Snort mailing list archives

Issue with snort.conf

From: "Atkins, Dwane P" <ATKINSD () uthscsa edu>
Date: Wed, 5 Jan 2011 17:08:55 -0600

When we initiate the following command per instructions,

sudo /usr/local/snort/bin/snort -u snort -g snort -c /usr/local/snort/etc/snort.conf -i eth1

we get this:

Stream5 UDP Policy config:
    Timeout: 180 seconds
ERROR: /usr/local/snort/etc/snort.conf(239) => Invalid keyword 'preprocessor' for 'global' configuration.
Fatal Error, Quitting..

In our snort.conf file, line 239 is "webroot no:

Can anyone please tell me what causes this?


206 preprocessor stream5_udp: timeout 180
    207
    208 # performance statistics.  For more information, see the Snort Manual, Configuring Snort - Preprocessors - 
Performance Monitor
    209 # preprocessor perfmonitor: time 300 file /var/snort/snort.stats pktcnt 10000
    210
    211 # HTTP normalization and anomaly detection.  For more information, see README.http_inspect
    212 preprocessor http_inspect: global iis_unicode_map unicode.map 1252 \
    213 preprocessor http_inspect_server: server default \
    214     chunk_length 500000 \
    215     server_flow_depth 0 \
    216     client_flow_depth 0 \
    217     post_depth 65495 \
    218         oversize_dir_length 500 \
    219     max_header_length 750 \
    220     max_headers 100 \
    221     ports { 80 311 591 593 901 1220 1414 1830 2301 2381 2809 3128 3702 5250 7001 7777 7779 8000 8008 8028 8080 
8088 8118 8123 8180 8243 8280 8888 9090 9091 9443 9999 11371 } \
    222     non_rfc_char { 0x00 0x01 0x02 0x03 0x04 0x05 0x06 0x07 } \
    223     enable_cookie \
    224     extended_response_inspection \
    225     normalize_utf \
    226     unlimited_decompress \
    227     apache_whitespace no \
    228     ascii no \
    229     bare_byte no \
    230     base36 no \
    231         directory no \
    232         double_decode no \
    233         iis_backslash no \
    234         iis_delimiter no \
    235         iis_unicode no \
    236         multi_slash no \
    237    utf_8 no \
    238         u_encode yes \
    239         webroot no

Thank you

Dwane

------------------------------------------------------------------------------
Learn how Oracle Real Application Clusters (RAC) One Node allows customers
to consolidate database storage, standardize their database environment, and, 
should the need arise, upgrade to a full multi-node Oracle RAC database 
without downtime or disruption
http://p.sf.net/sfu/oracle-sfdevnl

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Issue with snort.conf Atkins, Dwane P (Jan 05)
- Re: Issue with snort.conf Bhagya Bantwal (Jan 05)