Snort mailing list archives
Failed to parse the IP address: $HOME_NET
From: "Chiesa Stefano" <Stefano.Chiesa () wki it>
Date: Thu, 16 Aug 2012 17:32:20 +0200
Hello all. I'm a newbie in Linux system management and is the first time I install snort (barnyard2, snorby) and I need a help. Everything is working quite fine at the moment, but I want to go ahead and I'm facing a problem. These are the details: CentOS release 6.3 (Final) Linux s-dr-snort 2.6.32-279.2.1.el6.x86_64 #1 SMP Fri Jul 20 01:55:29 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux [root@s-dr-snort ~]# /usr/sbin/snort -V ,,_ -*> Snort! <*- o" )~ Version 2.9.2.3 IPv6 GRE (Build 205) '''' By Martin Roesch & The Snort Team: http://www.snort.org/snort/snort-team Copyright (C) 1998-2012 Sourcefire, Inc., et al. Using libpcap version 1.3.0 Using PCRE version: 7.8 2008-09-05 Using ZLIB version: 1.2.3 Rules updated every night via Pulledpork. As a result I have a single rules file snort.rules. I inseted the include statement in the snort.conf file: include $RULE_PATH/snort.rules and disabled all other include lines. This is the error: +++++++++++++++++++++++++++++++++++++++++++++++++++ Initializing rule chains... WARNING: /etc/snort/../rules/snort.rules(12) threshold (in rule) is deprecated; use detection_filter instead. ERROR: /etc/snort/../rules/snort.rules(7073) !any is not allowed: !$HOME_NET. Fatal Error, Quitting.. +++++++++++++++++++++++++++++++++++++++++++++++++++ I understood I have to configure the HOME_NET variable (I have almost all the variables at the "any" value). But, and this is the main problem, no matter what I write to configure the variable I always get an error. ipvar H0ME_NET 212.239.x.x/25 w/o brackets ipvar H0ME_NET [212.239.x.x/25] w/ brackets ipvar H0ME_NET [172.16.40.111] w/ single internal address using 'ipvar' or simply 'var' I get these errors: [root@s-dr-snort ~]# /usr/sbin/snort -T -d -i eth0 -u snort -g snort -c /etc/snort/snort.conf -l /home/snort/log/eth0 Running in Test mode --== Initializing Snort ==-- Initializing Output Plugins! Initializing Preprocessors! Initializing Plug-ins! Parsing Rules file "/etc/snort/snort.conf" ERROR: /etc/snort/snort.conf(55) Failed to parse the IP address: $HOME_NET. Fatal Error, Quitting.. (the line #55 is the first one that tries to use the variable: ipvar DNS_SERVERS $HOME_NET I read a number of post everywhere but I didn't find a solution. Can someone help me? Thanks in advance. Stefano. ---------------------------------------- Stefano Chiesa Wolters Kluwer Italia Strada 1, Palazzo F6 20090 Milanofiori Assago (Mi) - Italia Phone +39 0282476279 (20279 Voip) Fax +39 0282476815
Attachment:
snort.conf
Description: snort.conf
------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Failed to parse the IP address: $HOME_NET Chiesa Stefano (Aug 16)
- Re: Failed to parse the IP address: $HOME_NET Dave Venman (Aug 16)
- Re: Failed to parse the IP address: $HOME_NET Craft, Robert (Aug 16)
- Re: Failed to parse the IP address: $HOME_NET John Gay (Aug 16)
- Message not available
- R: Failed to parse the IP address: $HOME_NET - [[]] Chiesa Stefano (Aug 17)
- <Possible follow-ups>
- Re: Failed to parse the IP address: $HOME_NET Lay, James (Aug 16)
- Re: Failed to parse the IP address: $HOME_NET Joel Esler (Aug 16)