[Snort-devel] Variable names are expanded in threshold.conf comments

Steven Sturges steve.sturges at ...402...
Fri Dec 1 10:52:36 EST 2006


Hi Ian--

The snort parser does not handle comments at the end of line
very well... This is a known issue.  Try moving the # IPC$
to the previous line as a comment.

Cheers.
-steve

Ian Chard wrote:
> Hi,
> 
> I had this line in my threshold.conf file:
> 
> suppress gen_id 1, sig_id 2466, track by_src, ip 163.1.62.0/24  # IPC$
> access
> 
> ...and snort failed to start:
> 
> 	ERROR: Undefined variable name: (threshold.conf:90):
> 
> Presumably the '$' is being interpreted as the prefix to a variable
> name, even though it's in a comment.  I removed it and snort started
> successfully.
> 
> Apologies if this is already known about.
> 
> Cheers
> - Ian
> 





More information about the Snort-devel mailing list