[Snort-users] Snort Error - Couldn't resolve hostname HOME_NET

Darksun8 drksun at ...11827...
Tue Feb 1 18:05:00 EST 2005


[root at ...274... snort]# snort -c /etc/snort/snort.conf &
[1] 3249
[root at ...274... snort]# Running in IDS mode
Log directory = /var/log/snort

Initializing Network Interface eth0

       --== Initializing Snort ==--
Initializing Output Plugins!
Decoding Ethernet on interface eth0
Initializing Preprocessors!
Initializing Plug-ins!
Parsing Rules file /etc/snort/snort.conf

+++++++++++++++++++++++++++++++++++++++++++++++++++
Initializing rule chains...
,-----------[Flow Config]----------------------
| Stats Interval:  0
| Hash Method:     2
| Memcap:          10485760
| Rows  :          4099
| Overhead Bytes:  16400(%0.16)
`----------------------------------------------
No arguments to frag2 directive, setting defaults to:
   Fragment timeout: 60 seconds
   Fragment memory cap: 4194304 bytes
   Fragment min_ttl:   0
   Fragment ttl_limit: 5
   Fragment Problems: 0
   Self preservation threshold: 500
   Self preservation period: 90
   Suspend threshold: 1000
   Suspend period: 30
Stream4 config:
   Stateful inspection: ACTIVE
   Session statistics: INACTIVE
   Session timeout: 30 seconds
   Session memory cap: 8388608 bytes
   State alerts: INACTIVE
   Evasion alerts: INACTIVE
   Scan alerts: INACTIVE
   Log Flushed Streams: INACTIVE
   MinTTL: 1
   TTL Limit: 5
   Async Link: 0
   State Protection: 0
   Self preservation threshold: 50
   Self preservation period: 90
   Suspend threshold: 200
   Suspend period: 30
Stream4_reassemble config:
   Server reassembly: INACTIVE
   Client reassembly: ACTIVE
   Reassembler alerts: ACTIVE
   Zero out flushed packets: INACTIVE
   flush_data_diff_size: 500
   Ports: 21 23 25 53 80 110 111 143 513 1433
   Emergency Ports: 21 23 25 53 80 110 111 143 513 1433
HttpInspect Config:
   GLOBAL CONFIG
     Max Pipeline Requests:    0
     Inspection Type:          STATELESS
     Detect Proxy Usage:       NO
     IIS Unicode Map Filename: /etc/snort/unicode.map
     IIS Unicode Map Codepage: 1252
   DEFAULT SERVER CONFIG:
     Ports: 80 8080 8180
     Flow Depth: 300
     Max Chunk Length: 500000
     Inspect Pipeline Requests: YES
     URI Discovery Strict Mode: NO
     Allow Proxy Usage: NO
     Disable Alerting: NO
     Oversize Dir Length: 500
     Only inspect URI: NO
     Ascii: YES alert: NO
     Double Decoding: YES alert: YES
     %U Encoding: YES alert: YES
     Bare Byte: YES alert: YES
     Base36: OFF
     UTF 8: OFF
     IIS Unicode: YES alert: YES
     Multiple Slash: YES alert: NO
     IIS Backslash: YES alert: NO
     Directory Traversal: YES alert: NO
     Web Root Traversal: YES alert: YES
     Apache WhiteSpace: YES alert: YES
     IIS Delimiter: YES alert: YES
     IIS Unicode Map: GLOBAL IIS UNICODE MAP CONFIG
     Non-RFC Compliant Characters: NONE
rpc_decode arguments:
   Ports to decode RPC on: 111 32771
   alert_fragments: INACTIVE
   alert_large_fragments: ACTIVE
   alert_incomplete: ACTIVE
   alert_multiple_requests: ACTIVE
telnet_decode arguments:
   Ports to decode telnet on: 21 23 25 119
database: compiled support for ( mysql )
database: configured to use mysql
database:          user = snort
database: password is set
database: database name = snort
database:          host = localhost
database:   sensor name = 192.168.0.3
database:     sensor id = 1
database: schema version = 106
database: using the "log" facility
ERROR: ERROR /etc/snort/rules/bad-traffic.rules(12): Couldn't resolve
hostname HOME_NET
Fatal Error, Quitting..

in my config home net is set to "any", my network is 192.168.0.1 - 192.168.0.10
i tryed 192.168.0.1/24.




More information about the Snort-users mailing list