Snort mailing list archives
Re: Startup error post-package install
From: Y M <snort () outlook com>
Date: Thu, 26 Feb 2015 19:34:32 +0000
ERROR: /etc/snort/rules/community-virus.rules(19) !any is not allowed: !$DNS_SERVERS.
Fatal Error, Quitting..
This error is due to the fact that $DNS_SERVERS variable is defined as any, however, you have a rule in "community-virus.rules" that looks for IP addresses that are "not" in $DNS_SERVERS by using the deny operator "!"; i.e.: the rules is negating any, which is not an IP address. This is not a Snort error per se, you need to define the IP addresses that should go into $DNS_SERVERS, $HOME_NET, etc so that when the negation takes place, it negates IP addresses and not the keyword any.
At this point, however, I have not edited any of the default rules or snort.conf configuration file. If I then run Snort in daemon mode, there is success - Snort does not terminate - and I see alerts in the snort.log file. What is going wrong on the non-daemon start that is causing it to terminate ? Thanks ------------------------------------------------------------------------------ Dive into the World of Parallel Programming The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Dive into the World of Parallel Programming The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Startup error post-package install Research (Feb 26)
- Re: Startup error post-package install James Lay (Feb 26)
- Re: Startup error post-package install Research (Feb 26)
- Re: Startup error post-package install James Lay (Feb 26)
- Re: Startup error post-package install Research (Feb 26)
- Re: Startup error post-package install Y M (Feb 26)
- Re: Startup error post-package install Research (Feb 26)
- Re: Startup error post-package install James Lay (Feb 26)
- Re: Startup error post-package install Research (Feb 26)
- Re: Startup error post-package install Research (Feb 26)
- Re: Startup error post-package install Joel Esler (jesler) (Feb 27)
- Re: Startup error post-package install Research (Feb 28)
- Re: Startup error post-package install Joel Esler (jesler) (Feb 28)
- Re: Startup error post-package install James Lay (Feb 26)