Snort mailing list archives
Re: Snort-users Digest, Vol 115, Issue 47
From: Aurimas Rudinskis <arudinskis () gmail com>
Date: Tue, 22 Dec 2015 08:44:43 +0200
Thanks Tom. Your solution helped! On Mon, Dec 21, 2015 at 7:06 PM, <snort-users-request () lists sourceforge net> wrote:
Send Snort-users mailing list submissions to snort-users () lists sourceforge net To subscribe or unsubscribe via the World Wide Web, visit https://lists.sourceforge.net/lists/listinfo/snort-users or, via email, send a message with subject or body 'help' to snort-users-request () lists sourceforge net You can reach the person managing the list at snort-users-owner () lists sourceforge net When replying, please edit your Subject line so it is more specific than "Re: Contents of Snort-users digest..." When responding, please don't respond with the entire Digest. Please trim your response. Today's Topics: 1. Active response: can't open ip (Aneela Safdar) 2. Snort 3 reputation configuration (Aurimas Rudinskis) 3. Re: Snort 3 reputation configuration (Tom Peters (thopeter)) ---------------------------------------------------------------------- Message: 1 Date: Sun, 20 Dec 2015 11:08:11 +0000 (UTC) From: Aneela Safdar <ansaf_130 () yahoo com> Subject: [Snort-users] Active response: can't open ip To: "snort-users () lists sourceforge net" <snort-users () lists sourceforge net> Message-ID: <1974694672.1344948.1450609691870.JavaMail.yahoo () mail yahoo com> Content-Type: text/plain; charset="utf-8" Hi, I am trying to run snort on windows as newbie. I have followed?this tutorial?to start off. After completing all steps, when I try to test configuration file, it gives me above error. I am running cmd in Administrator mode. Is there anything else I am missing? Thanks. | | | ?Regards, Aneela Safdar | ? | | ? | | ? | ? | ? | ? | ? | | Install Snort 2.9.7 on Windows | | | | View on www.youtube.com | Preview by Yahoo | | | | ? | -------------- next part -------------- An HTML attachment was scrubbed... ------------------------------ Message: 2 Date: Mon, 21 Dec 2015 16:48:45 +0200 From: Aurimas Rudinskis <arudinskis () gmail com> Subject: [Snort-users] Snort 3 reputation configuration To: snort-users () lists sourceforge net Message-ID: <CA+UY0_hvVVR4OtFP8u8hH21pqpj4Qb= H8gPuVqcJ26oKpbrMqg () mail gmail com> Content-Type: text/plain; charset="utf-8" Hi, I'm trying to configure Snort 3 (aka Snort++) snort.lua. I've tried to add some IPs to 'white_list.rules' and 'black_list.rules' files, but didn't helped. Still getting an error about global 'white_list'. How can I solve this? WHITE_LIST_PATH = '/etc/snort/rules' BLACK_LIST_PATH = '/etc/snort/rules' reputation = { memcap = 500, priority = 'whitelist', nested_ip = 'inner', whitelist = WHITE_LIST_PATH/white_list.rules, blacklist = BLACK_LIST_PATH/black_list.rules, } snort -T -c /etc/snort/snort.lua -i eth0 -------------------------------------------------- o")~ Snort++ 3.0.0-a3-183 -------------------------------------------------- Loading /etc/snort/snort.lua: FATAL: can't init /etc/snort/snort.lua: /etc/snort/snort.lua:1321: attempt to index global 'white_list' (a nil value) Fatal Error, Quitting.. -------------- next part -------------- An HTML attachment was scrubbed... ------------------------------ Message: 3 Date: Mon, 21 Dec 2015 17:06:42 +0000 From: "Tom Peters (thopeter)" <thopeter () cisco com> Subject: Re: [Snort-users] Snort 3 reputation configuration To: Aurimas Rudinskis <arudinskis () gmail com>, "snort-users () lists sourceforge net" <snort-users () lists sourceforge net> Message-ID: <D29D9AE2.254FC%thopeter () cisco com> Content-Type: text/plain; charset="iso-8859-1" Hi, Looks like a lua syntax error. Instead of: whitelist = WHITE_LIST_PATH/white_list.rules, blacklist = BLACK_LIST_PATH/black_list.rules, Try: whitelist = WHITE_LIST_PATH .. '/white_list.rules', blacklist = BLACK_LIST_PATH .. '/black_list.rules', .. is the lua string concatenation operator. Good luck and let me know if this works. Tom From: Aurimas Rudinskis <arudinskis () gmail com<mailto:arudinskis () gmail comDate: Monday, December 21, 2015 at 9:48 AM To: "snort-users () lists sourceforge net<mailto: snort-users () lists sourceforge net>" <snort-users () lists sourceforge net <mailto:snort-users () lists sourceforge net>> Subject: [Snort-users] Snort 3 reputation configuration Hi, I'm trying to configure Snort 3 (aka Snort++) snort.lua. I've tried to add some IPs to 'white_list.rules' and 'black_list.rules' files, but didn't helped. Still getting an error about global 'white_list'. How can I solve this? WHITE_LIST_PATH = '/etc/snort/rules' BLACK_LIST_PATH = '/etc/snort/rules' reputation = { memcap = 500, priority = 'whitelist', nested_ip = 'inner', whitelist = WHITE_LIST_PATH/white_list.rules, blacklist = BLACK_LIST_PATH/black_list.rules, } snort -T -c /etc/snort/snort.lua -i eth0 -------------------------------------------------- o")~ Snort++ 3.0.0-a3-183 -------------------------------------------------- Loading /etc/snort/snort.lua: FATAL: can't init /etc/snort/snort.lua: /etc/snort/snort.lua:1321: attempt to index global 'white_list' (a nil value) Fatal Error, Quitting.. -------------- next part -------------- An HTML attachment was scrubbed... ------------------------------ ------------------------------------------------------------------------------ ------------------------------ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-users End of Snort-users Digest, Vol 115, Issue 47 ********************************************
-- LinkÄ—jimai/Regards, *Aurimas Rudinskis*
------------------------------------------------------------------------------
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Re: Snort-users Digest, Vol 115, Issue 47 Aurimas Rudinskis (Dec 21)