Network Security: Detailed info on RE: [Snort-users] Snort Beta v2.6

Subject:	RE: [Snort-users] Snort Beta v2.6
Date:	Mon, 20 Mar 2006 19:39:38 -0600

I got it to load with the following; thanks Jason:

 

/usr/local/bin/snort -e -i eth1 -d -c /etc/snort/snort.conf -l
/var/log/snort --dynamic-preprocessor-lib
/usr/local/lib/snort_dynamicpreprocessor/libsf_ftptelnet_preproc.so
--dynamic-preprocessor-lib
/usr/local/lib/snort_dynamicpreprocessor/libsf_smtp_preproc.so

 

 

Does anyone know what these messages refer too?

 

Warning: flowbits key 'http.jpeg' is checked but not ever set.

Warning: flowbits key 'ms_sql_seen_dns' is checked but not ever set.

Warning: flowbits key 'dce.bind.veritas' is set but not ever checked.

Warning: flowbits key 'netbios.lsass.bind.attempt' is checked but not
ever set.

Warning: flowbits key 'dce.isystemactivator.bind.call.attempt' is set
but not ever checked.

Warning: flowbits key 'trojan' is set but not ever checked.

Warning: flowbits key 'realplayer.playlist' is checked but not ever set.

 

Not Using PCAP_FRAMES

 

 

FYI...

It does that a minute or so to fully initialize.

 

Thanks...

 

-----Original Message-----
From: Jason Brvenik [mailto:jasonb@sourcefire.com] 
Sent: Monday, March 20, 2006 6:52 PM
To: Ron Jenkins
Cc: snort-users@lists.sourceforge.net
Subject: Re: [Snort-users] Snort Beta v2.6

 

A few questions.

 

Did you build with --enable-dynamicplugin

Install using make install?

Ensure that the plugins are located in is valid for shared objects?

 

you can also use --dynamic-preprocessor-lib-dir on the command line to

specify the path the plugins are located in. There is a config file

param that will also work for this.

 

 

 

Ron Jenkins wrote:

Is anyone else having these problems?

 

/ /

/ERROR: /etc/snort/snort.conf(519) unknown preprocessor "ftp_telnet"

Fatal Error, Quitting..

ERROR: /etc/snort/snort.conf(523) unknown preprocessor

"ftp_telnet_protocol"

Fatal Error, Quitting..

ERROR: /etc/snort/snort.conf(571) unknown preprocessor "smtp"

Fatal Error, Quitting..

Rule application order: ->activation->dynamic->pass->drop->alert->log

Log directory = /var/log/snort

Verifying Preprocessor Configurations!

Warning: flowbits key 'trojan' is set but not ever checked.

Warning: flowbits key 'dce.bind.veritas' is set but not ever checked.

Warning: flowbits key 'dce.isystemactivator.bind.call.attempt' is set

but not ever checked.

Warning: flowbits key 'http.jpeg' is checked but not ever set.

Warning: flowbits key 'realplayer.playlist' is checked but not ever

set.

Warning: flowbits key 'ms_sql_seen_dns' is checked but not ever set.

Warning: flowbits key 'netbios.lsass.bind.attempt' is checked but not

ever set./

/ /

/ /

/After  a short period of time snort exits with the following:

Not Using PCAP_FRAMES/

 

Also, the server drive becomes very busy.

 

Thanks...

 

Ron Jenkins (SnortCP, MCNE, CNE6, MCP, CCNA, CCEA)

Senior Architect

Data Integrity, LLC

"We Integrate People with Solutions"

1724 Dallas Drive

Suite 11

Baton Rouge, La 70806

Office. 225.927.8030

Fax. 225.927.8033

Cell225.931.1632

Email. rjenkins@dibr.net

Web. http://www.dibr.net

(Aanval Reseller and Technology Partner)

http://www.aanval.com/tour/dibr

 

<Prev in Thread]	Current Thread	[Next in Thread>
[Snort-users] Snort Beta v2.6, Ron Jenkins Re: [Snort-users] Snort Beta v2.6, Will Metcalf Re: [Snort-users] Snort Beta v2.6, Jason Brvenik RE: [Snort-users] Snort Beta v2.6, Ron Jenkins <= Re: [RGSPAM] RE: [Snort-users] Snort Beta v2.6, Jason Brvenik

Previous by Date:	Re: [Snort-users] Snort Beta v2.6, Jason Brvenik
Next by Date:	Re: [RGSPAM] RE: [Snort-users] Snort Beta v2.6, Jason Brvenik
Previous by Thread:	Re: [Snort-users] Snort Beta v2.6, Jason Brvenik
Next by Thread:	Re: [RGSPAM] RE: [Snort-users] Snort Beta v2.6, Jason Brvenik
Indexes:	[Date] [Thread] [Top] [All Lists]