Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: snort3: Active: active.device is mandatory

From: "Russ Combs \(rucombs\) via Snort-devel" <snort-devel () lists snort org>
Date: Tue, 15 Oct 2019 12:46:43 +0000
That error indicates that you have something configured which requires active support which is not the case for a 
default config.  Apart from active.max_responses, dce_smb.smb_file_inspection and react, reject, or rewrite rules will 
attempt to enable responses.  These internal enables will possibly go away but for now you need to update your config.

From: Snort-devel <snort-devel-bounces () lists snort org> on behalf of Meridoff via Snort-devel <snort-devel () lists 
snort org>
Reply-To: Meridoff <oagvozd () gmail com>
Date: Tuesday, October 15, 2019 at 7:12 AM
To: "snort-devel () lists snort org" <snort-devel () lists snort org>
Subject: Re: [Snort-devel] snort3: Active: active.device is mandatory

Currently if I not cofigured active {}, using defaults for example I have such thing in log:

" FATAL ERROR: Active response: can't open "


вт, 15 окт. 2019 г. в 14:08, Meridoff <oagvozd () gmail com<mailto:oagvozd () gmail com>>:
Hello, if I not configured active.device we have in Active::open (char *dev) :

    if ( dev && strcasecmp(dev, "ip") )
    {
        s_link = eth_open(dev);
...
So here we trying to eth_open for empty device.

May be change for that if no device specifed - we using "ip":

For example:
    if ( dev && strlen(dev)  && strcasecmp(dev, "ip") )
    {
        s_link = eth_open(dev);

...

_______________________________________________
Snort-devel mailing list
Snort-devel () lists snort org
https://lists.snort.org/mailman/listinfo/snort-devel

Please visit http://blog.snort.org for the latest news about Snort!
Previous By Date Next
Previous By Thread Next

Current thread: