Snort mailing list archives
RE: The System works !! one question please !
From: "Harper, Patrick" <patrick.harper () phns com>
Date: Mon, 20 Sep 2004 08:31:41 -0500
Can you use cidr? I am not sure if there is a limit or not but would imagine there is. -----Original Message----- From: Juan Fernandez [mailto:Juan.Fernandez () deltathree com] Sent: Monday, September 20, 2004 5:08 AM To: 'snort-users () lists sourceforge net' Subject: [Snort-users] The System works !! one question please ! Hi, I tried to insert all of my http servers in HTTP_SERVERS in snort.conf (I have a 99 servers). Before modifying the https servers it worked. DO I have a limitation of ip to enter ( I cant find any syntax error). After I insert those ip's and started snort I received the following error in /var/log/messeges: Sep 20 12:20:12 sensjrlan snort: FATAL ERROR: /etc/snort/snort.conf(66) => Unknown rule type: 70.171.150,208.170.171.152,208.170.171.154,208.170.171.157,208.170.171.1 60,208.170.171.166,208.170.171.171,208.170.171.188,208.170.171.199,208.1 70.171.202,208.170.171.210,208.170.171.224,212.127.71.22,212.127.71.24,2 12.127.71.20,212.127.71.21,212.127.71.22,212.127.71.24,212.127.71.44,212 .127.71.45,212.127.71.52,212.127.71.81,212.127.71.99,212.127.71.100,212. 127.71.102,212.127.71.111,212.127.71.112,212.127.71.112,212.127.71.117,2 12.127.71.119,212.127.71.140,212.127.71.212] ~ This is the relevant section in snort.conf ( line 65 starts in "var HTTP.." and line 66 in the empty line after all the ip list): var HTTP_SERVERS [212.127.72.16,212.127.72.26,212.127.72.27,212.127.72.42,212.127.72.48,2 12.127.72.49,212.127.72.55,212.127.72.55,212.127.72.57,212.127.72.58,212 .127.72.76,212.127.72.92,212.127.72.98,212.127.72.100,212.127.72.107,212 .127.72.108,212.127.72.111,212.127.72.112,212.127.72.112,212.127.72.122, 212.127.72.122,212.127.72.124,212.127.72.142,212.127.72.152,212.127.72.2 10,212.127.70.5,212.127.70.17,212.127.70.21,208.170.171.7,208.170.171.12 ,208.170.171.12,208.170.171.15,208.170.171.17,208.170.171.22,208.170.171 .24,208.170.171.27,208.170.171.28,208.170.171.21,208.170.171.22,208.170. 171.26,208.170.171.27,208.170.171.42,208.170.171.46,208.170.171.48,208.1 70.171.49,208.170.171.57,208.170.171.61,208.170.171.65,208.170.171.66,20 8.170.171.72,208.170.171.77,208.170.171.78,208.170.171.82,208.170.171.95 ,208.170.171.101,208.170.171.105,208.170.171.110,208.170.171.111,208.170 .171.112,208.170.171.115,208.170.171.119,208.170.171.120,208.170.171.122 ,208.170.171.121,208.170.171.126,208.170.171.127,208.170.171.142,208.170 .171.150,208.170.171.152,208.170.171.154,208.170.171.157,208.170.171.160 ,208.170.171.166,208.170.171.171,208.170.171.188,208.170.171.199,208.170 .171.202,208.170.171.210,208.170.171.224,212.127.71.22,212.127.71.24,212 .127.71.20,212.127.71.21,212.127.71.22,212.127.71.24,212.127.71.44,212.1 27.71.45,212.127.71.52,212.127.71.81,212.127.71.99,212.127.71.100,212.12 7.71.102,212.127.71.111,212.127.71.112,212.127.71.112,212.127.71.117,212 .127.71.119,212.127.71.140,212.127.71.212] thanks !! ~ Disclaimer: This electronic message, including any attachments, is confidential and intended solely for use of the intended recipient(s). This message may contain information that is privileged or otherwise protected from disclosure by applicable law. Any unauthorized disclosure, dissemination, use or reproduction is strictly prohibited. If you have received this message in error, please delete it and notify the sender immediately. ------------------------------------------------------- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- The System works !! one question please ! Juan Fernandez (Sep 20)
- Re: The System works !! one question please ! Alex Butcher, ISC/ISYS (Sep 20)
- <Possible follow-ups>
- RE: The System works !! one question please ! Harper, Patrick (Sep 20)
- RE: The System works !! one question please ! Juan Fernandez (Sep 20)
- FW: The System works !! one question please ! Juan Fernandez (Sep 20)
- The System works !! one question please ! Juan Fernandez (Sep 20)
- RE:The System works !! one question please ! Juan B (Sep 20)
- RE: The System works !! one question please ! Juan Fernandez (Sep 21)