Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Snort 3 rule variables

From: Aurimas Rudinskis <arudinskis () gmail com>
Date: Tue, 22 Dec 2015 10:16:05 +0200
Hi,

I have some custom Snort 2.9.x rules which I've converted to Snort3-a3
using snort2lua. When running "snort -c /etc/snort/snort.lua -R
/etc/snort/rules/global.lua" I'm getting errors about "Undefined variable
in the string". All variables used in the rules are described in snort.lua
configuration.

Rules:
pass udp $QUALYS any -> $HOME_NET any ( msg:"False Positive - Qualys
Internal Scanner IP"; sid:5000005; rev:1; )
pass tcp $QUALYS any -> $HOME_NET any ( msg:"False Positive - Qualys
Internal Scanner IP"; sid:5000006; rev:1; )

Variable QUALYS in snort.lua:
QUALYS = [[ 1.2.3.4 1.3.4.5 ]]

Errors:
ERROR: /etc/snort/rules/global.lua:29 Undefined variable in the string:
$QUALYS.
ERROR: /etc/snort/rules/global.lua:30 Undefined variable in the string:
$QUALYS.

Do I need to add variables to Snort 3 rules? How to solve this?

-- 
LinkÄ—jimai/Regards,
*Aurimas Rudinskis*

------------------------------------------------------------------------------

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: