SearchForum Home   Forum  IDS Policy Mana...  IDS Policy Mana...  problem during "Upload plocies to sensors": snort.conf loose some comma   Previous   Next    9/3/2007 2:00 PM    Simone 2 posts problem during "Upload plocies to sensors": snort.conf loose some comma  Hi, I am running IDS Policy manager SA version 2.1.0.16 with snort 2.8.0.beta and bleeding edge rules. Everytime, when I upload policies to sensor snort.conf loose some comma in this line: preprocessor frag3_global: max_frags 131072 memcap 67108864 prealloc_frags 21676 and snort alert me "there is a problem in snort.conf, line xxx" If I replace the line in this manner: preprocessor frag3_global: max_frags 131072, memcap 67108864, prealloc_frags 21676 snort is ok. Thanks for the help Sincerly Simone  9/3/2007 6:34 PM    Jeff Dell 233 posts www.activeworx.com Re: problem during "Upload plocies to sensors": snort.conf loose some comma  The format has changed in Snort 2.8 for this preprocessor. Currently IDSPM doesn't support Snort 2.8 as it is still very much in Beta. Over the next few months we will start to add support, but won't officially support it until the final is released. Thanks for pointing this out. Cheers, Jeff  9/4/2007 9:42 AM    Simone 2 posts Re: problem during "Upload plocies to sensors": snort.conf loose some comma  Thank you for your reply but... I see this problem the first time when I used snort versione 2.7. Anyway the right syntax for the line is: preprocessor frag3_global: max_frags 131072, memcap 67108864, prealloc_frags 21676 every argument is separated by a comma, and not: preprocessor frag3_global: max_frags 131072 memcap 67108864 prealloc_frags 21676 as IDS policy manager upload to the sensor. Thank in advance Ceers Simone  9/4/2007 12:54 PM    Jeff Dell 233 posts www.activeworx.com Re: problem during "Upload plocies to sensors": snort.conf loose some comma  hmm.. When you look at the example in Snort 2.7 it has: #preprocessor frag3_global: max_frags 65536 prealloc_frags 262144 And in Snort 2.8 beta it has: #preprocessor frag3_global: max_frags 65536, prealloc_frags 262144 Maybe the example in Snort 2.7 was missing the comma and that is what we went by, which is incorrect. It also says in the README.frag3 in Snort 2.8 that the configuration options are space separated, but in the examples in the same doc are comma seperated.. something is not documented correctly. I will take a closer look. Thanks for the feedback! Cheers, Jeff  Page 1 of 1   Previous   Next     Forum  IDS Policy Mana...  IDS Policy Mana...  problem during "Upload plocies to sensors": snort.conf loose some comma