[Snort-users] snort installation error

Joel Esler jesler at ...1935...
Tue Aug 10 07:52:03 EDT 2010


Most likely this means that you need to define your variables in snort.conf. 


Sent from my iPhone

On Aug 10, 2010, at 7:32 AM, Sylvain Chillaud <sylvain.chillaud at ...11827...> wrote:

> Hi Jun,
> 
> the answer is in your error message : you can't have !any in a rule -> means 'nothing'. You can't detect based on nothing.
> Change that in the appropriate rule and it should be ok.
> 
> Regards,
> 
> Sylvain
> 
> 2010/8/10 Jun Wan <junwei_wan at ...125...>
> Hi,
>  
> I installed SNORT on a fresh Ubuntu 10.04 by following http://it.thelibrarie.com/weblog/?p=515
>  
> snort -c /etc/snort/snort.conf -i eth0
>  
> I get the following:
>  
> Running in IDS mode
> --== Initializing Snort ==--
> Initializing Output Plugins!
> Initializing Preprocessors!
> Initializing Plug-ins
>  
> ....pls see the attached details of "Snort installation error.rtf"...
>  
>  
> +++++++++++++++++++++++++++++++++++++++++++++++++++
> Initializing rule chains...
> Warning: /etc/snort/rules/dos.rules(42) => threshold (in rule) is deprecated; use detection_filter instead.
> ERROR: /etc/snort/rules/community-smtp.rules(13) => !any is not allowed
> Fatal Error, Quitting..
>  
> Can't find much info via "google", so I would like to have your help.
>  
> Any info and help would be much appreciated.
>  
> Thanks for your patience with my many Snort questions.
>  
> Regards
>  
> John 
>  
>  
>  
>  
> 
> ------------------------------------------------------------------------------
> This SF.net email is sponsored by
> 
> Make an app they can't live without
> Enter the BlackBerry Developer Challenge
> http://p.sf.net/sfu/RIM-dev2dev 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 
> ------------------------------------------------------------------------------
> This SF.net email is sponsored by 
> 
> Make an app they can't live without
> Enter the BlackBerry Developer Challenge
> http://p.sf.net/sfu/RIM-dev2dev
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20100810/291a8844/attachment.html>


More information about the Snort-users mailing list