Re: Again, bBrackets around 1st varible in snort.conf

[Erek Adams <erek () theadamsfamily net>]

On Mon, 3 Sep 2001, Randy wrote:

> OK - by request, here's my snort.conf with the net numbers edited out.

[...snip...]

> "snort: FATAL ERROR: ERROR /etc/snort/exploit.rules (6) => Rule IP addr
> ([143.138.0.0) didn't x-late, WTF?"

Ok, from that snippet above, It looks like you're not placing brackets around
all of it.  It seems to only be seeing the first of the brackets.

On my box:

var HOME_NET [10.10.0.0/24,10.10.10.0/24]
var EXTERNAL_NET !$HOME_NET

[...snip...]

        --== Initialization Complete ==--

-*> Snort! <*-
Version 1.8.1-RELEASE (Build 77)
By Martin Roesch (roesch () sourcefire com, www.snort.org)

Runs fine....

[...snip...]

A few things:

        * Make sure on what snort you're _really_ running.  Use snort -V to
check the version.
        * Make sure the version you're calling really is the right one.  Very
easy to boff if you're trying to setup chroot'ed jails.
        * Instead of trying the vision.conf setup, try the standard ones from
the snort-1.8.1-RELEASE tarball.  cp *.rules /wherever/they/live/
        * Find is your friend.  cd / ; find . -type f -name snor\* -print
That should help make sure about some of the above points.

We're not saying you're crazy--It's just that others are doing this, and it
works....  So it looks to be something local to your setup.

Hope this helps!

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users