[Snort-users] Again, bBrackets around 1st varible in snort.conf
erek at ...577...
Mon Sep 3 11:38:02 EDT 2001
On Mon, 3 Sep 2001, Randy wrote:
> OK - by request, here's my snort.conf with the net numbers edited out.
> "snort: FATAL ERROR: ERROR /etc/snort/exploit.rules (6) => Rule IP addr
> ([188.8.131.52) didn't x-late, WTF?"
Ok, from that snippet above, It looks like you're not placing brackets around
all of it. It seems to only be seeing the first of the brackets.
On my box:
var HOME_NET [10.10.0.0/24,10.10.10.0/24]
var EXTERNAL_NET !$HOME_NET
--== Initialization Complete ==--
-*> Snort! <*-
Version 1.8.1-RELEASE (Build 77)
By Martin Roesch (roesch at ...1935..., www.snort.org)
A few things:
* Make sure on what snort you're _really_ running. Use snort -V to
check the version.
* Make sure the version you're calling really is the right one. Very
easy to boff if you're trying to setup chroot'ed jails.
* Instead of trying the vision.conf setup, try the standard ones from
the snort-1.8.1-RELEASE tarball. cp *.rules /wherever/they/live/
* Find is your friend. cd / ; find . -type f -name snor\* -print
That should help make sure about some of the above points.
We're not saying you're crazy--It's just that others are doing this, and it
works.... So it looks to be something local to your setup.
Hope this helps!
More information about the Snort-users