[Snort-users] Slight Problem

Steve Halligan agent33 at ...187...
Mon Oct 9 11:38:01 EDT 2000


Loose that "." in the variable name for your home net.

> -----Original Message-----
> From: John Paul Martin [mailto:jpmartin at ...601...]
> Sent: Monday, October 09, 2000 12:16 PM
> To: snort-users at lists.sourceforge.net
> Subject: [Snort-users] Slight Problem
> Importance: High
> 
> 
> Hello fellow snorters!
> I'm new to the list and I've got a slight problem. I've been 
> hashing out all
> of the rules file, but keep getting this error  when I run 
> the following:
> 
> /usr/sbin/snort -c /etc/snort/10042k.rules -i eth0 -l 
> /var/log/snort -d -A
> fast -v
> 
> THE ERROR:
> Initializing rule chains...
> ERROR /etc/snort/10042k.rules (31) => No netmask specified 
> for IP address
> 
> Here is a snipit, IP's XXX'd out, of my rules file. Does anything look
> wrong?
> 
> #---------------------------------------------
> # http://www.snort.org     Snort 1.6.3 Ruleset
> #    Current Database Updated -- 10/04/2000
> #Contact:  Jim Forster - jforster at ...176...
> #---------------------------------------------
> 
> preprocessor http_decode: 80 443 8080
> preprocessor minfrag: 128
> preprocessor portscan: xx.xx.xxx.xxx/24  3 5 
> /var/log/snort_portscan.log
> #                      ^^^^^^^^^^^    ^ ^ ^^^^^^^^^^^^^^^^^^^^^^^^^^^
> #                               |     | |              |
> #Your IP address or Network here+     | |              |
> #                                     | |              |
> #Ammount of ports being connected-----+ |              |
> #   in this                             |              |
> #Interval (in seconds)------------------+              |
> #                                                      |
> #Log file (path/name)----------------------------------+
> 
> #preprocessor portscan-ignorehosts: Hosts to ignore in 
> portscan detection
> 
> #---------------------------------------------
> # CHANGE THE NEXT LINE TO REFLECT YOUR NETWORK
> # (Single system = your ip/32)
> var mynet.net xx.xx.xxx.xxx/24
> #---------------------------------------------
> 
> 
> Thanks in advance and please pardon my ignorance,
> John Paul Martin
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> http://lists.sourceforge.net/mailman/listinfo/snort-users
> 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20001009/90d57954/attachment.html>


More information about the Snort-users mailing list