Red Hat Bugzilla – Bug 201701
snort not very usable after installation
Last modified: 2007-11-30 17:11:39 EST
After installing snort and snort-plain+flexresp I tried to start it without much
luck. I encountered the following errors before I gave up:
FATAL ERROR: /etc/snort/snort.conf(182) => Unknown rule type: dynamicpreprocessor
FATAL ERROR: /etc/snort/snort.conf(192) => Unknown rule type: dynamicengine
FATAL ERROR: /etc/snort/snort.conf(423) => Unable to open the IIS Unicode Map
FATAL ERROR: /etc/snort/snort.conf(520) unknown preprocessor "ftp_telnet"
FATAL ERROR: /etc/snort/snort.conf(524) unknown preprocessor "ftp_telnet_protocol"
FATAL ERROR: /etc/snort/snort.conf(572) unknown preprocessor "smtp"
Snort should come with a reasonable default configuration that makes it possible
to run it.
I do need to do some work on the default configuration however We can not
ship snort in a fashion that will make it just work. This is due to the
licenseing of the snort rules we can not ship them. So we have no way to have
There is a README.fedora file in the snort package that explains why it does
not function of the box.
The problems I mentioned above don't seem to be related to the rules though.
Also according to http://www.snort.org/rules/:
In addition, the VRT is pleased to announce that will be maintaining a community
ruleset that contains rules submitted by members of the open source community.
While these rules are available as is, the VRT performs basic tests to ensure
that new rules will not break Snort. These rules are distributed under the GPL
and are freely available to all open source Snort users.
there is only a handful of rules in the community rules package. you can not
do anything useful with just those rules.
The dynamic engine is not actually supplied I am working on adding it. the
rest are rules related. they are files provided in the VRT rules that you
can only get by downloading directly from snort.org