Snort mailing list archives
Bad Priority setting
From: Ole Andreas Weel <weelers () c2i net>
Date: Thu, 04 Oct 2001 21:15:49 +0200
m running r.h 7.1, with isdn. when i try to run snort i get this msg: [root@localhost /root]# snort -c /etc/snort.conf Log directory = --== Initializing Snort ==-- Checking PID path... PATH_VARRUN is set to /var/run/ on this operating system Initializing Network Interface eth0 Decoding Ethernet on interface eth0 Initializing Preprocessors! Initializing Plug-ins! Initializating Output Plugins! Parsing Rules file /etc/snort.conf +++++++++++++++++++++++++++++++++++++++++++++++++++ Initializing rule chains... Using LOCAL time ProcessFileOption: /var/log/snort/alerts.log Linking FullAlert functions to call lists... ERROR /usr/local/snort/exploit.rules(6) => Bad Priority setting "attempted-user" ERROR /usr/local/snort/exploit.rules(7) => Bad Priority setting "attempted-admin" ERROR /usr/local/snort/exploit.rules(8) => Bad Priority setting "attempted-admin" ERROR /usr/local/snort/exploit.rules(9) => Bad Priority setting "attempted-admin" ERROR /usr/local/snort/exploit.rules(10) => Bad Priority setting "attempted-admin" ERROR /usr/local/snort/exploit.rules(11) => Bad Priority setting "attempted-admin" ERROR /usr/local/snort/exploit.rules(12) => Bad Priority setting "attempted-admin" ERROR /usr/local/snort/exploit.rules(13) => Bad Priority setting "attempted-admin" ERROR /usr/local/snort/exploit.rules(14) => Bad Priority setting "attempted-user" ERROR /usr/local/snort/exploit.rules(15) => Bad Priority setting "attempted-admin" ERROR /usr/local/snort/exploit.rules(16) => Bad Priority setting "attempted-admin" ERROR /usr/local/snort/exploit.rules(17) => Bad Priority setting "attempted-admin" ERROR /usr/local/snort/exploit.rules(18) => Bad Priority setting "attempted-admin" ERROR /usr/local/snort/exploit.rules(19) => Bad Priority setting "attempted-admin" ERROR /usr/local/snort/exploit.rules(20) => Bad Priority setting "attempted-admin" ERROR /usr/local/snort/exploit.rules(21) => Bad Priority setting "attempted-admin" ERROR /usr/local/snort/exploit.rules(22) => Bad Priority setting "attempted-admin" ERROR /usr/local/snort/exploit.rules(23) => Bad Priority setting "attempted-admin" ERROR /usr/local/snort/exploit.rules(24) => Bad Priority setting "attempted-admin" ERROR /usr/local/snort/exploit.rules(25) => Bad Priority setting "attempted-admin" ERROR /usr/local/snort/exploit.rules(26) => Bad Priority setting "attempted-admin" ERROR /usr/local/snort/exploit.rules(27) => Bad Priority setting "attempted-admin" ERROR /usr/local/snort/exploit.rules(28) => Bad Priority setting "attempted-admin" ERROR /usr/local/snort/exploit.rules(29) => Bad Priority setting "attempted-admin" ERROR /usr/local/snort/exploit.rules(30) => Bad Priority setting "attempted-user" ERROR /usr/local/snort/exploit.rules(31) => Bad Priority setting "attempted-user" [!] ERROR /usr/local/snort/exploit.rules(32) => Bad port number: "(msg:"EXPLOIT" Fatal Error, Quitting.. [root@localhost /root]# This is my snort.conf file: [root@localhost /root]# cat /etc/snort.conf ##### Current Database Updated -- 03/10/2001 ##### Variables #etc EXTERNAL_NET !172.16.1.0/24 var EXTERNAL_NET any var HOME_NET 192.168.0.0/24 var INTERNAL 192.168.0.9/24 var PORTS 5 var SECONDS 15 ##### Preprocessors preprocessor http_decode: 80 443 8080 #preprocessor minfrag: 128 preprocessor defrag preprocessor portscan: $HOME_NET $PORTS $SECONDS /var/log/snort/portscan.log ##### Output output alert_syslog: LOG_AUTH LOG_ALERT output alert_full: /var/log/snort/alerts.log ##### What do we log # Logging tcp log tcp any any <> $INTERNAL any (session: printable;) log tcp any any <> $INTERNAL any # Logging udp log udp any any <> $INTERNAL any (session: printable;) log udp any any <> $INTERNAL any # Logging icmp log icmp any any <> $INTERNAL any (session: printable;) log icmp any any <> $INTERNAL any include /usr/local/snort/local.rules include /usr/local/snort/exploit.rules include /usr/local/snort/scan.rules include /usr/local/snort/finger.rules include /usr/local/snort/ftp.rules include /usr/local/snort/telnet.rules include /usr/local/snort/smtp.rules include /usr/local/snort/rpc.rules include /usr/local/snort/rservices.rules include /usr/local/snort/backdoor.rules include /usr/local/snort/dos.rules include /usr/local/snort/ddos.rules include /usr/local/snort/dns.rules include /usr/local/snort/netbios.rules include /usr/local/snort/web-cgi.rules include /usr/local/snort/web-coldfusion.rules include /usr/local/snort/web-frontpage.rules include /usr/local/snort/web-misc.rules include /usr/local/snort/web-iis.rules include /usr/local/snort/icmp.rules include /usr/local/snort/misc.rules include /usr/local/snort/policy.rules include /usr/local/snort/info.rules what am i doing wrong ? regards ole _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Bad Priority setting Ole Andreas Weel (Oct 04)
- <Possible follow-ups>
- Bad priority setting Tony Carothers (Dec 14)
- Re: Bad priority setting Matt Kettler (Dec 14)
- RE: Bad priority setting Tony Carothers (Dec 14)