Snort mailing list archives

RE: help please

From: "d'Ambly, Jeff" <jdambly () monster com>
Date: Thu, 27 Sep 2001 10:39:38 -0400

Ok sweet, that worked but now I can't use eth1

Snort received signal 2, exiting
[root@snort conf]# snort -o -c -i eth1 ./snort.conf 
Log directory = 

        --== Initializing Snort ==--
Checking PID path...
PATH_VARRUN is set to /var/run/ on this operating system
Rule application order changed to Pass->Alert->Log

Initializing Network Interface eth0
ERROR: OpenPcap() FSM compilation failed: 
        parse error
PCAP command: eth1 ./snort.conf
Fatal Error, Quitting..
[root@snort conf]#

This is a 100mb interface that does not have an ip address, I want to do
this because I have setup a spanning session on the switch, to mirror all
traffic on vlan across this one port. Think of it like a hub, in a way.

   --  Jeff d'Ambly
Network Engineer
http://www.monster.com
--------------------------------
Stay the patient course.
Of little worth is your ire.
The network is up.

 -----Original Message-----
From:   Erek Adams [mailto:erek () theadamsfamily net] 
Sent:   Thursday, September 27, 2001 10:31 AM
To:     d'Ambly, Jeff
Cc:     'snort-users () lists sourceforge net'
Subject:        RE: [Snort-users] help please

On Thu, 27 Sep 2001, d'Ambly, Jeff wrote:

Hey thanks, dmearc was overwriting my config, but now I get this error

when

I start snort


Ok, cool!  I now I'm not so confused. :)

ERROR /usr/local/demarc/conf/policy.rules(29) => Bad Priority setting
"bad-unknown"
ERROR /usr/local/demarc/conf/policy.rules(30) => Bad Priority setting
"bad-unknown"
ERROR /usr/local/demarc/conf/policy.rules(31) => Bad Priority setting
"bad-unknown"
ERROR /usr/local/demarc/conf/policy.rules(32) => Bad Priority setting
"bad-unknown"
ERROR /usr/local/demarc/conf/policy.rules(33) => Bad Priority setting
"bad-unknown"
ERROR /usr/local/demarc/conf/policy.rules(34) => Bad Priority setting
"bad-unknown"
ERROR /usr/local/demarc/conf/policy.rules(35) => Bad Priority setting
"bad-unknown"
ERROR /usr/local/demarc/conf/policy.rules(36) => Bad Priority setting
"bad-unknown"


Make sure you have the lines:

 # Include classification & priority settings
 include classification.config

In snort.conf.  Then make sure you have:

 config classification: bad-unknown,Potentially Bad Traffic, 2

in that file.  At that point, all should be well.

Hope that helps!

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

help please d'Ambly, Jeff (Sep 26)
- Re: help please Erek Adams (Sep 26)
  - RE: help please John Berkers (Sep 26)
- <Possible follow-ups>
- RE: help please d'Ambly, Jeff (Sep 27)
  - RE: help please Erek Adams (Sep 27)
- RE: help please d'Ambly, Jeff (Sep 27)
  - RE: help please Erek Adams (Sep 27)