Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Variable errors using snort 1.8.2...

From: Bob Hillegas <bobhillegas () pdq net>
Date: Tue, 13 Nov 2001 12:52:40 -0600 (CST)
I just upgraded to snort-1.8.2 and the current rule set. After diff'ing my
oldsnort.conf vs newsnort.conf and adjusting necessary lines, I run into
the following error messages.

command line:
snort -Tv -c /etc/snort/snort.conf

...[snip]...
[!] ERROR /etc/snort/snort.conf (47): Bad value in variable definition!
       Make sure you don't have a "$" in the var name
Fatal Error, quitting..
...[snip]...

Line 47 of snort.conf is:

var HOME_NET $ppp0_ADDRESS

This looks legit to me and worked fine in snort-1.8.1.

Since I'm game, I removed the '$', yielding the following:

var HOME_NET ppp0_ADDRESS

Now when I execute the same command line, it goes much further before
erroring out:

...[snip]...
ERROR /etc/snort/snort.conf (228) => Couldn't resolve hostname
ppp0_ADDRESS
Fatal Error, Quitting..
...[snip]...

Line 228 in snort.conf is:

preprocessor portscan: $HOME_NET 4 3 portscan.log

This is simply caused by the absence of the '$' in line 47.

What's going on?
Thanks for looking this over, BobH

-- 
-------------------------------------------------
Bob Hillegas
<bobhillegas () pdq net>
281.546.9311



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: