Snort mailing list archives
Re: Startup error post-package install
From: "Joel Esler (jesler)" <jesler () cisco com>
Date: Sat, 28 Feb 2015 05:38:25 +0000
On Feb 26, 2015, at 2:34 PM, Y M <snort () outlook com<mailto:snort () outlook com>> wrote:
ERROR: /etc/snort/rules/community-virus.rules(19) !any is not allowed: !$DNS_SERVERS. Fatal Error, Quitting..
This error is due to the fact that $DNS_SERVERS variable is defined as any, however, you have a rule in "community-virus.rules" that looks for IP addresses that are "not" in $DNS_SERVERS by using the deny operator "!"; i.e.: the rules is negating any, which is not an IP address. This is not a Snort error per se, you need to define the IP addresses that should go into $DNS_SERVERS, $HOME_NET, etc so that when the negation takes place, it negates IP addresses and not the keyword any. community-virus.rules? We’ve not produced that rule file in <checks the logs> Heck, I deleted the file from our build system 23 months ago… Last rule that was added to it was 8 years and 4 months ago… We have a totally new community rules file system now, it’s available for download here: https://www.snort.org/downloads -- Joel Esler Open Source Manager Threat Intelligence Team Lead Talos Security Intelligence and Research Group
------------------------------------------------------------------------------ Dive into the World of Parallel Programming The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Startup error post-package install Research (Feb 26)
- Re: Startup error post-package install James Lay (Feb 26)
- Re: Startup error post-package install Research (Feb 26)
- Re: Startup error post-package install James Lay (Feb 26)
- Re: Startup error post-package install Research (Feb 26)
- Re: Startup error post-package install Y M (Feb 26)
- Re: Startup error post-package install Research (Feb 26)
- Re: Startup error post-package install James Lay (Feb 26)
- Re: Startup error post-package install Research (Feb 26)
- Re: Startup error post-package install Research (Feb 26)
- Re: Startup error post-package install Joel Esler (jesler) (Feb 27)
- Re: Startup error post-package install Research (Feb 28)
- Re: Startup error post-package install Joel Esler (jesler) (Feb 28)
- Re: Startup error post-package install James Lay (Feb 26)