[Snort-users] Startup Problem

eric-dated-1083277626.193075aa63e273 at ...11523... eric-dated-1083277626.193075aa63e273 at ...11523...
Sat Apr 3 10:33:04 EST 2004


I'm having a startup problem here with snort..the error message I
get is the following...

 Apr  3 12:12:16 pluto snort: FATAL ERROR:
 /var/snort/etc/snort.conf(34) => Invalid configuration token
 'server'.  The first configuration must start with a 'global'
 configuration type.

This is when I try to start snort with the following syntax.

 # /var/snort/bin/snort -c /var/snort/etc/snort.conf \
   -i em1 -Cbd -t /var/snort -l /var/snort/log/em1

My configuration looks like this -- any assistance is appreciated.

var HOME_NET 10.1.1.0/24
var EXTERNAL_NET any !$HOME_NET
var SMTP_SERVERS $HOME_NET
var HTTP_SERVERS $HOME_NET
var SQL_SERVERS $HOME_NET
var TELNET_SERVERS $HOME_NET
var SNMP_SERVERS $HOME_NET
var HTTP_PORTS 80
var SHELLCODE_PORTS !80
var ORACLE_PORTS 1521 1523
var RULE_PATH /var/snort/rules

config umask: 027
config daemon
config dump_payload
config set_uid: 5000
config set_gid: 5000
config alert_with_interface_name
config disable_decode_alerts
config show_year
config quiet
config disable_tcpopt_experimental_alerts
config disable_tcpopt_obsolete_alerts
config disable_tcpopt_ttcp_alerts
config disable_tcpopt_alerts
config disable_ipopt_alerts

preprocessor http_inspect_server: \
        server default \
        profile all \
        ports { 80 8080 3128 } \
        no_alerts

preprocessor flow: \
        memcap 16777216 \
        stats_interval 0 \
        hash 1

include $RULE_PATH/local.rules
include classification.config
include reference.config

Thanks.

- Eric




More information about the Snort-users mailing list