[Snort-users] trouble starting snort

Carstensen Nicholas Contractor USTC Nicholas.Carstensen at ...12424...
Mon Sep 13 12:42:06 EDT 2004


Did you try inclosing x.x.x.0/24 in [ ] brackts?

 

-----Original Message-----
From: Larry Wichman [mailto:larrywichman at ...131...] 
Sent: Monday, September 13, 2004 1:04 PM
To: Truax, Shawn (MBS); snort-users at lists.sourceforge.net
Subject: RE: [Snort-users] trouble starting snort

 

It looks like Snort is expecting something right after var HOME_NET
x.x.x.0/24. I moved it to the top line and now I get an error for line
2. 

"Truax, Shawn (MBS)" <Shawn.Truax at ...8509...> wrote: 

Hi Larry,

 

Looks like line 44 in your snort.conf has a typo or something missing in
it.  Check that line and if you still can't see an issue post up the 10
lines before and after that section.

 

Shawn Truax
Sr. Security Specialist
Corporate Security
155 University Ave.
Toronto, Ontario
M5H 3B7
(416)327-1107

	-----Original Message-----
	From: Larry Wichman [mailto:larrywichman at ...131...]
	Sent: September 13, 2004 12:27 PM
	To: snort-users at lists.sourceforge.net
	Subject: [Snort-users] trouble starting snort

	I am having trouble starting Snort. Can someone tell me what I
am doing wrong?

	 

	I am trying to start snort with the following command:

	 snort -dev -c /etc/snort/snort.conf -i eth0

	here is the output and error:

	 

	Running in IDS mode

	Log directory = /var/log/snort

	 

	Initializing Network Interface eth0

	OpenPcap() device eth0 network lookup:

	        eth0: no IPv4 address assigned

	 

	        --== Initializing Snort ==--

	Initializing Output Plugins!

	Decoding Ethernet on interface eth0

	Initializing Preprocessors!

	Initializing Plug-ins!

	Parsing Rules file /etc/snort/snort.conf

	 

	+++++++++++++++++++++++++++++++++++++++++++++++++++

	Initializing rule chains...

	ERROR: /etc/snort/snort.conf(44) => NULL rule type

	Fatal Error, Quitting..

	 

	here is part of my snort.conf:

	 

	 

	 

	#   http://www.snort.org     Snort 2.1.0 Ruleset

	#     Contact: snort-sigs at lists.sourceforge.net

	#--------------------------------------------------

	# $Id: snort.conf,v 1.133.2.3 2004/02/25 16:52:51 jh8 Exp $

	#

	###################################################

	# This file contains a sample snort configuration.

	# You can take the following steps to create your own custom
configuration:

	#

	#  1) Set the network variables for your network

	#  2) Configure preprocessors

	#  3) Configure output plugins

	#  4) Customize your rule set

	#

	###################################################

	# Step #1: Set the network variables:

	#

	# You must change the following variables to reflect your local
network. The

	# variable is currently setup for an RFC 1918 address space.

	#

	# You can specify it explicitly as:

	#

	# var HOME_NET 10.1.1.0/24

	#

	# or use global variable $<interfacename>_ADDRESS which will be
always

	# initialized to IP address and netmask of the network interface
which you run

	# snort at.  Under Windows, this must be specified as

	# $(<interfacename>_ADDRESS), such as:

	# $(\Device\Packet_{12345678-90AB-CDEF-1234567890AB}_ADDRESS)

	#

	# var HOME_NET $eth0_ADDRESS

	#

	# You can specify lists of IP addresses for HOME_NET

	# by separating the IPs with commas like this:

	#

	# var HOME_NET [10.1.1.0/24,192.168.1.0/24]

	#

	# MAKE SURE YOU DON'T PLACE ANY SPACES IN YOUR LIST!

	#

	# or you can specify the variable to be any IP address

	# like this:

	var HOME_NET x.x.x.0/24

	 

	# Set up the external network addresses as well.  A good start
may be "any"

	var EXTERNAL_NET any

	 

	output database: log, mysql, user=root password=xxxxxx
dbname=xxxx host=x.x.x.x

	 

	# Configure your server lists.  This allows snort to only look
for attacks to

	# systems that have a service up.  Why look for HTTP attacks if
you are not

	# running a web server?  This allows quick filtering based on IP
addresses

	# These configurations MUST follow the same configuration scheme
as defined

	# above for $HOME_NET.

	 

	# List of DNS servers on your network

	# var DNS_SERVERS $HOME_NET

	 

	# List of SMTP servers on your network

	var SMTP_SERVERS $HOME_NET

	# Configure your service ports.  This allows snort to look for
attacks destined

	# to a specific application only on the ports that application
runs on.  For

	# example, if you run a web server on port 8081, set your
HTTP_PORTS variable

	# like this:

	 

	Cheers,
	Lawrence A. Wichman
	2719 W Thomas
	Apt 2
	Chicago
	Il, 60622
	773.807.7606
	
  _____  


	Do you Yahoo!?
	New and Improved Yahoo! Mail
<http://us.rd.yahoo.com/mail_us/taglines/10/*http:/promotions.yahoo.com/
new_mail/static/efficiency.html>  - Send 10MB messages!

S

Cheers,
Lawrence A. Wichman
2719 W Thomas
Apt 2
Chicago
Il, 60622
773.807.7606
  _____  


Do you Yahoo!?
Yahoo! Mail is new and improved - Check it out!
<http://us.rd.yahoo.com/mail_us/taglines/new/*http:/promotions.yahoo.com
/new_mail> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20040913/19f0ba86/attachment.html>


More information about the Snort-users mailing list