[Snort-users] Snort + NIDS + SLES10 problem

Todd Wease twease at ...1935...
Tue Feb 13 10:19:40 EST 2007


maged shaker wrote:
> Hi Todd
> > administrator to monitoring and view the "Base"  Basic Analysis and
> > Security Engine ,and the other interface is not configured  to use for
> > sniffing  the traffic and configured with snort , and it attached to
> > span port in the switch  but when insert the other network address in
> > /etc/sysconfig/snort  as the following :
> > SNORT_INTERFACE="eth1 "and start snort it failed when  start and tell
> > me in /var/log/message :
> > Parsing Rules file /etc/snort/snort.conf
> > Feb 10 05:59:42 linux1 snort[9023]: FATAL ERROR: Undefined variable
> > name: (/etc/snort/snort.conf:44): eth1_ADDRESS
> >
> > please give me advice for this issue and how to solve it
> >
> > Thanks
> > NSM-man
> > ------------------------------------------------------------------------
> > 
Yes, the script is altering snort.conf and is using eth1_ADDRESS (or any 
ethX_ADDRESS) without defining it first.  I suggest that in 
/etc/sysconfig/snort that you set SNORT_AUTO to 'no' and manually set 
your HOME_NET variable in snort.conf.  (And notify SUSE that their 
script doesn't work)

Thanks
Todd




More information about the Snort-users mailing list