Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Enterprise IDS build

From: "Trevor Benson" <tbenson () a-1networks com>
Date: Sat, 22 Jan 2005 17:13:36 -0800
Had some issues with snort not listed as running (issue was with /var/run/snort for run.pid). Fixed that now it goes 
green.

Next issue so far is I can download rules to the Management Console, but when I push the rules to the sensor, nothing 
seems to happen. No rules show up on the sensor in its rules directory.

Last after manually pushing rules to the remote system (I think I had issues with IIS unicode.map file, cant remember 
if I moved it, or what I did.) once I select rules, apply and then restart I get this error from the agent:

telnet_decode arguments:
Ports to decode telnet on: 21 23 25 119 
ERROR: unknown preprocessor "°rtscan"
Fatal Error, Quitting..


Thanks,
Trevor


-----Original Message-----
From: Kevin Johnson [mailto:kjohnson () secureideas net] 
Sent: Friday, January 21, 2005 7:51 PM
To: Trevor Benson
Cc: Snort Users
Subject: Re: [Snort-users] Enterprise IDS build

On Fri, 2005-01-21 at 15:22, Trevor Benson wrote:

Has anyone implemented the Snort Enterprise IDS with snortcenter2, 
snort 2.3.0 RC2, BASE,  and Mandrake 10.1?  I am working through the 
small issues right now with getting this running.


Could you specify what the problems are?  We may be able to help you even if we aren't running the specific versions of 
software.

Kevin
-------------------
BASE Project Lead
http://sourceforge.net/projects/secureideas
http://base.secureideas.net
The next step in IDS analysis!



-------------------------------------------------------
This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
Tool for open source databases. Create drag-&-drop reports. Save time
by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
Download a FREE copy at http://www.intelliview.com/go/osdn_nl
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: