trouble starting snort

[Larry Wichman <larrywichman () yahoo com>]

I am having trouble starting Snort. Can someone tell me what I am doing wrong?
 
I am trying to start snort with the following command:
 snort -dev -c /etc/snort/snort.conf -i eth0

here is the output and error:

 

Running in IDS mode

Log directory = /var/log/snort

 

Initializing Network Interface eth0

OpenPcap() device eth0 network lookup:

        eth0: no IPv4 address assigned

 

        --== Initializing Snort ==--

Initializing Output Plugins!

Decoding Ethernet on interface eth0

Initializing Preprocessors!

Initializing Plug-ins!

Parsing Rules file /etc/snort/snort.conf

 

+++++++++++++++++++++++++++++++++++++++++++++++++++

Initializing rule chains...

ERROR: /etc/snort/snort.conf(44) => NULL rule type

Fatal Error, Quitting..

 

here is part of my snort.conf: 

 

 

 

#   http://www.snort.org     Snort 2.1.0 Ruleset

#     Contact: snort-sigs () lists sourceforge net

#--------------------------------------------------

# $Id: snort.conf,v 1.133.2.3 2004/02/25 16:52:51 jh8 Exp $

#

###################################################

# This file contains a sample snort configuration.

# You can take the following steps to create your own custom configuration:

#

#  1) Set the network variables for your network

#  2) Configure preprocessors

#  3) Configure output plugins

#  4) Customize your rule set

#

###################################################

# Step #1: Set the network variables:

#

# You must change the following variables to reflect your local network. The

# variable is currently setup for an RFC 1918 address space.

#

# You can specify it explicitly as:

#

# var HOME_NET 10.1.1.0/24

#

# or use global variable $<interfacename>_ADDRESS which will be always

# initialized to IP address and netmask of the network interface which you run

# snort at.  Under Windows, this must be specified as

# $(<interfacename>_ADDRESS), such as:

# $(\Device\Packet_{12345678-90AB-CDEF-1234567890AB}_ADDRESS)

#

# var HOME_NET $eth0_ADDRESS

#

# You can specify lists of IP addresses for HOME_NET

# by separating the IPs with commas like this:

#

# var HOME_NET [10.1.1.0/24,192.168.1.0/24]

#

# MAKE SURE YOU DON'T PLACE ANY SPACES IN YOUR LIST!

#

# or you can specify the variable to be any IP address

# like this:

var HOME_NET x.x.x.0/24

 

# Set up the external network addresses as well.  A good start may be "any"

var EXTERNAL_NET any

 

output database: log, mysql, user=root password=xxxxxx dbname=xxxx host=x.x.x.x

 

# Configure your server lists.  This allows snort to only look for attacks to

# systems that have a service up.  Why look for HTTP attacks if you are not

# running a web server?  This allows quick filtering based on IP addresses

# These configurations MUST follow the same configuration scheme as defined

# above for $HOME_NET.

 

# List of DNS servers on your network

# var DNS_SERVERS $HOME_NET

 

# List of SMTP servers on your network

var SMTP_SERVERS $HOME_NET

 # Configure your service ports.  This allows snort to look for attacks destined

# to a specific application only on the ports that application runs on.  For

# example, if you run a web server on port 8081, set your HTTP_PORTS variable

# like this:


Cheers,
Lawrence A. Wichman2719 W ThomasApt 2
Chicago
Il, 60622
773.807.7606






                
---------------------------------
Do you Yahoo!?
New and Improved Yahoo! Mail - Send 10MB messages!