Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: SNORT + PulledPork: FATAL ERROR: ... Invalid configuration line

From: RŌNIN <correo.cuervo () gmail com>
Date: Sun, 21 Dec 2014 08:30:29 -0500
Hi to everyone:

I've changed snort.conf file:

[root@snortest ~]# grep -ir "black" /etc/snort/snort.conf
#var BLACK_LIST_PATH ../rules
var BLACK_LIST_PATH /etc/snort/rules
  blacklist $BLACK_LIST_PATH/black_list.rules
include $RULE_PATH/black_list.rules

And now SNORT is running:

[root@snortest ~]# service snortd start
Starting snort: Spawning daemon child...
My daemon child 1366 lives...
Daemon parent exiting (0)
                                                           [  OK  ]
[root@snortest ~]# tail -f /var/log/messages
Dec 21 08:21:29 centos6 snort[1366]:            Preprocessor Object:
SF_REPUTATION  Version 1.1  <Build 1>
Dec 21 08:21:29 centos6 snort[1366]:            Preprocessor Object:
SF_SIP  Version 1.1  <Build 1>
Dec 21 08:21:29 centos6 snort[1366]:            Preprocessor Object:
SF_SSLPP  Version 1.1  <Build 4>
Dec 21 08:21:29 centos6 snort[1366]:            Preprocessor Object:
SF_DNS  Version 1.1  <Build 4>
Dec 21 08:21:29 centos6 snort[1366]:            Preprocessor Object:
SF_SMTP  Version 1.1  <Build 9>
Dec 21 08:21:29 centos6 snort[1366]:            Preprocessor Object:
SF_DCERPC2  Version 1.0  <Build 3>
Dec 21 08:21:29 centos6 snort[1366]:            Preprocessor Object:
SF_GTP  Version 1.1  <Build 1>
Dec 21 08:21:29 centos6 snort[1366]:            Preprocessor Object:
SF_SSH  Version 1.1  <Build 3>
Dec 21 08:21:29 centos6 snort[1366]:            Preprocessor Object:
SF_DNP3  Version 1.1  <Build 1>
Dec 21 08:21:29 centos6 snort[1366]: Commencing packet processing (pid=1366)

[root@snortest ~]# grep -ir "black" /etc/snort/pulledpork.conf
# NEW For IP Blacklisting! Note the format is urltofile|IPBLACKLIST|<oinkcode>
# This format MUST be followed to let pulledpork know that this is a blacklist
rule_url=http://labs.snort.org/feeds/ip-filter.blf|IPBLACKLIST|open
# want to tell pulledpork where your blacklist file lives, PP automagically will
black_list=/etc/snort/rules/blacklist.rules
# This should be the same path where your black_list lives!

Must I change something in pulledpork.conf file or not?

A lot of thanks by your help!.

------------------------------------------------------------------------------
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration & more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: