Snort mailing list archives
RE: trouble starting snort
From: "M Shirk" <shirkdog_linux () hotmail com>
Date: Mon, 13 Sep 2004 13:11:29 -0400
I believe this is your problem var EXTERNAL_NET anyI am not sure this does what you want it to do. If you do not declare an external_net, then everything except your HOME_NET ip is externel.
I counted the lines and this is line 44 of your snort.conf. Comment this line out, and try again.
Shirkdog http://www.shirkdog.us
From: Larry Wichman <larrywichman () yahoo com> To: snort-users () lists sourceforge net Subject: [Snort-users] trouble starting snort Date: Mon, 13 Sep 2004 09:26:46 -0700 (PDT)I am having trouble starting Snort. Can someone tell me what I am doing wrong?I am trying to start snort with the following command: snort -dev -c /etc/snort/snort.conf -i eth0 here is the output and error: Running in IDS mode Log directory = /var/log/snort Initializing Network Interface eth0 OpenPcap() device eth0 network lookup: eth0: no IPv4 address assigned --== Initializing Snort ==-- Initializing Output Plugins! Decoding Ethernet on interface eth0 Initializing Preprocessors! Initializing Plug-ins! Parsing Rules file /etc/snort/snort.conf +++++++++++++++++++++++++++++++++++++++++++++++++++ Initializing rule chains... ERROR: /etc/snort/snort.conf(44) => NULL rule type Fatal Error, Quitting.. here is part of my snort.conf: # http://www.snort.org Snort 2.1.0 Ruleset # Contact: snort-sigs () lists sourceforge net #-------------------------------------------------- # $Id: snort.conf,v 1.133.2.3 2004/02/25 16:52:51 jh8 Exp $ # ################################################### # This file contains a sample snort configuration. # You can take the following steps to create your own custom configuration: # # 1) Set the network variables for your network # 2) Configure preprocessors # 3) Configure output plugins # 4) Customize your rule set # ################################################### # Step #1: Set the network variables: ## You must change the following variables to reflect your local network. The# variable is currently setup for an RFC 1918 address space. # # You can specify it explicitly as: # # var HOME_NET 10.1.1.0/24 # # or use global variable $<interfacename>_ADDRESS which will be always# initialized to IP address and netmask of the network interface which you run# snort at. Under Windows, this must be specified as # $(<interfacename>_ADDRESS), such as: # $(\Device\Packet_{12345678-90AB-CDEF-1234567890AB}_ADDRESS) # # var HOME_NET $eth0_ADDRESS # # You can specify lists of IP addresses for HOME_NET # by separating the IPs with commas like this: # # var HOME_NET [10.1.1.0/24,192.168.1.0/24] # # MAKE SURE YOU DON'T PLACE ANY SPACES IN YOUR LIST! # # or you can specify the variable to be any IP address # like this: var HOME_NET x.x.x.0/24 # Set up the external network addresses as well. A good start may be "any" var EXTERNAL_NET anyoutput database: log, mysql, user=root password=xxxxxx dbname=xxxx host=x.x.x.x# Configure your server lists. This allows snort to only look for attacks to# systems that have a service up. Why look for HTTP attacks if you are not # running a web server? This allows quick filtering based on IP addresses # These configurations MUST follow the same configuration scheme as defined # above for $HOME_NET. # List of DNS servers on your network # var DNS_SERVERS $HOME_NET # List of SMTP servers on your network var SMTP_SERVERS $HOME_NET# Configure your service ports. This allows snort to look for attacks destined# to a specific application only on the ports that application runs on. For# example, if you run a web server on port 8081, set your HTTP_PORTS variable# like this: Cheers, Lawrence A. Wichman2719 W ThomasApt 2 Chicago Il, 60622 773.807.7606 --------------------------------- Do you Yahoo!? New and Improved Yahoo! Mail - Send 10MB messages!
_________________________________________________________________Dont just search. Find. Check out the new MSN Search! http://search.msn.click-url.com/go/onm00200636ave/direct/01/
------------------------------------------------------- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement onwho ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 13. Go here: http://sf.net/ppc_contest.php
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- trouble starting snort Larry Wichman (Sep 13)
- Re: trouble starting snort Jose Maria Lopez (Sep 14)
- <Possible follow-ups>
- RE: trouble starting snort M Shirk (Sep 13)
- RE: trouble starting snort Truax, Shawn (MBS) (Sep 13)
- RE: trouble starting snort Larry Wichman (Sep 13)
- RE: trouble starting snort Carstensen Nicholas Contractor USTC (Sep 13)