[Snort-users] (no subject)

From: Comcast <vulcan20mm1(at)comcast.net>
Date: Sun Mar 02 2003 - 23:36:50 EST

I am having the below error. I also have the problem of pushing the snesor config file it does not put it into the /etc/snort directory I have to down load it and copy it to the /etc/snort dir.

I am running rh 8.0 on a amd 1500 processor with MySql 2.53 snort center 9.6 acid v096b23 snort agent 0.1.4. It was all working fine until I wanted to update a rule and copied over a new snort.etho.conf file and restarted then it failed. Any Ideas. Please help!

Current config file error:
Initializing Output Plugins!
Log directory = /var/log/snort

Initializing Network Interface eth0

--== Initializing Snort ==--
Rule application order changed to Pass->Alert->Log Decoding Ethernet on interface eth0
Parsing Rules file /etc/snort/snort.eth0.conf

+++++++++++++++++++++++++++++++++++++++++++++++++++

Initializing rule chains...
Initializing Preprocessors!
Initializing Plug-ins!
No arguments to frag2 directive, setting defaults to: Fragment timeout: 60 seconds
Fragment memory cap: 4194304 bytes
Fragment min_ttl: 0
Fragment ttl_limit: 5
Fragment Problems: 0
Stream4 config:
Stateful inspection: ACTIVE
Session statistics: INACTIVE
Session timeout: 30 seconds
Session memory cap: 8388608 bytes
State alerts: INACTIVE
Evasion alerts: INACTIVE
Scan alerts: ACTIVE
Log Flushed Streams: INACTIVE
MinTTL: 1
TTL Limit: 5
Async Link: 0
No arguments to stream4_reassemble, setting defaults: Reassemble client: ACTIVE
Reassemble server: INACTIVE
Reassemble ports: 21 23 25 53 80 143 110 111 513 Reassembly alerts: ACTIVE
Reassembly method: FAVOR_OLD
http_decode arguments:
Unicode decoding
IIS alternate Unicode decoding
IIS double encoding vuln
Flip backslash to slash
Include additional whitespace separators Ports to decode http on: 80
rpc_decode arguments:
Ports to decode RPC on: 111 32771
telnet_decode arguments:
Ports to decode telnet on: 21 23 25 119
Conversation Config:
KeepStats: 0
Conv Count: 32000
Timeout : 60
Alert Odd?: 0
Allowed IP Protocols: All

Portscan2 config:
log: /var/log/snort/scan.log
scanners_max: 3200
targets_max: 5000
target_limit: 5
port_limit: 20
timeout: 60

database: compiled support for ( mysql )
database: configured to use mysql
database: user = snort
database: password is set
database: database name = snort
database: host = 127.0.0.1
database: sensor name = ras
database: sensor id = 1
database: schema version = 106
database: using the "log" facility
database: compiled support for ( mysql )
database: configured to use mysql
database: user = snort
database: password is set
database: database name = snort
database: host = 127.0.0.1
database: sensor name = 192.168.1.100
database: sensor id = 2
database: schema version = 106
database: using the "log" facility

ERROR line /etc/snort/snort.eth0.conf (658) => Unknown rule type: notify Fatal Error, Quitting..

---

This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven.
http://thinkgeek.com/sf

---

Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users Received on Mon Mar 3 00:13:29 2003