Snort mailing list archives
Re: Unable to run Snort in IPS mode
From: Ray Caparros <arcy24 () gmail com>
Date: Mon, 22 Feb 2010 07:56:18 -0500
Could you provide more info on what rule you have enabled on you local.rules Sent from my iPhone On Feb 22, 2010, at 2:07, "Sharma, Ashish" <ashish.sharma3 () hp com> wrote:
Hi, I have a fedora core 10 virtual machine running on a sun virtual box. I am trying to run Snort on this machine in IPS mode. I followed the following steps (I had already installed the prerequisites for Snort IPS): 1. Downloaded 'snort-2.8.5.2.tar.gz' 2. Extracted the binaries. 3. did './configure --enable-inline' 4. did 'make' 5. did 'make install' 6. copied snort rules and snort conf at appropriate location. 7. executed the following command : 'snort -A console -Q -c /etc/snort /snort.conf -i eth1 -l /var/log/ snort' 8. Snort launches with the traces : Enabling inline operation Running in IDS mode --== Initializing Snort ==-- Initializing Output Plugins! Initializing Preprocessors! .................................. Initializing rule chains... ERROR: /etc/snortIDSMode/rules /local.rules(10 ) Unknown rule type: reject. Fatal Error, Quitting.. 8. As you can see I have a test rule in local.rule that have a 'reject' rule in it but snort is not accepting it, same is the case for 'sdrop' rule also. 9. What is the problem , please help!!!!! What should I do in all to let my Snort run in IPS mode Thanks in advance Ashish Sharma --- --- --- --------------------------------------------------------------------- Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Unable to run Snort in IPS mode Sharma, Ashish (Feb 21)
- Re: Unable to run Snort in IPS mode Ray Caparros (Feb 22)
- Message not available
- Re: Unable to run Snort in IPS mode Sharma, Ashish (Feb 22)
- Message not available
- Re: Unable to run Snort in IPS mode Sharma, Ashish (Feb 22)
- Message not available
- Re: Unable to run Snort in IPS mode Sharma, Ashish (Feb 22)
- Re: Unable to run Snort in IPS mode Joel Esler (Feb 22)
- Re: Unable to run Snort in IPS mode Sharma, Ashish (Feb 22)
- Re: Unable to run Snort in IPS mode Nigel Houghton (Feb 22)
- Re: Unable to run Snort in IPS mode Sharma, Ashish (Feb 22)
- Re: Unable to run Snort in IPS mode Nigel Houghton (Feb 22)
- Re: Unable to run Snort in IPS mode Sharma, Ashish (Feb 22)
- Re: Unable to run Snort in IPS mode Nigel Houghton (Feb 23)
- Re: Unable to run Snort in IPS mode Sharma, Ashish (Feb 23)