[Snort-users] Unable to run Snort in IPS mode

Sharma, Ashish ashish.sharma3 at ...6440...
Mon Feb 22 02:07:11 EST 2010


Hi,

I have a fedora core 10 virtual machine running on a sun virtual box.

I am trying to run Snort on this machine in IPS mode.

I followed the following steps (I had already installed the prerequisites for Snort IPS):

1. Downloaded 'snort-2.8.5.2.tar.gz'
2. Extracted the binaries.
3. did './configure --enable-inline'
4. did 'make'
5. did 'make install'
6. copied snort rules and snort conf at appropriate location.
7. executed the following command :
'snort -A console -Q -c /etc/snort /snort.conf -i eth1 -l /var/log/snort'
8. Snort launches with the traces :

Enabling inline operation
Running in IDS mode

--== Initializing Snort ==--
Initializing Output Plugins!
Initializing Preprocessors!
..................................

Initializing rule chains...
ERROR: /etc/snortIDSMode/rules /local.rules(10 ) Unknown rule type: reject.
Fatal Error, Quitting..

8. As you can see I have a test rule in local.rule that have a 'reject' rule in it but snort is not accepting it, same is the case for 'sdrop' rule also.

9. What is the problem , please help!!!!!

What should I do in all to let my Snort run in IPS mode

Thanks in advance

Ashish Sharma
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20100222/b7e9e4de/attachment.html>


More information about the Snort-users mailing list