[Snort-users] New Problem
foo_bar_00 at ...131...
Wed Apr 11 23:37:34 EDT 2001
Hey all, I'm still messing around with snort. I've
changed my snort.conf file to look like:
var HOME_NET $elxl0_ADDRESS
var EXTERNAL_NET !$HOME_NET
var SMTP X.X.X.X
var HTTP_SERVERS $HOME_NET
var SQL_SERVERS $HOME_NET
where X.X.X.X is a valid IP.
and I'm now starting snort with:
/usr/local/bin/snort -A fast -l /var/log/snortlogs -c
where /var/log/snortlogs DOES exist. Unfortunately,
when I start snort, it says it's initializing daemon
mode but dies. The error message in /var/adm/messages
Apr 11 20:34:01 MYHOST.MYNETWORK snort: [!]
ERROR: Bad value in variable definition!
Apr 11 20:34:01 MYHOST.MYNETWORK snort:
Make sure you don't have a "$" in the var name
I've tried using "var HTTP_SERVERS HOME_NET" (i.e.
without the $) but that didn't work. It DID work
before when I had !$HOME_NET for EXTERNAL_NET, but I
had 10.x.x.x numbers for HTTP and MYSQL.
I'm running Solaris 2.6 x86. Thanks for your help.
Do You Yahoo!?
Get email at your own domain with Yahoo! Mail.
More information about the Snort-users