Snort mailing list archives
Re: $eth1_ADDRESS still a valid variable in 2.9.7.0?
From: "Joel Esler (jesler)" <jesler () cisco com>
Date: Tue, 17 Feb 2015 17:20:30 +0000
Unfortunately that disables everything that we test against with the ruleset. I suggest you not do that. On Feb 17, 2015, at 12:03 PM, Starner, Mark <mark.starner () unisys com<mailto:mark.starner () unisys com>> wrote: I retract my question. I configured “—enable-sourcefire” for the first time and found the comment in parser.c that said the $IF_ADDRESS variables are not defined if Sourcefire is enabled and snort is not running as root. So I recompiled without “—enable-sourcefire” and all is well. Maybe this will help anyone else who comes across this. Mark From: Starner, Mark [mailto:mark.starner () unisys com] Sent: Tuesday, February 17, 2015 11:33 AM To: snort-users () lists sourceforge net<mailto:snort-users () lists sourceforge net> Subject: [Snort-users] $eth1_ADDRESS still a valid variable in 2.9.7.0? I use $eth1_ADDRESS in one of my local rules, and when snort 2.9.7.0 starts, it says: ERROR: rules/local.rules(8) Undefined variable in the string: $eth1_ADDRESS. I think I encountered this with a previous upgrade, but I don’t recall how I resolved it. So 1) Is this still valid with 2.9.7.0? 2) If Yes, then what would cause this NOT to be defined (yes, I verified I have an eth1 and it has an IP address defined. Thanks Mark ------------------------------------------------------------------------------ Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration & more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=190641631&iu=/4140/ostg.clktrk_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net<mailto:Snort-users () lists sourceforge net> Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration & more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=190641631&iu=/4140/ostg.clktrk
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- $eth1_ADDRESS still a valid variable in 2.9.7.0? Starner, Mark (Feb 17)
- Re: $eth1_ADDRESS still a valid variable in 2.9.7.0? Starner, Mark (Feb 17)
- Re: $eth1_ADDRESS still a valid variable in 2.9.7.0? Joel Esler (jesler) (Feb 17)
- Re: $eth1_ADDRESS still a valid variable in 2.9.7.0? Starner, Mark (Feb 17)
- Re: $eth1_ADDRESS still a valid variable in 2.9.7.0? Al Lewis (allewi) (Feb 17)
- Re: $eth1_ADDRESS still a valid variable in 2.9.7.0? James Lay (Feb 17)
- Re: $eth1_ADDRESS still a valid variable in 2.9.7.0? Starner, Mark (Feb 17)
- Re: $eth1_ADDRESS still a valid variable in 2.9.7.0? Starner, Mark (Feb 17)
- Re: $eth1_ADDRESS still a valid variable in 2.9.7.0? Joel Esler (jesler) (Feb 17)
- Re: $eth1_ADDRESS still a valid variable in 2.9.7.0? Starner, Mark (Feb 17)