[Snort-users] snort installation error

Nick Moore nmoore at ...1935...
Tue Aug 10 07:48:14 EDT 2010


Jun,

I would edit /etc/snort/rules/community-smtp.rules and comment out line 13.
After that, I would search for !any in all my rules files to make sure there
weren't any more of them.

Hope this helps and happy snorting!

Nick

On Tue, Aug 10, 2010 at 5:49 AM, Jun Wan <junwei_wan at ...125...> wrote:

>  Hi,
>
> I installed SNORT on a fresh Ubuntu 10.04 by following
> http://it.thelibrarie.com/weblog/?p=515
>
> snort -c /etc/snort/snort.conf -i eth0
>
> I get the following:
>
> Running in IDS mode
> --== Initializing Snort ==--
> Initializing Output Plugins!
> Initializing Preprocessors!
> Initializing Plug-ins
>
> ....pls see the attached details of "Snort installation error.rtf"...
>
>
> +++++++++++++++++++++++++++++++++++++++++++++++++++
> Initializing rule chains...
> Warning: /etc/snort/rules/dos.rules(42) => threshold (in rule) is
> deprecated; use detection_filter instead.
> ERROR: /etc/snort/rules/community-smtp.rules(13) => !any is not allowed
> Fatal Error, Quitting..
>
> Can't find much info via "google", so I would like to have your help.
>
> Any info and help would be much appreciated.
>
> Thanks for your patience with my many Snort questions.
>
> Regards
>
> John
>
>
>
>
>
>
> ------------------------------------------------------------------------------
> This SF.net email is sponsored by
>
> Make an app they can't live without
> Enter the BlackBerry Developer Challenge
> http://p.sf.net/sfu/RIM-dev2dev
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>



-- 
Nick Moore, SFCE, CISSP, CISA
Sr. Systems Engineer
Voice 708-336-9041
Email nick.moore at ...1935...
IM    nickgmoore (Yahoo)
       nickgmoore38 (AIM)

    ,,_
   o"  )~   Sourcefire - The Creators of Snort
    ''''

www.sourcefire.com         www.snort.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20100810/e22900aa/attachment.html>


More information about the Snort-users mailing list