linda.carter Posted September 27, 2016 Report Posted September 27, 2016 I finally got the whole tutorial on winsnort w/mysql done and thought it was correct, as all of my tests passed, but now that I've started through the manual, and am trying out sniffer mode, I am getting traffic, but with an error. WARNING: No preprocessors configured for policy 0. I went back through the snort.config file and I think it's correct. Is this usual? Thanks, linda Quote
Morpheus Posted September 27, 2016 Report Posted September 27, 2016 It looks like it's not reading the snort.conf file. I'm guessing you are using something: d:\winids\snort\bin\snort -v -i1 Try: d:\winids\snort\bin\snort -v -c d:\winids\snort\config\snort.config -i1 The above line may need to be tailored to you specific needs? Note: Those WARNING: signs are usually only informational. Quote
Skipstr Posted September 28, 2016 Report Posted September 28, 2016 I am totally new to Snort and am trying to learn for school. I am having the same error with the preprocessors configured for policy 0 when I run it. I opened the config file with Notepad++ and went to the preprocessors section but can't find the policy 0 line to edit. Am I just missing something? I entered my ip address and put the links to the path. For var RULE_PATH I have it set to C:\snort\rules I am using windows 7. I can attach my config file if you want to make sure that I have things setup right. Thanks for any help Brian. snort.conf Quote
linda.carter Posted September 28, 2016 Author Report Posted September 28, 2016 I followed the directions, and it starts as a service. I have also tried the various switches like snort -v -i1. That is where I see them. On a good note, I got everything so that is looks like it is working, and I got Pulled Pork installed. I'm just not sure now how to trap what I really want to see. Working through the manual... I reread your earlier post, and tried this: d:\winids\snort\bin>snort -v -c d:\winids\snort\etc\snort.conf -i1 and got a string of stuff, but a fatal error, quitting. ERROR: Portscan log file 'log/\portscan.log' could not be opened: No such file or directory. In my snort.conf there is this line: preprocessor sfportscan: proto { all } memcap { 10000000 } sense_level { low } logfile { \portscan.log } . It is the only line with \portscan. Quote
Morpheus Posted September 28, 2016 Report Posted September 28, 2016 44 minutes ago, linda.carter said: I followed the directions, and it starts as a service. I have also tried the various switches like snort -v -i1. That is where I see them. On a good note, I got everything so that is looks like it is working, and I got Pulled Pork installed. I'm just not sure now how to trap what I really want to see. Working through the manual... I reread your earlier post, and tried this: d:\winids\snort\bin>snort -v -c d:\winids\snort\etc\snort.conf -i1 and got a string of stuff, but a fatal error, quitting. ERROR: Portscan log file 'log/\portscan.log' could not be opened: No such file or directory. In my snort.conf there is this line: preprocessor sfportscan: proto { all } memcap { 10000000 } sense_level { low } logfile { \portscan.log } . It is the only line with \portscan. I have no idea where you got that snort.conf because it's not matching the one included in the current rules tarball, which is the one that must be used. You need to go back to the tutorial and start over, as there are numerous omissions in the snort.conf file. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.