Re: Config Question

[James Jalbert <jjalbert () mail caribouschools org>]

Here is the Home_Net protion of my config. I tried to get the error 
message I recived when I tried this before, but damn if I typed the 
information in the config again, and this time snort started with no 
errors. I have not yet chacked BASE to besure that I am getting things, 
But could you verify that this is the proper context for me.

Thanks for the help



# var HOME_NET $eth0_ADDRESS
#
# You can specify lists of IP addresses for HOME_NET
# by separating the IPs with commas like this:
#
# var HOME_NET [10.1.1.0/24,192.168.1.0/24]
#
# MAKE SURE YOU DON'T PLACE ANY SPACES IN YOUR LIST!
#
# or you can specify the variable to be any IP address
# like this:

var HOME_NET 
xx.xx.94.0/23,xx.xx.72.0/23,xx.xx.74.128/25,xx.xx.74.0/25,xx.xx.75.0/25,xx.xx.75.128/26,xx.xx75.192/26


James Jalbert, MCP
Network Administrator
Caribou School Department
Phone: 207-493-4246
Cell: 207-551-9764
E-Mail: jjalbert () mail caribouschools org



Matt Kettler wrote:
> James Jalbert wrote:
>   
> > I am looking to see if it is possible to configure one snort machine for
> > many "Home" networks. I have 7 subnets that are the lan and wan for my
> > location. I tried to configure snort with the var home_net set with the
> > network address, but was unable to run snort after. For security reasons
> > I will not post entire IP's but will post last sections, please tell me
> > if I have done something wrong.
> >
> > Subnets are :   xx.xx.94.0/23
> >                      xx.xx.72.0/23
> >                      xx.xx.74.0/25
> >                      xx.xx.74.128/25
> >                      xx.xx.75.0/25
> >                      xx.xx.75.128/26
> >                      xx.xx.75.192/26
> >
> > Any thoughts or advice would be appreciated
> >     
>
> Well, AFAIK, here's nothing intrinsically wrong with the above. However, I'd
> have to assume you correctly built a home_net declaration that matched the
> above. Given that you're having trouble running snort, it suggests the above is
> not correct.
>
> Can you post your home_net declaration from your snort.conf? Modified with the
> same censoring as above is fine, I'm looking for syntactic errors in format, not
> specific numbers. (Side note: Be aware this censoring of IPs only grants you
> very little, if any, extra privacy.)
>
> Can you post the output that occurs when you start snort manually from the
> command line?  Do this without any "service" or other init scripts. Call snort
> directly from the command-line with the appropriate parameters,  Leave off any
> -D parameters. For most folks, this would just be snort -c /etc/snort.conf.
>
>
>
>
>   



-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users