Snort mailing list archives
Re: snort 2.9.9.0 error
From: "Michael Steele" <michaels () winsnort com>
Date: Fri, 13 Jan 2017 08:45:23 -0500
What is the reason for changing the line below, shouldn’t it just be hashed out?
325: decompress_swf { deflate lzma } \
325: decompress_swf { deflate } \
Kindest regards,
Michael...
WINSNORT.com Management Team Member
--
****************** Established ~ 2001 *******************
* Visit Us @ <http://www.winsnort.com> http://www.winsnort.com *
* ~~ FREE WinIDS Snort installation guides ~~ *
* ~~ FREE support forums ~~ *
* Snort: Open Source Network IDS - <http://www.snort.org> http://www.snort.org *
*********************************************************
From: Kumarswamy H N (kumhn) [mailto:kumhn () cisco com]
Sent: Friday, January 13, 2017 4:29 AM
To: Mojtaba Haghighipour <moj.haghighipour () gmail com>; Michael Steele <michaels () winsnort com>
Cc: snort-users () lists sourceforge net
Subject: Re: [Snort-users] snort 2.9.9.0 error
Either you can install lzma package or change the line 325 to decompress_swf { deflate } \
From: Mojtaba Haghighipour [mailto:moj.haghighipour () gmail com]
Sent: Friday, January 13, 2017 2:42 PM
To: Michael Steele <michaels () winsnort com <mailto:michaels () winsnort com> >
Cc: snort-users () lists sourceforge net <mailto:snort-users () lists sourceforge net>
Subject: Re: [Snort-users] snort 2.9.9.0 error
it's my 325 and 326 line..
325: decompress_swf { deflate lzma } \
326: decompress_pdf { deflate }
what should I do now??
On Fri, Jan 13, 2017 at 12:39 AM, Michael Steele <michaels () winsnort com <mailto:michaels () winsnort com> > wrote:
This has been around for months and should displayed as a warning and not a fatal error.
Kindest regards,
Michael...
WINSNORT.com Management Team Member
--
****************** Established ~ 2001 *******************
* Visit Us @ <http://www.winsnort.com> http://www.winsnort.com *
* ~~ FREE WinIDS Snort installation guides ~~ *
* ~~ FREE support forums ~~ *
* Snort: Open Source Network IDS - <http://www.snort.org> http://www.snort.org *
*********************************************************
From: Ed Borgoyn (eborgoyn) [mailto:eborgoyn () cisco com <mailto:eborgoyn () cisco com> ]
Sent: Thursday, January 12, 2017 12:52 PM
To: Jim Campbell <jim () w4bqp net <mailto:jim () w4bqp net> >; snort-users () lists sourceforge net
<mailto:snort-users () lists sourceforge net>
Subject: Re: [Snort-users] snort 2.9.9.0 error
Does line 326 of snort.conf look like:
decompress_swf { deflate lzma }
If so, then try removing the ‘lzma’ keyword. If snort is not built with the LZMA libraries for LZMA SWF file
decompression, then this keyword will lead to a syntax error.
Ed Borgoyn
Cisco Snort Development Team
From: Jim Campbell <jim () w4bqp net <mailto:jim () w4bqp net> >
Date: Thursday, January 12, 2017 at 12:20 PM
To: "snort-users () lists sourceforge net <mailto:snort-users () lists sourceforge net> " <snort-users () lists
sourceforge net <mailto:snort-users () lists sourceforge net> >
Subject: Re: [Snort-users] snort 2.9.9.0 error
It's telling you that line 326 of snort.conf has an error. Perhaps a mismatched or out of place '}'
On 1/12/2017 2:28 AM, Mojtaba Haghighipour wrote:
hi ... it's error when I run snort with command:
snort -c /etc/snort/rules/etc/snort.conf
ERROR: /etc/snort/rules/etc/snort.conf(326) => Invalid keyword '}' for server configuration.
Fatal Error, Quitting..
Please help me..
------------------------------------------------------------------------------
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today. http://sdm.link/xeonphi
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net <mailto:Snort-users () lists sourceforge net>
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Developer Access Program for Intel Xeon Phi Processors Access to Intel Xeon Phi processor-based developer platforms. With one year of Intel Parallel Studio XE. Training and support from Colfax. Order your platform today. http://sdm.link/xeonphi
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- snort 2.9.9.0 error Mojtaba Haghighipour (Jan 11)
- Re: snort 2.9.9.0 error Jim Campbell (Jan 12)
- Re: snort 2.9.9.0 error Ed Borgoyn (eborgoyn) (Jan 12)
- Re: snort 2.9.9.0 error Michael Steele (Jan 12)
- Re: snort 2.9.9.0 error Mojtaba Haghighipour (Jan 13)
- Re: snort 2.9.9.0 error Kumarswamy H N (kumhn) (Jan 13)
- Re: snort 2.9.9.0 error Michael Steele (Jan 13)
- Re: snort 2.9.9.0 error Mojtaba Haghighipour (Jan 13)
- Re: snort 2.9.9.0 error Ed Borgoyn (eborgoyn) (Jan 13)
- Re: snort 2.9.9.0 error Ed Borgoyn (eborgoyn) (Jan 12)
- Re: snort 2.9.9.0 error Jim Campbell (Jan 12)
- Re: snort 2.9.9.0 error wkitty42 (Jan 13)