[Snort-users] Errors starting Snort...

Nigel Houghton nigel at ...1935...
Tue Nov 2 08:14:23 EST 2004


On  0, snort-users-request at lists.sourceforge.net allegedly wrote:

>    2. RE: Errors starting Snort... (M. Shirk)
 
> --__--__--
> 
> Message: 2
> From: "M. Shirk" <shirkdog_linux at ...125...>
> To: snort-users at lists.sourceforge.net
> Subject: RE: [Snort-users] Errors starting Snort...
> Date: Mon, 01 Nov 2004 12:36:54 -0500
> 
> >From: Lorenzo Rossi <condor_rl at ...2470...>
> >Reply-To: condor_rl at ...2470...
> >To: snort-users at lists.sourceforge.net
> >Subject: [Snort-users] Errors starting Snort...
> >Date: Mon, 1 Nov 2004 17:35:19 +0100
> >
> >Nov  1 17:04:10 europa snort: /etc/snort/snort.eth0.conf(357) Unable to
> >create an IPSet from [any]
> 
> Check your HOME_NET and EXTERNAL_NET variables in your snort.eth0.conf, and 
> make sure they do not say:
> 
> EXTERNAL_NET [any]
> 
> It should say this:
> 
> EXTERNAL_NET any
> 
> 
> Shirkdog

Actually, you may want to make it:

 var EXTERNAL_NET !$HOME_NET

You will get better results in the long run. Assuming of course that the
HOME_NET variable is *NOT* set to "any".
 
+-----------------------------------------------------------------+
    Nigel Houghton      Research Engineer       Sourcefire Inc.
                  Vulnerability Research Team

 Cat: "Forget red - let's go all the way up to brown alert!"
 Kryten: "There's no such thing as a brown alert sir."
 Cat: "You won't be saying that in a minute!"




More information about the Snort-users mailing list