Snort mailing list archives
trouble starting snort
From: Larry Wichman <larrywichman () yahoo com>
Date: Mon, 13 Sep 2004 09:26:46 -0700 (PDT)
I am having trouble starting Snort. Can someone tell me what I am doing wrong? I am trying to start snort with the following command: snort -dev -c /etc/snort/snort.conf -i eth0 here is the output and error: Running in IDS mode Log directory = /var/log/snort Initializing Network Interface eth0 OpenPcap() device eth0 network lookup: eth0: no IPv4 address assigned --== Initializing Snort ==-- Initializing Output Plugins! Decoding Ethernet on interface eth0 Initializing Preprocessors! Initializing Plug-ins! Parsing Rules file /etc/snort/snort.conf +++++++++++++++++++++++++++++++++++++++++++++++++++ Initializing rule chains... ERROR: /etc/snort/snort.conf(44) => NULL rule type Fatal Error, Quitting.. here is part of my snort.conf: # http://www.snort.org Snort 2.1.0 Ruleset # Contact: snort-sigs () lists sourceforge net #-------------------------------------------------- # $Id: snort.conf,v 1.133.2.3 2004/02/25 16:52:51 jh8 Exp $ # ################################################### # This file contains a sample snort configuration. # You can take the following steps to create your own custom configuration: # # 1) Set the network variables for your network # 2) Configure preprocessors # 3) Configure output plugins # 4) Customize your rule set # ################################################### # Step #1: Set the network variables: # # You must change the following variables to reflect your local network. The # variable is currently setup for an RFC 1918 address space. # # You can specify it explicitly as: # # var HOME_NET 10.1.1.0/24 # # or use global variable $<interfacename>_ADDRESS which will be always # initialized to IP address and netmask of the network interface which you run # snort at. Under Windows, this must be specified as # $(<interfacename>_ADDRESS), such as: # $(\Device\Packet_{12345678-90AB-CDEF-1234567890AB}_ADDRESS) # # var HOME_NET $eth0_ADDRESS # # You can specify lists of IP addresses for HOME_NET # by separating the IPs with commas like this: # # var HOME_NET [10.1.1.0/24,192.168.1.0/24] # # MAKE SURE YOU DON'T PLACE ANY SPACES IN YOUR LIST! # # or you can specify the variable to be any IP address # like this: var HOME_NET x.x.x.0/24 # Set up the external network addresses as well. A good start may be "any" var EXTERNAL_NET any output database: log, mysql, user=root password=xxxxxx dbname=xxxx host=x.x.x.x # Configure your server lists. This allows snort to only look for attacks to # systems that have a service up. Why look for HTTP attacks if you are not # running a web server? This allows quick filtering based on IP addresses # These configurations MUST follow the same configuration scheme as defined # above for $HOME_NET. # List of DNS servers on your network # var DNS_SERVERS $HOME_NET # List of SMTP servers on your network var SMTP_SERVERS $HOME_NET # Configure your service ports. This allows snort to look for attacks destined # to a specific application only on the ports that application runs on. For # example, if you run a web server on port 8081, set your HTTP_PORTS variable # like this: Cheers, Lawrence A. Wichman2719 W ThomasApt 2 Chicago Il, 60622 773.807.7606 --------------------------------- Do you Yahoo!? New and Improved Yahoo! Mail - Send 10MB messages!
Current thread:
- trouble starting snort Larry Wichman (Sep 13)
- Re: trouble starting snort Jose Maria Lopez (Sep 14)
- <Possible follow-ups>
- RE: trouble starting snort M Shirk (Sep 13)
- RE: trouble starting snort Truax, Shawn (MBS) (Sep 13)
- RE: trouble starting snort Larry Wichman (Sep 13)
- RE: trouble starting snort Carstensen Nicholas Contractor USTC (Sep 13)