[Snort-devel] Snort parse bug for $HOME_NET

Martin Roesch roesch at ...402...
Fri Oct 26 15:08:03 EDT 2001


I tried your configuration on my OpenBSD 2.9 setup with build 85 and was
unable to recreate the problem.  Please check to make sure that you're
looking at the correct line in the snort.conf file (the number in the
parenthesis in the error message).  The way you're using it is correct,
so I'm not sure what to tell you.  Also make sure you don't have a path
issue by running a "snort -V" and making sure you're running the version
of Snort you think you are...

     -Marty

"Vazquez, Ed" wrote:
> 
> OK on:
> 
> OpenBSD 2.9
> Snort Version 1.8.2-beta0 (Build 84)
> --and--
> Snort Version 1.8.1-RELEASE
> 
> If I attempt to configure more than one address/network
> in:
> HOME_NET or EXTERNAL_NET
> by using the documented format of:
> 
> var HOME_NET [10.0.0.0/8,204.132.208.0/24]
> 
> I get the following error on attempting to start Snort:
> 
> ERROR /etc/snort/snort.conf (33) => Rule IP addr ([10.0.0.0) didn't
> x-late, WTF?
> Fatal Error, Quitting..
> 
> So, the question begs itself:
> 
> What is the proper way to configure multiple addresses/networks?
> 
> If the document is correct, then the either Snort has an issue,
> or is calling a function that is not generating the expected output.
> 
> --
> Ed Vázquez
> 
> No, no.  That must be a different boy with the same name.
> This one is still dying.  I just got the email about it last week!
> 
>   ------------------------------------------------------------------------
>                             Name: DHHA Email Policy.txt
>    DHHA Email Policy.txt    Type: Plain Text (text/plain)
>                         Encoding: 7bit

--
Martin Roesch - President, Sourcefire Inc. - (410)552-6999
roesch at ...402... - http://www.sourcefire.com  
Snort: Open Source Network IDS - http://www.snort.org




More information about the Snort-devel mailing list