[Snort-users] Unable to run Snort in IPS mode
ashish.sharma3 at ...6440...
Mon Feb 22 02:07:11 EST 2010
I have a fedora core 10 virtual machine running on a sun virtual box.
I am trying to run Snort on this machine in IPS mode.
I followed the following steps (I had already installed the prerequisites for Snort IPS):
1. Downloaded 'snort-220.127.116.11.tar.gz'
2. Extracted the binaries.
3. did './configure --enable-inline'
4. did 'make'
5. did 'make install'
6. copied snort rules and snort conf at appropriate location.
7. executed the following command :
'snort -A console -Q -c /etc/snort /snort.conf -i eth1 -l /var/log/snort'
8. Snort launches with the traces :
Enabling inline operation
Running in IDS mode
--== Initializing Snort ==--
Initializing Output Plugins!
Initializing rule chains...
ERROR: /etc/snortIDSMode/rules /local.rules(10 ) Unknown rule type: reject.
Fatal Error, Quitting..
8. As you can see I have a test rule in local.rule that have a 'reject' rule in it but snort is not accepting it, same is the case for 'sdrop' rule also.
9. What is the problem , please help!!!!!
What should I do in all to let my Snort run in IPS mode
Thanks in advance
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users