[Snort-users] help...initializing snort

Michael Packer pac at ...572...
Thu Oct 5 10:02:46 EDT 2000


I'm trying to setup Snort v1.6 (will move to 1.6.3 later)

i installed from the rpm under redhat 6.2

when i run snort -v i get lots of data going through...

i've put the rules file i got from the web in /etc/snort as 10500.txt
(there are already a bunch of files in there: backdoor-lib, misc-lib

when i try to run snort with the following:

snort -h -d -A fast -c /etc/snort/10500.txt -p -s -i eth1 i always
get this error:

ERROR line /etc/snort/10500.txt (13) => Unknown rule type ((null))

well line 13 of that file is:

a blank line.

there are 3 lines above it (preprocessor lines) and then a bunch of comments..this
is actually the first few lines of 10500.txt
with my ip address changed of course...

preprocessor http_decode: 80 443 8080
preprocessor minfrag: 128
preprocessor portscan: 3 5 /var/log/snort_portscan.log
#                      ^^^^^^^^^^^    ^ ^ ^^^^^^^^^^^^^^^^^^^^^^^^^^^
#                               |     | |              |
#Your IP address or Network here+     | |              |
#                                     | |              |
#Ammount of ports being connected-----+ |              |
#   in this                             |              |
#Interval (in seconds)------------------+              |
#                                                      |
#Log file (path/name)----------------------------------+

#preprocessor portscan-ignorehosts: Hosts to ignore in portscan detection

can anyone help???


FREE voicemail, email, and fax...all in one place.
Sign Up Now! http://www.onebox.com

More information about the Snort-users mailing list