Snort mailing list archives
HOME_NET var on snort.conf
From: "pfeito" <pfeito () netcabo pt>
Date: Mon, 22 Mar 2004 02:00:33 -0000
Hi!
In snort.conf, I have HOME_NET var set like this:
var HOME_NET $eth1_ADDRESS
I start snort, but it does not start. In /var/log/messages I get the
following information:
Mar 22 01:44:01 snortbox snort: FATAL ERROR: Undefined variable name:
(/etc/snort/snort.conf:46): eth1_ADDRESS
Mar 22 01:44:01 snortbox kernel: device eth1 left promiscuous mode
I have to set the IP address of the box manually, but this IP address is
assigned by my ISP, so it would be much better if "var HOME_NET
$eth1_ADDRESS" method worked!
An excerpt from my snort.conf:
###################################################
# Step #1: Set the network variables:
#
# You must change the following variables to reflect your local network. The
# variable is currently setup for an RFC 1918 address space.
#
# You can specify it explicitly as:
#
# var HOME_NET 10.1.1.0/24
#
# or use global variable $<interfacename>_ADDRESS which will be always
# initialized to IP address and netmask of the network interface which you
run
# snort at. Under Windows, this must be specified as
# $(<interfacename>_ADDRESS), such as:
# $(\Device\Packet_{12345678-90AB-CDEF-1234567890AB}_ADDRESS)
#
# var HOME_NET $eth0_ADDRESS
#
# You can specify lists of IP addresses for HOME_NET
# by separating the IPs with commas like this:
#
# var HOME_NET [10.1.1.0/24,192.168.1.0/24]
#
# MAKE SURE YOU DON'T PLACE ANY SPACES IN YOUR LIST!
#
# or you can specify the variable to be any IP address
# like this:
# var HOME_NET any
#var HOME_NET $eth1_ADDRESS <----ERROR
var HOME_NET YYY.YYY.YYY.YYY/32 #obscured my current IP address
Im running snort 2.1.1 on Fedora Core 1.
What could be wrong? Any ideas ?
-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Exhausted - SNORT not logging to MySQL database Your Name (Mar 20)
- Re: Exhausted - SNORT not logging to MySQL database Paul Schmehl (Mar 20)
- RE: Exhausted - SNORT not logging to MySQL database Michael Steele (Mar 20)
- Promiscuous Mode pfeito (Mar 20)
- Re: Promiscuous Mode Paul Schmehl (Mar 20)
- RE: Promiscuous Mode pfeito (Mar 21)
- RE: Promiscuous Mode Paul Schmehl (Mar 21)
- HOME_NET var on snort.conf pfeito (Mar 21)
- Re: HOME_NET var on snort.conf Paul Schmehl (Mar 21)
- Re: HOME_NET var on snort.conf neil (Mar 22)
- RE: HOME_NET var on snort.conf pfeito (Mar 22)
- RE: HOME_NET var on snort.conf pfeito (Mar 22)
- RE: HOME_NET var on snort.conf Michael Boman (Mar 22)
- RE: HOME_NET var on snort.conf pfeito (Mar 25)
- Promiscuous Mode pfeito (Mar 20)