[Snort-users] Unable to run Snort in IPS mode

Ray Caparros arcy24 at ...11827...
Mon Feb 22 07:56:18 EST 2010


Could you provide more info on what rule you have enabled on you  
local.rules

Sent from my iPhone

On Feb 22, 2010, at 2:07, "Sharma, Ashish" <ashish.sharma3 at ...6440...>  
wrote:

> Hi,
>
> I have a fedora core 10 virtual machine running on a sun virtual box.
>
> I am trying to run Snort on this machine in IPS mode.
>
> I followed the following steps (I had already installed the  
> prerequisites for Snort IPS):
>
> 1. Downloaded 'snort-2.8.5.2.tar.gz'
> 2. Extracted the binaries.
> 3. did './configure --enable-inline'
> 4. did 'make'
> 5. did 'make install'
> 6. copied snort rules and snort conf at appropriate location.
> 7. executed the following command :
> 'snort -A console -Q -c /etc/snort /snort.conf -i eth1 -l /var/log/ 
> snort'
> 8. Snort launches with the traces :
>
> Enabling inline operation
> Running in IDS mode
>
> --== Initializing Snort ==--
> Initializing Output Plugins!
> Initializing Preprocessors!
> ..................................
>
> Initializing rule chains...
> ERROR: /etc/snortIDSMode/rules /local.rules(10 ) Unknown rule type:  
> reject.
> Fatal Error, Quitting..
>
> 8. As you can see I have a test rule in local.rule that have a  
> 'reject' rule in it but snort is not accepting it, same is the case  
> for 'sdrop' rule also.
>
> 9. What is the problem , please help!!!!!
>
> What should I do in all to let my Snort run in IPS mode
>
> Thanks in advance
>
> Ashish Sharma
>
> --- 
> --- 
> --- 
> ---------------------------------------------------------------------
> Download Intel® Parallel Studio Eval
> Try the new software tools for yourself. Speed compiling, find bugs
> proactively, and fine-tune applications for parallel performance.
> See why Intel Parallel Studio got high marks during beta.
> http://p.sf.net/sfu/intel-sw-dev
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users




More information about the Snort-users mailing list