Snort mailing list archives
Re: snort installation error
From: Joel Esler <jesler () sourcefire com>
Date: Tue, 10 Aug 2010 07:52:03 -0400
Most likely this means that you need to define your variables in snort.conf. Sent from my iPhone On Aug 10, 2010, at 7:32 AM, Sylvain Chillaud <sylvain.chillaud () gmail com> wrote:
Hi Jun, the answer is in your error message : you can't have !any in a rule -> means 'nothing'. You can't detect based on nothing. Change that in the appropriate rule and it should be ok. Regards, Sylvain 2010/8/10 Jun Wan <junwei_wan () hotmail com> Hi, I installed SNORT on a fresh Ubuntu 10.04 by following http://it.thelibrarie.com/weblog/?p=515 snort -c /etc/snort/snort.conf -i eth0 I get the following: Running in IDS mode --== Initializing Snort ==-- Initializing Output Plugins! Initializing Preprocessors! Initializing Plug-ins ....pls see the attached details of "Snort installation error.rtf"... +++++++++++++++++++++++++++++++++++++++++++++++++++ Initializing rule chains... Warning: /etc/snort/rules/dos.rules(42) => threshold (in rule) is deprecated; use detection_filter instead. ERROR: /etc/snort/rules/community-smtp.rules(13) => !any is not allowed Fatal Error, Quitting.. Can't find much info via "google", so I would like to have your help. Any info and help would be much appreciated. Thanks for your patience with my many Snort questions. Regards John ------------------------------------------------------------------------------ This SF.net email is sponsored by Make an app they can't live without Enter the BlackBerry Developer Challenge http://p.sf.net/sfu/RIM-dev2dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------------------------------ This SF.net email is sponsored by Make an app they can't live without Enter the BlackBerry Developer Challenge http://p.sf.net/sfu/RIM-dev2dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------------ This SF.net email is sponsored by Make an app they can't live without Enter the BlackBerry Developer Challenge http://p.sf.net/sfu/RIM-dev2dev
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- snort installation error Jun Wan (Aug 10)
- Re: snort installation error Sylvain Chillaud (Aug 10)
- Re: snort installation error Joel Esler (Aug 10)
- pulledpork re-organizing rules? Billy Marshall (Aug 10)
- Re: pulledpork re-organizing rules? Joel Esler (Aug 10)
- Re: pulledpork re-organizing rules? JJC (Aug 10)
- Re: pulledpork re-organizing rules? Billy Marshall (Aug 10)
- snort version 2.8.6.1 with 2.8.6.0 rules Billy Marshall (Aug 10)
- Re: snort version 2.8.6.1 with 2.8.6.0 rules Ryan Jordan (Aug 10)
- Re: snort installation error Joel Esler (Aug 10)
- Re: snort installation error Sylvain Chillaud (Aug 10)
- Re: snort installation error Edward Bjarte Fjellskål (Aug 10)