Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: FATAL ERROR: /usr/local/etc/snort.conf(45) Unknown rule type: ipvar.

From: alexus <alexus () gmail com>
Date: Mon, 15 Aug 2011 20:20:31 -0400
ok, done
i dont have ipv6 enabled on my system so you were right as soon as i
changed ipvar to var it went through that
but it complain on something else...

Aug 16 00:16:41 dd snort[22515]: Running in IDS mode
Aug 16 00:16:41 dd snort[22515]:
Aug 16 00:16:41 dd snort[22515]:         --== Initializing Snort ==--
Aug 16 00:16:41 dd snort[22515]: Initializing Output Plugins!
Aug 16 00:16:41 dd snort[22515]: Initializing Preprocessors!
Aug 16 00:16:41 dd snort[22515]: Initializing Plug-ins!
Aug 16 00:16:41 dd snort[22515]: Parsing Rules file "/usr/local/etc/snort.conf"
Aug 16 00:16:41 dd snort[22515]: PortVar 'HTTP_PORTS' defined :
Aug 16 00:16:41 dd snort[22515]:  [ 80:81 311 591 593 901 1220 1414
1830 2301 2381 2809 3128 3702 5250 7001 7777 7779 8000 8008 8028 8080
8088 8118 8123 8180:8181 8243 8280 8888 9090:9091 9443 9999 11371 ]
Aug 16 00:16:41 dd snort[22515]:
Aug 16 00:16:41 dd snort[22515]: PortVar 'SHELLCODE_PORTS' defined :
Aug 16 00:16:41 dd snort[22515]:  [ 0:79 81:65535 ]
Aug 16 00:16:41 dd snort[22515]:
Aug 16 00:16:41 dd snort[22515]: PortVar 'ORACLE_PORTS' defined :
Aug 16 00:16:41 dd snort[22515]:  [ 1024:65535 ]
Aug 16 00:16:41 dd snort[22515]:
Aug 16 00:16:41 dd snort[22515]: PortVar 'SSH_PORTS' defined :
Aug 16 00:16:41 dd snort[22515]:  [ 22 ]
Aug 16 00:16:41 dd snort[22515]:
Aug 16 00:16:41 dd snort[22515]: PortVar 'FTP_PORTS' defined :
Aug 16 00:16:41 dd snort[22515]:  [ 21 2100 3535 ]
Aug 16 00:16:41 dd snort[22515]:
Aug 16 00:16:41 dd snort[22515]: Detection:
Aug 16 00:16:41 dd snort[22515]:    Search-Method = AC-Full-Q
Aug 16 00:16:41 dd snort[22515]:     Split Any/Any group = enabled
Aug 16 00:16:41 dd snort[22515]:     Search-Method-Optimizations = enabled
Aug 16 00:16:41 dd snort[22515]:     Maximum pattern length = 20
Aug 16 00:16:41 dd snort[22515]: Tagged Packet Limit: 256
Aug 16 00:16:41 dd snort[22515]: Loading dynamic engine
/usr/local/lib/snort_dynamicengine/libsf_engine.so...
Aug 16 00:16:41 dd snort[22515]: done
Aug 16 00:16:41 dd snort[22515]: Loading all dynamic detection libs
from /usr/local/lib/snort_dynamicrules...
Aug 16 00:16:41 dd snort[22515]:   Loading dynamic detection library
/usr/local/lib/snort_dynamicrules/lib_sfdynamic_example_rule.so...
Aug 16 00:16:41 dd snort[22515]: done
Aug 16 00:16:41 dd snort[22515]:   Finished Loading all dynamic
detection libs from /usr/local/lib/snort_dynamicrules
Aug 16 00:16:41 dd snort[22515]: Loading all dynamic preprocessor libs
from /usr/local/lib/snort_dynamicpreprocessor/...
Aug 16 00:16:41 dd snort[22515]:   Loading dynamic preprocessor
library /usr/local/lib/snort_dynamicpreprocessor//libsf_ftptelnet_preproc.so...
Aug 16 00:16:41 dd snort[22515]: done
Aug 16 00:16:41 dd snort[22515]:   Loading dynamic preprocessor
library /usr/local/lib/snort_dynamicpreprocessor//libsf_smtp_preproc.so...
Aug 16 00:16:41 dd snort[22515]: done
Aug 16 00:16:41 dd snort[22515]:   Loading dynamic preprocessor
library /usr/local/lib/snort_dynamicpreprocessor//libsf_ssh_preproc.so...
Aug 16 00:16:41 dd snort[22515]: done
Aug 16 00:16:41 dd snort[22515]:   Loading dynamic preprocessor
library /usr/local/lib/snort_dynamicpreprocessor//libsf_dcerpc_preproc.so...
Aug 16 00:16:41 dd snort[22515]: done
Aug 16 00:16:41 dd snort[22515]:   Loading dynamic preprocessor
library /usr/local/lib/snort_dynamicpreprocessor//libsf_dns_preproc.so...
Aug 16 00:16:41 dd snort[22515]: done
Aug 16 00:16:41 dd snort[22515]:   Loading dynamic preprocessor
library /usr/local/lib/snort_dynamicpreprocessor//libsf_ssl_preproc.so...
Aug 16 00:16:41 dd snort[22515]: done
Aug 16 00:16:41 dd snort[22515]:   Loading dynamic preprocessor
library /usr/local/lib/snort_dynamicpreprocessor//lib_sfdynamic_preprocessor_example.so...
Aug 16 00:16:41 dd snort[22515]: done
Aug 16 00:16:41 dd snort[22515]:   Loading dynamic preprocessor
library /usr/local/lib/snort_dynamicpreprocessor//libsf_dce2_preproc.so...
Aug 16 00:16:41 dd snort[22515]: done
Aug 16 00:16:41 dd snort[22515]:   Loading dynamic preprocessor
library /usr/local/lib/snort_dynamicpreprocessor//libsf_sdf_preproc.so...
Aug 16 00:16:41 dd snort[22515]: done
Aug 16 00:16:41 dd snort[22515]:   Finished Loading all dynamic
preprocessor libs from /usr/local/lib/snort_dynamicpreprocessor/
Aug 16 00:16:41 dd snort[22515]: Log directory = /var/log/snort
Aug 16 00:16:41 dd snort[22515]: Frag3 global config:
Aug 16 00:16:41 dd snort[22515]:     Max frags: 65536
Aug 16 00:16:41 dd snort[22515]:     Fragment memory cap: 4194304 bytes
Aug 16 00:16:41 dd snort[22515]: Frag3 engine config:
Aug 16 00:16:41 dd snort[22515]:     Target-based policy: WINDOWS
Aug 16 00:16:41 dd snort[22515]:     Fragment timeout: 180 seconds
Aug 16 00:16:41 dd snort[22515]:     Fragment min_ttl:   1
Aug 16 00:16:41 dd snort[22515]:     Fragment Problems: 1
Aug 16 00:16:41 dd snort[22515]:     Overlap Limit:     10
Aug 16 00:16:41 dd snort[22515]:     Min fragment Length:     100
Aug 16 00:16:41 dd snort[22515]: FATAL ERROR:
/usr/local/etc/snort.conf(246) => Unknown Stream5 global option
(max_active_responses 2)


# Target-Based stateful inspection/stream reassembly.  For more
inforation, see README.stream5
preprocessor stream5_global: track_tcp yes, \
   track_udp yes, \
   track_icmp no, \
   max_tcp 262144, \
   max_udp 131072, \
   max_active_responses 2, \
   min_response_seconds 5

for whatever reason(s) now it doesnt like this line:

   min_response_seconds 5

or according to syslog line

   max_active_responses 2, \



On Mon, Aug 15, 2011 at 5:40 PM, waldo kitty <wkitty42 () windstream net> wrote:

On 8/15/2011 17:15, alexus wrote:

line 45 of /usr/local/etc/snort.conf states:

ipvar HOME_NET [64.237.55.65/27]

I dont understand why it's complaining ...


IIRC, ipvar is for IPv6 stuff... if you do not have IPv6 enabled in your snort
compile, it won't work... use var instead of ipvar...


------------------------------------------------------------------------------
uberSVN's rich system and user administration capabilities and model
configuration take the hassle out of deploying and managing Subversion and
the tools developers use with it. Learn more about uberSVN and get a free
download at:  http://p.sf.net/sfu/wandisco-dev2dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please see http://www.snort.org/docs for documentation





-- 
http://alexus.org/

------------------------------------------------------------------------------
uberSVN's rich system and user administration capabilities and model 
configuration take the hassle out of deploying and managing Subversion and 
the tools developers use with it. Learn more about uberSVN and get a free 
download at:  http://p.sf.net/sfu/wandisco-dev2dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please see http://www.snort.org/docs for documentation
Previous By Date Next
Previous By Thread Next

Current thread: