Snort.org home  
Got Source? About Snort About Sourcefire Snort FAQ
Sourcefire Network Security - the creators of Snort
Snort News Downloads Snort Docs Rules Snort Community Snort Forums Snort Training
Search Site
Search Rules
Account
email
password
not registered?
user preferences

Snort Forums Archive

Archive Home » Snort Advanced » Mysql+Snort+ACID+ADODB install

Please note that the categories listed below represent an archived version of our forums pages. To view the current version and be able to post and reply to threads, please register and login here to go to the full forums pages.

[ Notice: Full Version of This Topic ]

Mysql+Snort+ACID+ADODB install


Posted by snort00000 on April 25, 2005 19:38:07

I install Mysql+Snort+ACID+ADODB on RedHat 9.0
But Now, I start snort. "snort -b -d -i eth0 -u snort -g snort -c /home/snort/rules/snort.conf -l/var/log/snort/ &"

Error message:
ERROR: unknown preprocessor "frag3_global"
Fatal Error, Quitting..

[1]+ Exit 1 snort -b -d -i eth0 -u snort -g snort -c /home/snort/rules/snort.conf -l/var/log/snort/

can you tell me?? What's happen???

Nick

Posted by Anatole on May 18, 2005 02:33:14

In your configuration file named snort.conf, you've an error with the preprocessor "frag...". You can delete this line and it's going to work.
Preprocessor aren't necessary to work.
I'm a new Snort user and it's my solution but not the best solution!

Anatole

Posted by chris on May 19, 2005 11:40:58

HI guys, another solution, to anatole's suggestion is to just comment out the line, instead of deleting it, as you're are going to need it in the future probably, but his suggestion will get the job done just as well..
cheers.
Chris

Posted by joelesler on May 28, 2005 12:30:56

and... you should consider switching to BASE. The ACID code has died.

http://secureideas.sourceforge.net

Posted by mehner on June 01, 2005 07:21:02

How dead is ACID actually? I have found the code pretty simple to tweak, and according to a current SANS survey, it has over 27% of the respondants using it. Versus BASE at 17%.

I have considered moving over to BASE, but I just don't know what the true benefits would be. I mean, its built on ACID, and looks like ACID, so what are the actual gains? Whats new that I need?


Posted by SecureIdeas on June 20, 2005 16:33:05

Quite a bit is new in BASE. We have fixed a number of the bugs in ACID, of course you could spend that time your self.... We are also busy adding new features everyday.

Kevin

Posted by brevizniak on July 09, 2005 08:37:57

Nick,

The most likely problem is that you are running an outdated version of snort with a recent rules and config download. Check your version of snort using snort -V and if it is anything less than 2.3.3 ( 2.4.0 soon ) you need to get a more recent build from snort.org.

Disabling preprocessors like frag is problematic since you are now open to ip level issues that can cause your sensor to miss attacks.

The other question about why BASE over ACID is an easy answer. ACID is no longer maintained and BASE is a fork of the old code with enhancements and bugfixes added. You should definitely move to BASE.
site feedback | Terms of Use | Privacy Policy | forum archives ©2007 Snort and Sourcefire are registered trademarks of Sourcefire, Inc. All rights reserved.