[Snort-users] var HOME_NET under Linux

Thomas Bechtold CharlieBlue at ...348...
Fri Jun 27 03:05:11 EDT 2003


Hi,
What you wiht replace eth0? eth0 _is_ my Interface.
I use now the standard-config file and ony edit the line with the var HOME_NET
Now i have the following line in my snort.conf

var HOME_NET $eth1_ADDRESS

eth1 is up and have 192.168.1.1 as IP-Adress

When i start snort with 'snort -c /etc/snort/snort.conf' i get the following 
error

server:~# snort -c /etc/snort/snort.eth1.conf
Running in IDS mode
Log directory = /var/log/snort

Initializing Network Interface ppp0

        --== Initializing Snort ==--
Initializing Output Plugins!
Decoding raw data on interface ppp0
Initializing Preprocessors!
Initializing Plug-ins!
Parsing Rules file /etc/snort/snort.eth1.conf

+++++++++++++++++++++++++++++++++++++++++++++++++++
Initializing rule chains...
ERROR: Undefined variable name: (/etc/snort/snort.eth1.conf:47): eth1_ADDRESS
Fatal Error, Quitting..
server:~#

Whats wrong with this snort.conf?

Tom


On Monday 23 June 2003 22:12, Erek Adams wrote:
> <interface_name>_ADDRESS is builtin to Snort.  It will automagically get
> the IP and insert it in place.
>
> All you need is:
>
> 	var HOME_NET $eth0_ADDRESS
>
> Where you repleace eth0 for your interface.
>
> Cheers!
>
> -----
> Erek Adams
>
>    "When things get weird, the weird turn pro."   H.S. Thompson





More information about the Snort-users mailing list