Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 12th October 2006, 01:30
badgerbox76 badgerbox76 is offline
Senior Member
 
Join Date: Feb 2006
Posts: 178
Thanks: 6
Thanked 1 Time in 1 Post
Unhappy Snort configuration error - Unknown rule type: dynamicpreprocessor

I am trying out the http://howtoforge.com/intrusion_detection_base_snort howto. Every thing went well until i ran across this error. Whats going wrong. When i configured it i had the --enable-dynamicplugin option on. I don't see why i am getting this. Thanks

snort -c /etc/snort/snort.conf output
Code:
root@monitorwaves:/etc/snort# snort -c /etc/snort/snort.conf                    Running in IDS mode

        --== Initializing Snort ==--
Initializing Output Plugins!
Initializing Preprocessors!
Initializing Plug-ins!
Parsing Rules file /etc/snort/snort.conf

+++++++++++++++++++++++++++++++++++++++++++++++++++
Initializing rule chains...
Var 'EXTERNAL_NET' defined, value len = 15 chars, value = !192.168.0.5/32
Var 'DNS_SERVERS' defined, value len = 14 chars, value = 192.168.0.5/32
Var 'SMTP_SERVERS' defined, value len = 14 chars, value = 192.168.0.5/32
Var 'HTTP_SERVERS' defined, value len = 14 chars, value = 192.168.0.5/32
Var 'SQL_SERVERS' defined, value len = 14 chars, value = 192.168.0.5/32
Var 'TELNET_SERVERS' defined, value len = 14 chars, value = 192.168.0.5/32
Var 'SNMP_SERVERS' defined, value len = 14 chars, value = 192.168.0.5/32
Var 'HTTP_PORTS' defined, value len = 2 chars, value = 80
Var 'SHELLCODE_PORTS' defined, value len = 3 chars, value = !80
Var 'ORACLE_PORTS' defined, value len = 4 chars, value = 1521
Var 'AIM_SERVERS' defined, value len = 185 chars
   [64.12.24.0/23,64.12.28.0/23,64.12.161.0/24,64.12.163.0/24,64.12.200.0/24,205.188.3.0/24,205.188.5.0/24,205.188.7.0/24,205.188.9
   .0/24,205.188.153.0/24,205.188.179.0/24,205.188.248.0/24]
Var 'RULE_PATH' defined, value len = 16 chars, value = /etc/snort/rules
ERROR: /etc/snort/snort.conf(182) => Unknown rule type: dynamicpreprocessor
Fatal Error, Quitting..
root@monitorwaves:/etc/snort#
Reply With Quote
Sponsored Links
  #2  
Old 12th October 2006, 18:35
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,740 Times in 2,575 Posts
Default

Have a look here: http://www.snort.org/archive-1-2743.html
http://www.snort.org/archive-11-2681.html
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 14th October 2006, 03:07
badgerbox76 badgerbox76 is offline
Senior Member
 
Join Date: Feb 2006
Posts: 178
Thanks: 6
Thanked 1 Time in 1 Post
Default

ok i have read every thing there and nothing has helped. I tryed snort uninstall in the /root/snorttemp/snort-2.6.0.2 or what ever directory then i reconfigured it then make all then make check then make install and snort -c /etc/snort/snort.conf and i still got the same error message. Althrouth one time during one of the uninstall and reinstall i did get snort to run when i tyed snort but when i ran snort -c /etc/snort/snort.conf i got the same error. What nexted?
Reply With Quote
  #4  
Old 15th October 2006, 13:35
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,740 Times in 2,575 Posts
Default

What's in your snort.conf?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #5  
Old 17th October 2006, 01:23
badgerbox76 badgerbox76 is offline
Senior Member
 
Join Date: Feb 2006
Posts: 178
Thanks: 6
Thanked 1 Time in 1 Post
Default

Here is a link to my snort.conf file. I changed the format to txt, i also tryed to post it here but it was to big.

http://monitorwaves.homelinux.com/snort.txt
Reply With Quote
  #6  
Old 17th October 2006, 21:03
badgerbox76 badgerbox76 is offline
Senior Member
 
Join Date: Feb 2006
Posts: 178
Thanks: 6
Thanked 1 Time in 1 Post
Default

Sorry if you could not connect to my server. My ISP is being a pain and blocking this port for now. Here is the new link http://monitorwaves.homelinux.com:44.../web/snort.txt
Reply With Quote
  #7  
Old 18th October 2006, 16:13
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,740 Times in 2,575 Posts
Default

And you really tried all options from the two links I posted above?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #8  
Old 18th October 2006, 17:45
badgerbox76 badgerbox76 is offline
Senior Member
 
Join Date: Feb 2006
Posts: 178
Thanks: 6
Thanked 1 Time in 1 Post
Default

Yes i listed all the things i have tryed so far and i belive that i did them all. I would like to reinstall it and try again but when i use the ./uninstall or snort uninstall the directory /etc/snort still contains file so i would belive that the other directorys would also contain files.
Reply With Quote
  #9  
Old 19th October 2006, 15:19
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,740 Times in 2,575 Posts
 
Default

Then I don't know what's causing your problem...
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
DNS: Multiple IPs, want to setup a "private" nameserver on each IP for resellers bpmee Server Operation 8 17th September 2006 09:35
SNORT and BASE on a CLEAN "The Perfect Setup - Debian Sarge (3.1)" edge Suggest HOWTO 5 10th September 2006 00:07
ispconfig and mambo shajazzi Installation/Configuration 70 28th March 2006 19:29
view webalizer stats kuyaedz General 22 12th March 2006 14:45
Oh crap... Corrupted install TheMJ Installation/Configuration 4 17th February 2006 17:59


All times are GMT +2. The time now is 05:19.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.