Snort mailing list archives
Re: FATAL ERROR: /etc/snort/rules/file-office.rules(32) Undefined variable in the string: $EXTERNAL_NET.
From: Jason Buker <jason.buker () gmail com>
Date: Tue, 07 Jan 2014 14:31:38 +0300
Instead of trying to fix a broken config… I started over. :) It’s working now. Thanks for the quick responses and help. -Jason On 1/7/14, 1:24 PM, "Jason Buker" <jason.buker () gmail com> wrote:
Yeah, somehow I messed up my snort.conf. I fixed the last FATAL but now I have another one: 1/7/14 1:23:18.305 PM snort[98762]: FATAL ERROR: /etc/snort/snort.conf(44) Unknown rule type: 5250. Your help is appreciated! -Jason On 1/7/14, 1:05 PM, "Jason Buker" <jason.buker () gmail com> wrote:Your right� somehow I dorked up the config file. This is what I have now� but now I¹m getting a message about stream5 needing enabled.. 1/7/14 1:03:32.537 PM snort[98265]: FATAL ERROR: /etc/snort/rules/file-office.rules(32): Stream5 must be enabled to use the 'to_client' option. My snort.conf: var HOME_NET any var EXTERNAL_NET any var HTTP_PORTS 80 var FILE_DATA_PORTS [$HTTP_PORTS,110,143] var RULE_PATH rules var SO_RULE_PATH so_rules var PREPROC_RULE_PATH preproc_rules var WHITE_LIST_PATH /etc/snort/rules var BLACK_LIST_PATH /etc/snort/rules preprocessor sfportscan: proto { all } \ memcap { 10000000 } \ scan_type { all } \ sense_level { low } output unified2: filename snort.u2, limit 128 include $RULE_PATH/file-office.rules include $RULE_PATH/file-other.rules include $RULE_PATH/file-pdf.rules include $RULE_PATH/indicator-compromise.rules include $RULE_PATH/indicator-obfuscation.rules include $RULE_PATH/policy-multimedia.rules include $RULE_PATH/policy-other.rules include $RULE_PATH/policy-social.rules include $RULE_PATH/pua-p2p.rules include $RULE_PATH/pua-toolbars.rules include $RULE_PATH/server-mail.rules include $PREPROC_RULE_PATH/preprocessor.rules include $PREPROC_RULE_PATH/decoder.rules include $PREPROC_RULE_PATH/sensitive-data.rules include $SO_RULE_PATH/bad-traffic.rules include $SO_RULE_PATH/chat.rules include $SO_RULE_PATH/dos.rules include $SO_RULE_PATH/exploit.rules include $SO_RULE_PATH/icmp.rules include $SO_RULE_PATH/imap.rules include $SO_RULE_PATH/misc.rules include $SO_RULE_PATH/multimedia.rules include $SO_RULE_PATH/netbios.rules include $SO_RULE_PATH/nntp.rules include $SO_RULE_PATH/p2p.rules include $SO_RULE_PATH/smtp.rules include $SO_RULE_PATH/snmp.rules include $SO_RULE_PATH/specific-threats.rules include $SO_RULE_PATH/web-activex.rules include $SO_RULE_PATH/web-client.rules include $SO_RULE_PATH/web-iis.rules include $SO_RULE_PATH/web-misc.rules Thanks, Jason On 1/7/14, 11:40 AM, "Jeremy Hoel" <jthoel () gmail com> wrote:Looking at the message it looks like you have an error in your snort.conf; with the variable $EXTERNAL_NET. Post it to the list any maybe one of us can help you. On Mon, Jan 6, 2014 at 10:58 PM, Jason Buker <jason.buker () gmail com> wrote:Finally managed to get snort installed on OSX (Maverick)�.. However, the messages are showing up in the messages: 1/7/14 8:55:28.042 AM snort[84645]: +++++++++++++++++++++++++++++++++++++++++++++++++++ 1/7/14 8:55:28.042 AM snort[84645]: Initializing rule chains... 1/7/14 8:55:28.043 AM snort[84645]: FATAL ERROR: /etc/snort/rules/file-office.rules(32) Undefined variable in the string: $EXTERNAL_NET. 1/7/14 8:55:28.044 AM com.apple.launchd[1]: (org.snort.Snort[84645]) Exited with code: 1 1/7/14 8:55:28.044 AM com.apple.launchd[1]: (org.snort.Snort) Throttling respawn: Will start in 10 seconds I¹m a snort newbie. Anyone have a quick fix? Thanks, Jason ----------------------------------------------------------------------- - - ----- Rapidly troubleshoot problems before they affect your business. Most IT organizations don't have a clear picture of how application performance affects their revenue. With AppDynamics, you get 100% visibility into your Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro! http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.cl k t rk _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Rapidly troubleshoot problems before they affect your business. Most IT organizations don't have a clear picture of how application performance affects their revenue. With AppDynamics, you get 100% visibility into your Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro! http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- FATAL ERROR: /etc/snort/rules/file-office.rules(32) Undefined variable in the string: $EXTERNAL_NET. Jason Buker (Jan 06)
- Re: FATAL ERROR: /etc/snort/rules/file-office.rules(32) Undefined variable in the string: $EXTERNAL_NET. Jeremy Hoel (Jan 07)
- Re: FATAL ERROR: /etc/snort/rules/file-office.rules(32) Undefined variable in the string: $EXTERNAL_NET. Jason Buker (Jan 07)
- Re: FATAL ERROR: /etc/snort/rules/file-office.rules(32) Undefined variable in the string: $EXTERNAL_NET. Jason Buker (Jan 07)
- Re: FATAL ERROR: /etc/snort/rules/file-office.rules(32) Undefined variable in the string: $EXTERNAL_NET. Jason Buker (Jan 07)
- Re: FATAL ERROR: /etc/snort/rules/file-office.rules(32) Undefined variable in the string: $EXTERNAL_NET. Joel Esler (jesler) (Jan 07)
- Re: FATAL ERROR: /etc/snort/rules/file-office.rules(32) Undefined variable in the string: $EXTERNAL_NET. Jason Buker (Jan 07)
- Re: FATAL ERROR: /etc/snort/rules/file-office.rules(32) Undefined variable in the string: $EXTERNAL_NET. Jeremy Hoel (Jan 07)