Sign in to follow this  
Followers 0
linda.carter

No preprocessors configured for policy 0

6 posts in this topic

I finally got the whole tutorial on winsnort w/mysql done and thought it was correct, as all of my tests passed, but now that I've started through the manual, and am trying out sniffer mode, I am getting traffic, but with an error.

WARNING:  No preprocessors configured for policy 0.

I went back through the snort.config file and I think it's correct.  Is this usual?

Thanks, linda

 

Share this post


Link to post
Share on other sites

It looks like it's not reading the snort.conf file. I'm guessing you are using something: d:\winids\snort\bin\snort -v -i1

Try: d:\winids\snort\bin\snort -v -c d:\winids\snort\config\snort.config -i1

The above line may need to be tailored to you specific needs?

Note: Those WARNING: signs are usually only informational.

Share this post


Link to post
Share on other sites

I am totally new to Snort and am trying to learn for school. I am having the same error with the preprocessors configured for policy 0 when I run it. I opened the config file with Notepad++ and went to the preprocessors section but can't find the policy 0 line to edit. Am I just missing something? I entered my ip address and put the links to the path. For var RULE_PATH I have it set to C:\snort\rules  I am using windows 7. I can attach my config file if you want to make sure that I have things setup right. Thanks for any help

Brian.

snort.conf

Share this post


Link to post
Share on other sites

I followed the directions, and it starts as a service.  I have also tried the various switches like snort -v -i1.  That is where I see them.  On a good note, I got everything so that is looks like it is working, and I got Pulled Pork installed.  I'm just not sure now how to trap what I really want to see.  Working through the manual... 

I reread your earlier post, and tried this:

d:\winids\snort\bin>snort -v -c d:\winids\snort\etc\snort.conf -i1

and got a string of stuff, but a fatal error, quitting.  ERROR: Portscan log file 'log/\portscan.log' could not be opened:  No such file or directory.

In my snort.conf there is this line:  preprocessor sfportscan: proto  { all } memcap { 10000000 } sense_level { low }  logfile { \portscan.log } .  

It is the only line with \portscan.

Share this post


Link to post
Share on other sites
44 minutes ago, linda.carter said:

I followed the directions, and it starts as a service.  I have also tried the various switches like snort -v -i1.  That is where I see them.  On a good note, I got everything so that is looks like it is working, and I got Pulled Pork installed.  I'm just not sure now how to trap what I really want to see.  Working through the manual... 

I reread your earlier post, and tried this:

d:\winids\snort\bin>snort -v -c d:\winids\snort\etc\snort.conf -i1

and got a string of stuff, but a fatal error, quitting.  ERROR: Portscan log file 'log/\portscan.log' could not be opened:  No such file or directory.

In my snort.conf there is this line:  preprocessor sfportscan: proto  { all } memcap { 10000000 } sense_level { low }  logfile { \portscan.log } .  

It is the only line with \portscan.

I have no idea where you got that snort.conf because it's not matching the one included in the current rules tarball, which is the one that must be used.

You need to go back to the tutorial and start over, as there are numerous omissions in the snort.conf file. 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0