[Snort-users] Libnet & 'resp'
brent at ...2359...
Wed Jun 20 18:35:09 EDT 2001
On Wed, Jun 20, 2001 at 02:14:32PM -0700, Joe McAlerney wrote:
> Hello Brent,
> Make sure you configure snort with the --enable-flexresp tag, then
> recompile. Post back if you still have problems.
> -Joe M.
> | Joe McAlerney joey at ...155... |
> | Silicon Defense - Technical Support for Snort |
> | http://www.silicondefense.com/ |
> +-- --+
Thanks for your prompt answer. This is a bit difficult, as there is
no compiler on this box. I tried compiling it on a different machine
(after installing libpcap, etc), but I'm having some troubles; the
"configure" script automatically selects 'gcc'. How do I choose Sun's
Does anyone know of a (preferably statically linked) binary package
for Solaris that has the --enable-flexresp option turned on?
> Brent Kearney wrote:
> > Hello,
> > I have installed Libnet 1.0.2a on a solaris 2.7 box that is
> > running snort 1.7. After adding a rule,
> > alert tcp $EXTERNAL_NET any -> $HOME_NET 515 (logto:"/var/log/snort/lp.log"; resp:rst_all,icmp_port; msg:"l
> > p service is protected. Connection attempt logged.";)
> > Snort refuses to start:
> > snort -A full -c /usr/local/etc/snort.conf -i le0 -l /var/log/snort -v
> > --== Initializing Snort ==--
> > Initializing Network Interface le0
> > Decoding Ethernet on interface le0
> > Initializing Preprocessors!
> > Initializing Plug-ins!
> > Initializating Output Plugins!
> > +++++++++++++++++++++++++++++++++++++++++++++++++++
> > Initializing rule chains...
> > ERROR: /usr/local/etc/snort.conf (77) => Unknown keyword "resp" in rule!
> > Any suggestions would be appreciated. Please CC: brent at ...2359...,
> > because I'm not on the list.
> > Thanks,
> > -Brent
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > Go to this URL to change user options or unsubscribe:
> > http://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
More information about the Snort-users