Re: Snord it's not able to start

[Phil Wood <cpw () lanl gov>]

On Fri, Jul 20, 2001 at 10:05:38AM +0100, RoBSD wrote:
> Hello ,
>
> I installed snort 1.7 on 4 computers and when I try to start snort
> using /etc/rc.d/init.d/snortd (running on some kind of redhat 6.0 -
> Cobalt ) I receive the following errors in /var/log/messages
>
> Jul 20 09:49:21 euro snort: [!] ERROR /etc/snort/scan.rules(22) => Bad
> port number: "(msg:"SMTP"
>
> or
>
> Jul 20 09:09:06 dns1 snort: [!] ERROR /etc/snort/exploit.rules(29) => Bad
> port number: "(msg:"EXPLOIT"

Look at the specific rule in the *.rules file (line 22 for scan.rules).
Determine if the different variables used in the rule are defined in your
conf file.  If they are not, then read the rule as if the offending variable
is blank.  That's what snort does.  So, it will try to interpret the the
next non-blank thing as if it were a port number.  

> Sorry if the response it's already in the archive but I did not found a
> good possibility to search properly for my problem!
>
> Thank you for your response!
> Radu
>   
>
> -- 
> Best regards,
>  RoBSD                          mailto:robsd () softhome net
>
>
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> http://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

-- 
Phil Wood, cpw () lanl gov


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users