Snort mailing list archives

Problems with HOME_NET and EXTERNAL_NET var's

From: "Lauts, Anthony" <tlauts () twtr com>
Date: Sun, 31 Aug 2003 12:18:44 -0400

I have set up and installed Snort and Acid on a RH9 box with a single NIC
using Patrick Harper's online Snort Installation Manual (Thanks Patrick)..
it looks like I have one last problem to overcome.

Everything loads fine, but I am not logging anything.  I have traced this
down to my snort.conf file and the EXTERNAL_NET and HOME_NET variables.  I
have tried every iteration of these (i.e., using $eth0_ADDRESS,
10.2.85.0/24, any) and still receive the following error when trying any of
the supplied rulesets:

_______________________start of snip_________________________________
# /usr/local/bin/snort -i eth0 -n 1 -c /etc/snort/x11.rules 
Running in IDS mode
Log directory = /var/log/snort

Initializing Network Interface eth0

        --== Initializing Snort ==--
Initializing Output Plugins!
Decoding Ethernet on interface eth0
Initializing Preprocessors!
Initializing Plug-ins!
Parsing Rules file /etc/snort/x11.rules

+++++++++++++++++++++++++++++++++++++++++++++++++++
Initializing rule chains...
ERROR: Undefined variable name: (/etc/snort/x11.rules:8): EXTERNAL_NET
Fatal Error, Quitting..
_______________________end of snip_________________________________

My NET variables are currently defined as follows:


var HOME_NET 10.2.85.0/24
var EXTERNAL_NET any


I have even tried saying "!HOME_NET" for the EXTERNAL_NET var.

I also have to manually type in "ifconfig etho promisc" to get eth0 to enter
promiscuious mode after a restart of the box.

If anyone has any experience with this, it would b greatly appreciated.

Tony Lauts


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Problems with HOME_NET and EXTERNAL_NET var's Lauts, Anthony (Aug 31)
- RE: Problems with HOME_NET and EXTERNAL_NET var's Gordon Cunningham (Aug 31)
- Re: Problems with HOME_NET and EXTERNAL_NET var's Jochen Erwied (Sep 02)
- <Possible follow-ups>
- RE: Problems with HOME_NET and EXTERNAL_NET var's Lauts, Anthony (Aug 31)
  - RE: RE: Problems with HOME_NET and EXTERNAL_NET var's Gordon Cunningham (Sep 01)