Snort mailing list archives
Re: EXTERNAL:Re: Snort.config isue
From: "Carter Waxman \(cwaxman\) via Snort-users" <snort-users () lists snort org>
Date: Thu, 16 Aug 2018 15:10:07 +0000
Go up to the end of http_inspect_server. That error is specific to that preprocessor.
From: Alec Mason AFS <Alec.Mason () activefleetsolutions com>
Date: Thursday, August 16, 2018 at 11:07 AM
To: "Carter Waxman (cwaxman)" <cwaxman () cisco com>, "snort-users () lists snort org" <snort-users () lists snort org>
Subject: RE: EXTERNAL:Re: [Snort-users] Snort.config isue
Hi
This is what the lines around it look like
# webroot no \
# decompress_swf { deflate lzma } \
# decompress_pdf { deflate }
# ONC-RPC normalization and anomaly detection. For more information, see the Snort Manual, Configuring Snort -
Preprocessors - RPC Decode
preprocessor rpc_decode: 111 32770 32771 32772 32773 32774 32775 32776 32777 32778 32779 no_alert_multiple_requests
no_alert_large_fragments no_alert_incomplete
# Back Orifice detection.
preprocessor bo
Thanks
Alec Mason
Group IT & Infrastructure Director
ARVS Limited T/A Active Fleet Solutions
Parkway House, Second Avenue, Centrum 100, Burton on Trent, DE14 2WF
Mob: 07824 875880 Tel: 0845 600 4755 Fax: 0845 600 4754
e-mail: alec.mason () activefleetsolutions com<mailto:alec.mason () activefleetsolutions com>
[fs2]<http://www.activefleetsolutions.com/>
P Please consider the environment before printing
[cid:image002.png@01D43551.B0136070]<https://www.linkedin.com/in/alec-mason-51961348/>
Email disclaimer
This email and any files and information transmitted with it are confidential and intended solely for the sole and
lawful use of the individual or entity to whom they are addressed. It may also be privileged or otherwise protected by
other legal rules. If you are not the named addressee you should not disseminate, distribute or copy this e-mail.
Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from
your system. You are notified that disclosing, copying, distributing or taking any action in reliance on the contents
of this information is strictly prohibited.
WARNING: Computer viruses can be transmitted via email. Although the company has taken reasonable precautions to ensure
no viruses are present in this email, the company cannot accept responsibility for any loss or damage arising from the
transmission or use of this email or attachments.
Please note that any views or opinions presented in this email are solely those of the author and do not necessarily
represent those of the company.
From: Carter Waxman (cwaxman) [mailto:cwaxman () cisco com]
Sent: 16 August 2018 16:06
To: Alec Mason AFS; snort-users () lists snort org
Subject: EXTERNAL:Re: [Snort-users] Snort.config isue
Check the line before it for a ‘\’ at the end which means continue this directive on the next line. It thinks you are
trying to use ‘preprocessor’ as a configuration option for http.
- Carter
From: Snort-users <snort-users-bounces () lists snort org> on behalf of Alec Mason AFS via Snort-users <snort-users ()
lists snort org>
Reply-To: Alec Mason AFS <Alec.Mason () activefleetsolutions com>
Date: Thursday, August 16, 2018 at 10:59 AM
To: "snort-users () lists snort org" <snort-users () lists snort org>
Subject: [Snort-users] Snort.config isue
Hi
I am new to Snort and trying to follow instructions to install and configure Snort on Windows.
I am getting the following error message when I am checking the install
ERROR: C:\Snort\etc\snort.config(330) =>invalid keyword 'preprocessor' for server configuration
On line 330 of snort.config there is the following
preprocessor rpc_decode: 111 32770 32771 32772 32773 32774 32775 32776 32777 32778 32779 no_alert_multiple_requests
no_alert_large_fragments no_alert_incomplete
Any suggestions
Thanks
Alec Mason
_______________________________________________ Snort-users mailing list Snort-users () lists snort org Go to this URL to change user options or unsubscribe: https://lists.snort.org/mailman/listinfo/snort-users To unsubscribe, send an email to: snort-users-leave () lists snort org Please visit http://blog.snort.org to stay current on all the latest Snort news! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette
Current thread:
- Snort.config isue Alec Mason AFS via Snort-users (Aug 16)
- <Possible follow-ups>
- Re: Snort.config isue Carter Waxman (cwaxman) via Snort-users (Aug 16)
- Re: EXTERNAL:Re: Snort.config isue Alec Mason AFS via Snort-users (Aug 16)
- Re: EXTERNAL:Re: Snort.config isue Carter Waxman (cwaxman) via Snort-users (Aug 16)
- Re: EXTERNAL:Re: Snort.config isue Alec Mason AFS via Snort-users (Aug 16)
- Re: EXTERNAL:Re: Snort.config isue Carter Waxman (cwaxman) via Snort-users (Aug 16)
- Re: EXTERNAL:Re: Snort.config isue John Rowat (Aug 16)
- Re: EXTERNAL:Re: Snort.config isue Alec Mason AFS via Snort-users (Aug 16)