[Snort-users] snort 1.7 on suse6.3 quitting

jabacha jaba_cha at ...1823...
Sat Jun 2 19:15:34 EDT 2001


Paulie,

Hi.

I check my snort.conf and below are my current settings.

var HOME_NET 192.168.0.1/99
var SMTP 192.168.0.6
var HTTP_SERVERS 192.168.0.6
var SQL_SERVERS 192.168.0.6

I still keep getting the ERROR, and it quits, but I noticed today
that it didn't quit till after scram ran from my crontab... see..
log...

Jun  2 09:20:33 gemini -- MARK --
Jun  2 09:30:00 gemini /USR/SBIN/CRON[15554]: (root) CMD (cd /usr/local/bin/ ; sh sc
ram)
Jun  2 09:30:03 gemini snort: ERROR: Bad CIDR block [100:100], 1 to 32 please!

I now believe that it might be a scram script problem.... what scram
does is email me the portscan.log once daily and it creates a new
empty log file...

JC.

On Thu, 31 May 2001, you wrote:
> Greetings,
> 
> Sounds like you have a bad subnet in one of the config file variables,
> like $DNS_SERVERS.  Looks like it wants slash notation from /1-/32.
> 
> Paul
> 
> 
> On Thu, 31 May 2001, jabacha wrote:
> 
> > Hi,
> >
> > For some reason snort is quiting on me.. it's been running well so
> > far... but for the last week it's been quiting on it's own... can
> > anyone tell me what this means?
> >
> > May 31 09:30:02 gemini kernel: eth0: Promiscuous mode enabled.
> > May 31 09:30:02 gemini kernel: device eth0 left promiscuous mode
> > May 31 09:30:07 gemini snort: ERROR: Bad CIDR block [100:100], 1 to 32 please!�
> >
> > Any help would be appreciated...
> >
> > Thanks,
> >
> > JC
> >
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > Go to this URL to change user options or unsubscribe:
> > http://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list
> >




More information about the Snort-users mailing list