Snort.org home  
Got Source? About Snort About Sourcefire Snort FAQ
Sourcefire Network Security - the creators of Snort
Snort News Downloads Snort Docs Rules Snort Community Snort Forums Snort Training
Search Site
Search Rules
Account
email
password
not registered?
user preferences

Snort Forums Archive

Archive Home » Linux » help

Please note that the categories listed below represent an archived version of our forums pages. To view the current version and be able to post and reply to threads, please register and login here to go to the full forums pages.

[ Notice: Full Version of This Topic ]

help


Posted by du on October 27, 2006 07:23:53

I'm tunning snort 2.6.0.2 in ubuntu.when running in IDS mode I get a message error like this:

ERROR: etc/snort.conf(520) unknown preprocessor "ftp_telnet"

can anyone help?

I've other question.I've downloaded the source code.when installing should snort create the snort
directory in /etc with the conf file?

any help thanks

Posted by duh on October 30, 2006 05:33:42

Are the dynamic preprocessor lines in snort.conf pointing to the correct location?
It looks like your snort.conf file is in /etc, so /etc/snort.conf. Looks likeit didnt make a directory for the files.

Posted by du on October 30, 2006 05:46:49

hi.thanks for your reply.the preprocessor lines are in the correct position although snort didn't
create the directory snort in /etc.how can it make it?now instead I get the error:

ERROR: etc/snort.conf(182) => Unknown rule type: dynamicpreprocessor

any help is very apreciated.


Posted by du on October 31, 2006 00:18:40

hi people.I've a new error:).if anyone can help it'd be very apreciated.the error's:

Loading all dynamic preprocessor libs from /usr/local/lib/snort_dynamicpreprocessor...
Loading dynamic preprocessor
library /usr/local/lib/snort_dynamicpreprocessor/libsf_ftptelnet_preproc.so... done
Loading dynamic preprocessor
library /usr/local/lib/snort_dynamicpreprocessor/libsf_smtp_preproc.so... done
Loading dynamic preprocessor
library /usr/local/lib/snort_dynamicpreprocessor/libsf_dns_preproc.so... done
Loading dynamic preprocessor
library /usr/local/lib/snort_dynamicpreprocessor/libsf_ftptelnet_prepoc.so... ERROR: Failed to
load /usr/local/lib/snort_dynamicpreprocessor/libsf_ftptelnet_prepoc.so: /usr/local/lib/snort_dynamicpreprocessor/libsf_ftptelnet_prepoc.so:
cannot open shared object file: No such file or directory



Posted by duh on November 01, 2006 12:03:57

Does that file actually exist if you look out there? /usr/local/lib/snort_dynamicpreprocessor/libsf_ftptelnet_prepoc.so?
You could comment out the ftp preprocessor and it will probably run. But it may be best to get that file in there.

Posted by du on November 02, 2006 00:43:19

hi.thanks a lot for your help.I copied the file to there and it runs.now I've a problem.I want to
detect tcp flows so I'm usinf the following rule:

alert tcp any ant -> any 80 (msg:"http";flow:from_client;)

but I get the error:

getservbyname() failed on "ant"

any help will be very appreciated.

Thanks a lot

Posted by du on November 02, 2006 07:10:11

got it fixed.
site feedback | Terms of Use | Privacy Policy | forum archives ©2007 Snort and Sourcefire are registered trademarks of Sourcefire, Inc. All rights reserved.