[Snort-devel] snort-1.8-RELEASE: eth0_ADDRESS substitution
s.carstens at ...578...
Mon Jul 30 10:53:00 EDT 2001
freshly loaded and installed snort-1.8-RELEASE with database support.
Used standard install method with
HOME_NET = eth0_ADDRESS
and everything went really weird.
- logging only some alerts to a file (alert_full)
- logging nothing to portscan.log (spp_portscan)
- only spp_stream4 logging to database
While heavily messing around I got something like that in /var/log/messages:
snort: FATAL ERROR: ERROR /etc/snort/snort-lib (222) => Rule netmask (220.127.116.11,eth0:0_ADDRESS) didn't x-late, WTF?
Now I know that the substitution eth0:0_ADDRESS won't work but the real eye-opener
is that my IP-Adress is nowhere near to 18.104.22.168.
Setting the IP-Adresses by hand into the config-file and everything works perfect.
libpcapn-0.4a6-285 (original SuSE package)
More information about the Snort-devel