[Snort-users] Variable errors using snort 1.8.2...

Bob Hillegas bobhillegas at ...3133...
Tue Nov 13 10:54:02 EST 2001


I just upgraded to snort-1.8.2 and the current rule set. After diff'ing my
oldsnort.conf vs newsnort.conf and adjusting necessary lines, I run into
the following error messages.

command line:
snort -Tv -c /etc/snort/snort.conf

...[snip]...
[!] ERROR /etc/snort/snort.conf (47): Bad value in variable definition!
       Make sure you don't have a "$" in the var name
Fatal Error, quitting..
...[snip]...

Line 47 of snort.conf is:

var HOME_NET $ppp0_ADDRESS

This looks legit to me and worked fine in snort-1.8.1.

Since I'm game, I removed the '$', yielding the following:

var HOME_NET ppp0_ADDRESS

Now when I execute the same command line, it goes much further before
erroring out:

...[snip]...
ERROR /etc/snort/snort.conf (228) => Couldn't resolve hostname
ppp0_ADDRESS
Fatal Error, Quitting..
...[snip]...

Line 228 in snort.conf is:

preprocessor portscan: $HOME_NET 4 3 portscan.log

This is simply caused by the absence of the '$' in line 47.

What's going on?
Thanks for looking this over, BobH

-- 
-------------------------------------------------
Bob Hillegas
<bobhillegas at ...3133...>
281.546.9311






More information about the Snort-users mailing list