Snort mailing list archives
Re: Libnet & 'resp'
From: Brent Kearney <brent () kearneys ca>
Date: Wed, 20 Jun 2001 15:35:09 -0700
On Wed, Jun 20, 2001 at 02:14:32PM -0700, Joe McAlerney wrote:
Hello Brent, Make sure you configure snort with the --enable-flexresp tag, then recompile. Post back if you still have problems. -Joe M. -- | Joe McAlerney joey () silicondefense com | | Silicon Defense - Technical Support for Snort | | http://www.silicondefense.com/ | +-- --+
Thanks for your prompt answer. This is a bit difficult, as there is no compiler on this box. I tried compiling it on a different machine (after installing libpcap, etc), but I'm having some troubles; the "configure" script automatically selects 'gcc'. How do I choose Sun's 'cc' instead? Does anyone know of a (preferably statically linked) binary package for Solaris that has the --enable-flexresp option turned on? Many thanks, Brent
Brent Kearney wrote:Hello, I have installed Libnet 1.0.2a on a solaris 2.7 box that is running snort 1.7. After adding a rule, alert tcp $EXTERNAL_NET any -> $HOME_NET 515 (logto:"/var/log/snort/lp.log"; resp:rst_all,icmp_port; msg:"l p service is protected. Connection attempt logged.";) Snort refuses to start: snort -A full -c /usr/local/etc/snort.conf -i le0 -l /var/log/snort -v --== Initializing Snort ==-- Initializing Network Interface le0 Decoding Ethernet on interface le0 Initializing Preprocessors! Initializing Plug-ins! Initializating Output Plugins! +++++++++++++++++++++++++++++++++++++++++++++++++++ Initializing rule chains... ERROR: /usr/local/etc/snort.conf (77) => Unknown keyword "resp" in rule! Any suggestions would be appreciated. Please CC: brent () kearneys ca, because I'm not on the list. Thanks, -Brent _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Libnet & 'resp' Brent Kearney (Jun 20)
- Re: Libnet & 'resp' Joe McAlerney (Jun 20)
- Re: Libnet & 'resp' Brent Kearney (Jun 20)
- Re: Libnet & 'resp' Brent Kearney (Jun 20)
- Re: Libnet & 'resp' Fyodor (Jun 21)
- Re: Libnet & 'resp' Brent Kearney (Jun 21)
- Re: Libnet & 'resp' Fyodor (Jun 27)
- Re: Libnet & 'resp' Brent Kearney (Jun 20)
- Re: Libnet & 'resp' Joe McAlerney (Jun 20)
- Re: Libnet & 'resp' Fyodor (Jun 21)