[Snort-devel] [ snort-Bugs-733098 ] 2.0.0-bug: Variables don't expand within {}

SourceForge.net noreply at ...12...
Tue May 6 06:39:07 EDT 2003


Bugs item #733098, was opened at 2003-05-06 08:28
Message generated for change (Tracker Item Submitted) made by Item Submitter
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=103357&aid=733098&group_id=3357

Category: None
Group: None
Status: Open
Resolution: None
Priority: 5
Submitted By: Martin Olsson (elof)
Assigned to: Nobody/Anonymous (nobody)
Summary: 2.0.0-bug: Variables don't expand within {}

Initial Comment:
In my snort.conf I have specified:


  ...


  var SENSOR_NAME flash-01


  var DB_USER snort


  var DB_PASSWORD foo


  var DB_NAME gazonk


  var DB_HOST 10.0.0.50


  ...


  output database: log, mysql, user=$DB_USER 
password=$DB_PASSWORD dbname=$DB_NAME host=$DB_HOST 
sensor_name=$SENSOR_NAME


  ruletype bar


  {


    type alert


    output database: log, mysql, user=$DB_USER 
password=$DB_PASSWORD dbname=$DB_NAME host=$DB_HOST 
sensor_name=$SENSOR_NAME


  }


  ...




When I run 'snort -c /usr/sentor/etc/snort.conf -l /usr/sentor/log -T', the


output on stderr is terminated instead of showing me an 
errormessage.


  Running in IDS mode


  Log directory = /usr/sentor/log


  Initializing Network Interface ed1


        --== Initializing Snort ==--


  Initializing Output Plugins!


  Decoding Ethernet on interface ed1


  Initializing Preprocessors!


  Initializing Plug-ins!


  Parsing Rules file /usr/sentor/etc/snort.conf


  +++++++++++++++++++++++++++++++++++++++++++++++


  Initializing rule chains...


  Initializing Network Interface ed1      <--- this is the last output




Meanwhile syslogd has logged this:


  snort: FATAL ERROR: database: mysql_error: Unknown MySQL 
Server Host '$DB_HOST' (0)




The variables in the first "output database"-line in snort.conf was


expanded and parsed correctly. The error above is triggered by the 
second


instance of "output database", the one within the ruletype declaration.


Apparently variables aren't expanded within curly brackets ({}).




----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=103357&aid=733098&group_id=3357




More information about the Snort-devel mailing list