[Snort-users] Snort IGNORES var HOME_NET

Vadim Pushkin wiskbroom at ...125...
Wed May 8 13:16:35 EDT 2002


My apologies to the list, I had a mismatch in versions for
rules vs my config file. All seems OK now except for my var
definition of my HTTP_SERVERS, I will post another msg
separately.

Thanks,

V


>From: Matt Kettler <mkettler at ...4108...>
>To: "Vadim Pushkin" <wiskbroom at ...125...>
>CC: l at ...5805...@lists.sourceforge.net
>Subject: Re: [Snort-users] Snort IGNORES var HOME_NET
>Date: Wed, 08 May 2002 14:13:27 -0400
>
>Could you show the exact line you used for var EXTERNAL_NET?
>
>Did you accidentally forget the $ in the EXTERNAL_NET line?
>
>You should have this:
>
>var HOME_NET [192.168.1.0/24,10.10.0.0/16]
>
>var EXTERNAL_NET !$HOME_NET
>
>
>I suspect (educated guess only) that you have this:
>
>var EXTERNAL_NET !HOME_NET
>
>Which is not the same.
>
>I did this on my setup and it works fine:
>
>var HOME_NET [10.xx.0.0/16,192.168.xx.0/24,192.168.xx.0/24,192.168.xx.0/24]
>
>var EXTERNAL_NET !$HOME_NET
>
>Pardon the xx's, hiding some minor details about the inside of my network
>which really don't need to be hidden, but I'm using a little bit of 
>paranoia.
>
>At 02:15 PM 5/8/2002 +0000, Vadim Pushkin wrote:
>>I've done this, and defined my HOME_NET to be
>>the following:
>>
>>var HOME_NET [192.168.1.0/24,10.10.0.0/16]
>>
>>And I now get:
>>
>>May  8 10:06:21 hostname-1 snort: FATAL ERROR: ERROR
>>/snort/rules/bad-traffic.rules (11) => Couldn't resolve hostname HOME_NET
>


_________________________________________________________________
Join the world’s largest e-mail service with MSN Hotmail. 
http://www.hotmail.com





More information about the Snort-users mailing list