[Snort-users] Problem after snort upgrade

Le Pesant, Pascal plepesant at ...12977...
Tue Feb 1 12:21:03 EST 2005


After upgrading snort to 2.3.0 (was 2.1.x):

I get the following error when starting snort:

# snort -c /etc/snort/snort.conf
Running in IDS mode

Initializing Network Interface eth0

        --== Initializing Snort ==--
Initializing Output Plugins!
Decoding Ethernet on interface eth0
Initializing Preprocessors!
Initializing Plug-ins!
Parsing Rules file /etc/snort/snort.conf

+++++++++++++++++++++++++++++++++++++++++++++++++++
Initializing rule chains...
ERROR: /etc/snort/snort.conf(43) => NULL rule type
Fatal Error, Quitting..

Also, I am relatively new in the linux world, and I want to know if I
used the right way to make the upgrade.
I did the snort install by following Patrick Harper's Snort Install
Manual on RH9.0 with snort 2.1.3 with Apache, PHP, MySQl and ACID.

Today I upgraded to 2.3.0 doing the following steps:
Backup /etc/snort/
# gzip-d -d -c snort-2.3.0.tar.gz | tar xvf -
# ./configure
# make
# make install

Copy new *.rules, *.conf, *.config, *.map to /etc/snort/
Re-customize new snort.conf based on the old one.

Do I need to do more steps to finish the upgrade ? If yes can it be the
reason why I have the previously explained error ? Thanks !

PLP




More information about the Snort-users mailing list