[Snort-users] sudo snort -Tc snort.conf failure

Nicholas Mavis (nmavis) nmavis at ...589...
Tue Feb 11 10:20:51 EST 2014


David,

As Y M mentioned, if you are installing snort via the Ubuntu repositories it is going to be outdated. I would recommend downloading an updated release (2.9.6) from snort.org. The errors you are seeing are fairly straight forward.

 Initializing rule chains...
WARNING /etc/snort/rules/chat.rules(33) threshold (in rule) is deprecated; use detection_filter instead.

ERROR: /etc/snort/rules/community-virus.rules(19) !any is not allowed: !$DNS_SERVERS

As seen in the error above, you have $DNS_SERVERS variable set to "!any" within your snort.conf which is not allowed.

From: David Montgomery <davidmontgomery at ...11827...<mailto:davidmontgomery at ...11827...>>
Date: Tuesday, February 11, 2014 8:03 AM
To: "snort-users at lists.sourceforge.net<mailto:snort-users at ...5870....net>" <snort-users at lists.sourceforge.net<mailto:snort-users at ...2987...rge.net>>
Subject: Re: [Snort-users] sudo snort -Tc snort.conf failure

Initializing rule chains...
WARNING /etc/snort/rules/chat.rules(33) threshold (in rule) is deprecated; use detection_filter instead.

ERROR: /etc/snort/rules/community-virus.rules(19) !any is not allowed: !$DNS_SERVERS
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140211/5e53e6cb/attachment.html>


More information about the Snort-users mailing list