[Snort-users] frag3 bind_to and ipvar not working

Lee Clemens snort at ...13080...
Fri Mar 12 21:21:06 EST 2010


Hello,

I am using Snort 2.5.8.3 on Linux kernel 2.6.x.

My snort.conf contains (was running on 2.8.4.1):

var LINUX_SERVERS [192.168.1.2,192.168.1.3]

preprocessor frag3_global: max_frags 65536, \
   prealloc_frags 65536, \
   memcap 524288
preprocessor frag3_engine: policy linux \
	bind_to $LINUX_SERVERS \
	detect_anomalies

However, starting snort fails each time on the frag3_engine line.

I have tried using slash-notation for each IP, and using ipvar instead of
var.
Each time I get the error: Unable to process the IP address: LINUX_SERVERS.

If I wrap use $(LINUX_SERVERS) or [$LINUX_SERVERS], etc, I receive the same
error but with or without brackets.

Using var and $(LINUX_SERVERS:?linux not defined), I receive the error
"linux not defined".

Any help would be greatly appreciated.

-Lee






More information about the Snort-users mailing list