[Snort-users] Error while starting snort

Matt Kettler mkettler at ...4108...
Fri Apr 30 10:06:07 EDT 2004


At 10:15 AM 4/30/2004, François Delaby wrote:
>/etc/snort/snort.conf(390) Unable to create an IPSet from any
>
>line 380 to 390 of snort of conf:
>
>380     scanner-sliding-window 20 \
>         scanner-sliding-scale-factor 0.50 \
>         scanner-fixed-threshold 15 \
>         scanner-sliding-threshold 40 \
>         scanner-fixed-window 15 \
>         scoreboard-rows-scanner 30000 \
>         src-ignore-net $HOME_NET \
>         dst-ignore-net [10.0.0.0/30] \
>         alert-mode once \
>         output-mode msg \
>390     tcp-penalties on
>
>Any ideas?

What's your var HOME_NET declared to be? is it "any"?

I'd suggest redefining HOME_NET, or modifying  src-ignore-net. After all, 
what good is a preprocessor if you ignore packets from "any" source? 





More information about the Snort-users mailing list