Snort mailing list archives
Re: ERROR: snort.conf(79) Undefined variable in the string: !$ALL_PROX.
From: vincent () cojot name
Date: Tue, 4 Jan 2011 17:38:41 +0100 (CET)
Just as a side info, if I use the following syntax, it works: var PRX_SRV_80 [128.129.130.131/32] var PRX_SRV_8080 [128.129.130.132/32] var ALL_PROX [$PRX_SRV_80,$PRX_SRV_8080] alert tcp !$ALL_PROX ![21:23] -> $EXTERNAL_NET any (msg:'HELP') No '()'s... Any ideas? Vincent On Tue, 4 Jan 2011, vincent () cojot name wrote:
Hi everyone, In the neverending quest for making my network team people happy, I have come accross the following problem. I have a block of configuration that used variables referencing variables that doesn't work anymore in my 2.9.0.3 builds. Here's the config block: -------------------- CUT ------------------------- var PRX_SRV_80 [128.129.130.131/32] var PRX_SRV_8080 [128.129.130.132/32] var ALL_PROX [$(PRX_SRV_80),$(PRX_SRV_8080)] alert tcp !$ALL_PROX ![21:23] -> $EXTERNAL_NET any (msg:'HELP') -------------------- CUT ------------------------- On my 2.9.0.2 builds, running 'snort -T -c snort.conf' gives: +++++++++++++++++++++++++++++++++++++++++++++++++++ Initializing rule chains... 1 Snort rules read [......] ,,_ -*> Snort! <*- o" )~ Version 2.9.0.2 (Build 92) [......] Snort successfully validated the configuration! Snort exiting On my 2.9.0.3 builds, I now get this: +++++++++++++++++++++++++++++++++++++++++++++++++++ Initializing rule chains... ERROR: snort.conf(79) Undefined variable in the string: !$ALL_PROX. Fatal Error, Quitting.. On my 2.9.0.3 builds, I used these extra options (relative to my 2.9.0.2 builds): --enable-ipv6 \ --enable-gre \ --enable-mpls \ --enable-ppm \ --enable-perfprofiling \ --enable-active-response \ --enable-normalizer \ --enable-reload \ --enable-react \ Does anyone have any idea to explain why what used to work doesn't work anymore....? Any help welcomed.. :)
------------------------------------------------------------------------------ Learn how Oracle Real Application Clusters (RAC) One Node allows customers to consolidate database storage, standardize their database environment, and, should the need arise, upgrade to a full multi-node Oracle RAC database without downtime or disruption http://p.sf.net/sfu/oracle-sfdevnl _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- ERROR: snort.conf(79) Undefined variable in the string: !$ALL_PROX. vincent (Jan 04)
- Re: ERROR: snort.conf(79) Undefined variable in the string: !$ALL_PROX. vincent (Jan 04)
- Re: ERROR: snort.conf(79) Undefined variable in the string: !$ALL_PROX. Joel Esler (Jan 04)
- Re: ERROR: snort.conf(79) Undefined variable in the string: !$ALL_PROX. vincent (Jan 04)