Snort mailing list archives
Re: snort installation error
From: Sylvain Chillaud <sylvain.chillaud () gmail com>
Date: Tue, 10 Aug 2010 13:32:09 +0200
Hi Jun, the answer is in your error message : you can't have !any in a rule -> means 'nothing'. You can't detect based on nothing. Change that in the appropriate rule and it should be ok. Regards, Sylvain 2010/8/10 Jun Wan <junwei_wan () hotmail com>
Hi, I installed SNORT on a fresh Ubuntu 10.04 by following http://it.thelibrarie.com/weblog/?p=515 snort -c /etc/snort/snort.conf -i eth0 I get the following: Running in IDS mode --== Initializing Snort ==-- Initializing Output Plugins! Initializing Preprocessors! Initializing Plug-ins ....pls see the attached details of "Snort installation error.rtf"... +++++++++++++++++++++++++++++++++++++++++++++++++++ Initializing rule chains... Warning: /etc/snort/rules/dos.rules(42) => threshold (in rule) is deprecated; use detection_filter instead. ERROR: /etc/snort/rules/community-smtp.rules(13) => !any is not allowed Fatal Error, Quitting.. Can't find much info via "google", so I would like to have your help. Any info and help would be much appreciated. Thanks for your patience with my many Snort questions. Regards John ------------------------------------------------------------------------------ This SF.net email is sponsored by Make an app they can't live without Enter the BlackBerry Developer Challenge http://p.sf.net/sfu/RIM-dev2dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------------ This SF.net email is sponsored by Make an app they can't live without Enter the BlackBerry Developer Challenge http://p.sf.net/sfu/RIM-dev2dev
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- snort installation error Jun Wan (Aug 10)
- Re: snort installation error Sylvain Chillaud (Aug 10)
- Re: snort installation error Joel Esler (Aug 10)
- pulledpork re-organizing rules? Billy Marshall (Aug 10)
- Re: pulledpork re-organizing rules? Joel Esler (Aug 10)
- Re: pulledpork re-organizing rules? JJC (Aug 10)
- Re: pulledpork re-organizing rules? Billy Marshall (Aug 10)
- snort version 2.8.6.1 with 2.8.6.0 rules Billy Marshall (Aug 10)
- Re: snort version 2.8.6.1 with 2.8.6.0 rules Ryan Jordan (Aug 10)
- Re: snort installation error Joel Esler (Aug 10)
- Re: snort installation error Sylvain Chillaud (Aug 10)
- Re: snort installation error Edward Bjarte Fjellskål (Aug 10)