Re: HOME_NET var on snort.conf

[Paul Schmehl <pauls () utdallas edu>]

--On Monday, March 22, 2004 2:00 AM +0000 pfeito <pfeito () netcabo pt> wrote:

> Hi!
>
>  In snort.conf, I have HOME_NET var set like this:
>
> var HOME_NET $eth1_ADDRESS
>
> I start snort, but it does not start. In /var/log/messages I get the
> following information:
>
> Mar 22 01:44:01 snortbox snort: FATAL ERROR: Undefined variable name:
> (/etc/snort/snort.conf:46): eth1_ADDRESS
> Mar 22 01:44:01 snortbox kernel: device eth1 left promiscuous mode
>
> I have to set the IP address of the box manually, but this IP address is
> assigned by my ISP, so it would be much better if "var HOME_NET
> $eth1_ADDRESS" method worked!
Why?  $HOME_NET represents the IP address(es) that are inside your network. 
eth1 is your network card, *not* your IP address.  You need to make 
$HOME_NET your IP address.

I assume your ISP is assigning your address dynamically, it changes 
periodically, and that's why you're trying to do what you're doing.  I 
don't know of a good solution for that.  You will probably have to edit the 
IP address for $HOME_NET before starting snort.

Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu


-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users