[Snort-users] SNORT + PulledPork: FATAL ERROR: ... Invalid configuration line

RŌNIN correo.cuervo at ...11827...
Fri Dec 19 22:37:42 EST 2014


I have installed SNORT following this how-to:
http://blog.globaldyne.co.uk/installing-snort-on-centos-6-6-64bit/ and
everything goes fine.

After, I followed this how-to (step by step):
http://blog.globaldyne.co.uk/install-pulledpork-and-barnyard2-for-snort-on-centos-6-6-64bit/
but when I try start it, SNORT fails.

Last messages from my tries:

SSL_connect:SSLv2/v3 write client hello A
SSL_connect:SSLv3 read server hello A
SSL_connect:SSLv3 read server certificate A
SSL_connect:SSLv3 read server key exchange A
SSL_connect:SSLv3 read server done A
SSL_connect:SSLv3 write client key exchange A
SSL_connect:SSLv3 write change cipher spec A
SSL_connect:SSLv3 write finished A
SSL_connect:SSLv3 flush data
SSL_connect:SSLv3 read server session ticket A
SSL_connect:SSLv3 read finished A
200 OK (4s)
        most recent rules file digest: 489712cc1f594ad03958473e8a4c00d0
        current local rules file  digest: 489712cc1f594ad03958473e8a4c00d0
        The MD5 for opensource.gz matched 489712cc1f594ad03958473e8a4c00d0

Cleanup....
        removed 0 temporary snort files or directories from /tmp/tha_rules!
Writing Blacklist File /etc/snort/rules/blacklist.rules....
Writing Blacklist Version 909586785 to
/etc/snort/rules/iplistsIPRVersion.dat....
Writing /var/log/sid_changes.log....
        Done

No Rule Changes

IP Blacklist Stats...
        Total IPs:-----13771

Done
Please review /var/log/sid_changes.log for additional details
Fly Piggy Fly!
[root at ...17050... ~]# service snortd start
Starting snort:                                            [FAILED]

[root at ...17050... ~]#

Check the last messages:

[root at ...17050... ~]# tail -f /var/log/messages
Dec 19 21:39:18 snortest snort[17305]:
Dec 19 21:39:18 snortest snort[17305]: PortVar 'GTP_PORTS' defined :
Dec 19 21:39:18 snortest snort[17305]:  [ 2123 2152 3386 ]
Dec 19 21:39:18 snortest snort[17305]:
Dec 19 21:39:18 snortest snort[17305]: Detection:
Dec 19 21:39:18 snortest snort[17305]:    Search-Method = AC-Full-Q
Dec 19 21:39:18 snortest snort[17305]:     Split Any/Any group = enabled
Dec 19 21:39:18 snortest snort[17305]:     Search-Method-Optimizations = enabled
Dec 19 21:39:18 snortest snort[17305]:     Maximum pattern length = 20
Dec 19 21:39:18 snortest snort[17305]: FATAL ERROR:
/etc/snort/rules/blacklist.rules(1) Invalid configuration line:
1.120.215.97#012

What's wrong here?

-- 
I don't receipt / send information developed in / for M$ -Word, M$
-Excel, M$ -PowerPoint, M$ -Outlook or similar proprietary formats. I
invite you to read my reasons:
http://www.gnu.org/philosophy/no-word-attachments.en.html




More information about the Snort-users mailing list