AFS <Alec.Mason at activefleetsolutions.com>
Date: Thursday, August 16, 2018 at 11:07 AM
To: "Carter Waxman (cwaxman)" <cwaxman at cisco.com>, "snort-users at lists.snort.org" <snort-users at lists.snort.org>
Subject: RE: EXTERNAL:Re: [Snort-users] Snort.config isue

Hi

This is what the lines around it look like

#   webroot no \
#   decompress_swf { deflate lzma } \
#   decompress_pdf { deflate }

# ONC-RPC normalization and anomaly detection.  For more information, see the Snort Manual, Configuring Snort - Preprocessors - RPC Decode
preprocessor rpc_decode: 111 32770 32771 32772 32773 32774 32775 32776 32777 32778 32779 no_alert_multiple_requests no_alert_large_fragments no_alert_incomplete

# Back Orifice detection.
preprocessor bo

Thanks

Alec Mason
Group IT & Infrastructure Director

ARVS Limited T/A Active Fleet Solutions
Parkway House, Second Avenue, Centrum 100, Burton on Trent, DE14 2WF

Mob: 07824 875880      Tel: 0845 600 4755      Fax: 0845 600 4754
e-mail: alec.mason at activefleetsolutions.com<mailto:alec.mason at activefleetsolutions.com>

[fs2]<http://www.activefleetsolutions.com/>

P Please consider the environment before printing

[cid:image002.png at 01D43551.B0136070]<https://www.linkedin.com/in/alec-mason-51961348/>
Email disclaimer
 This email and any files and information transmitted with it are confidential and intended solely for the sole and lawful use of the individual or entity to whom they are addressed. It may also be privileged or otherwise protected by other legal rules. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. You are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited.
WARNING: Computer viruses can be transmitted via email. Although the company has taken reasonable precautions to ensure no viruses are present in this email, the company cannot accept responsibility for any loss or damage arising from the transmission or use of this email or attachments.
Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of the company.

From: Carter Waxman (cwaxman) [mailto:cwaxman at cisco.com]
Sent: 16 August 2018 16:06
To: Alec Mason AFS; snort-users at lists.snort.org
Subject: EXTERNAL:Re: [Snort-users] Snort.config isue

Check the line before it for a ‘\’ at the end which means continue this directive on the next line. It thinks you are trying to use ‘preprocessor’ as a configuration option for http.

- Carter

From: Snort-users <snort-users-bounces at lists.snort.org> on behalf of Alec Mason AFS via Snort-users <snort-users at lists.snort.org>
Reply-To: Alec Mason AFS <Alec.Mason at activefleetsolutions.com>
Date: Thursday, August 16, 2018 at 10:59 AM
To: "snort-users at lists.snort.org" <snort-users at lists.snort.org>
Subject: [Snort-users] Snort.config isue

Hi

I am new to Snort and trying to follow instructions to install and configure Snort on Windows.

I am getting the following error message when I am checking the install

ERROR: C:\Snort\etc\snort.config(330) =>invalid keyword 'preprocessor' for server configuration

On line 330 of snort.config there is the following

preprocessor rpc_decode: 111 32770 32771 32772 32773 32774 32775 32776 32777 32778 32779 no_alert_multiple_requests no_alert_large_fragments no_alert_incomplete

Any suggestions

Thanks

Alec Mason


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20180816/0d128eb5/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 10586 bytes
Desc: image001.png
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20180816/0d128eb5/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 1495 bytes
Desc: image002.png
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20180816/0d128eb5/attachment-0001.png>


More information about the Snort-users mailing list