Snort mailing list archives
Re: running snort
From: "Al Lewis (allewi)" <allewi () cisco com>
Date: Wed, 29 Mar 2017 22:33:59 +0000
Try this: Please go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Albert Lewis ENGINEER.SOFTWARE ENGINEERING SOURCEfire, Inc. now part of Cisco Email: allewi () cisco com On 3/29/17, 6:18 PM, "Dan Fulop" <dan () fulop org> wrote:
How do I get off this fucking spam list?On Mar 29, 2017, at 6:04 PM, Russ <rucombs () cisco com> wrote: That is a Snort 2.X conf. You need a completely different beast for Snort 3.0. Look at the conf installed in <install_path>/etc/snort.sort.lua or in the source tree in lua/snort.lua. The README has more info to get you started.On 3/29/17 5:57 PM, bobby wrote: I am trying to run snort 3 on ubuntu 16.04 x64. sudo /usr/sbin/snort -q -u snort -g snort -c /etc/snort/snort.conf -i enp1s0 -D FATAL: can't load /etc/snort/snort.conf: /etc/snort/snort.conf:2: unexpected symbol near '#' Fatal Error, Quitting.. And here are the first several lines: sudo cat snort.conf #-------------------------------------------------- # VRT Rule Packages Snort.conf # # For more information visit us at: # http://www.snort.org Snort Website # http://vrt-blog.snort.org/ Sourcefire VRT Blog # # Mailing list Contact: snort-sigs () lists sourceforge net # False Positive reports: fp () sourcefire com # Snort bugs: bugs () snort org # # Compatible with Snort Versions: # VERSIONS : 2.9.7.0 # # Snort build options: # OPTIONS : --enable-gre --enable-mpls --enable-targetbased --enable-ppm --enable-perfprofiling --enable-zlib --enable-active-response --enable-normalizer --enable-reload --enable-react --enable-flexresp3 # # Additional information: # This configuration file enables active response, to run snort in # test mode -T you are required to supply an interface -i <interface> # or test mode will fail to fully validate the configuration and # exit with a FATAL error #-------------------------------------------------- ################################################### # This file contains a sample snort configuration. # You should take the following steps to create your own custom configuration: # # 1) Set the network variables. # 2) Configure the decoder # 3) Configure the base detection engine # 4) Configure dynamic loaded libraries # 5) Configure preprocessors # 6) Configure output plugins # 7) Customize your rule set # 8) Customize preprocessor and decoder rule set # 9) Customize shared object rule set ################################################### portvar FILE_DATA_PORTS [$HTTP_PORTS,110,143] ################################################### # Step #1: Set the network variables. For more information, see README.variables ################################################### # Setup the network addresses you are protecting # # Note to Debian users: this value is overriden when starting # up the Snort daemon through the init.d script by the # value of DEBIAN_SNORT_HOME_NET s defined in the # /etc/snort/snort.debian.conf configuration file # ipvar HOME_NET any # Set up the external network addresses. Leave as "any" in most situations ipvar EXTERNAL_NET any # If HOME_NET is defined as something other than "any", alternative, you can # use this definition if you do not want to detect attacks from your internal # IP addresses: #ipvar EXTERNAL_NET !$HOME_NET # List of DNS servers on your network ipvar DNS_SERVERS $HOME_NET # List of SMTP servers on your network ipvar SMTP_SERVERS $HOME_NET # List of web servers on your network ipvar HTTP_SERVERS $HOME_NET # List of sql servers on your network ipvar SQL_SERVERS $HOME_NET # List of telnet servers on your network ipvar TELNET_SERVERS $HOME_NET # List of ssh servers on your network ipvar SSH_SERVERS $HOME_NET # List of ftp servers on your network ipvar FTP_SERVERS $HOME_NET # List of sip servers on your network ipvar SIP_SERVERS $HOME_NET # List of ports you run web servers on portvar HTTP_PORTS [80,81,311,383,591,593,901,1220,1414,1741,1830,2301,2381, 2809,3037,3128,3702,4343,4848,5250,6988,7000,7001,7144,7145, 7510,7777,7779,8000,8008,8014,8028,8080,8085,8088,8090,8118, 8123,8180,8181,8243,8280,8300,8800,8888,8899,9000,9060,9080, 9090,9091,9443,9999,11371,34443,34444,41080,50002,55555] How do I fix this? ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- running snort bobby (Mar 29)
- Re: running snort Russ (Mar 29)
- Re: running snort Dan Fulop (Mar 29)
- Re: running snort Al Lewis (allewi) (Mar 29)
- Re: running snort Luke Ager (Mar 29)
- Re: running snort Joel Esler (jesler) (Mar 29)
- Re: running snort Dan Fulop (Mar 29)
- Re: running snort Russ (Mar 29)