[Snort-users] Snort 3 reputation configuration

Tom Peters (thopeter) thopeter at ...589...
Mon Dec 21 12:06:42 EST 2015


Hi,

Looks like a lua syntax error.

Instead of:

    whitelist = WHITE_LIST_PATH/white_list.rules,
    blacklist = BLACK_LIST_PATH/black_list.rules,

Try:

    whitelist = WHITE_LIST_PATH .. '/white_list.rules',
    blacklist = BLACK_LIST_PATH .. '/black_list.rules',

.. is the lua string concatenation operator.

Good luck and let me know if this works.

Tom


From: Aurimas Rudinskis <arudinskis at ...11827...<mailto:arudinskis at ...14459.....>>
Date: Monday, December 21, 2015 at 9:48 AM
To: "snort-users at lists.sourceforge.net<mailto:snort-users at ...5870....net>" <snort-users at lists.sourceforge.net<mailto:snort-users at ...2987...rge.net>>
Subject: [Snort-users] Snort 3 reputation configuration

Hi,

I'm trying to configure Snort 3 (aka Snort++) snort.lua. I've tried to add some IPs to 'white_list.rules' and 'black_list.rules' files, but didn't helped. Still getting an error about global 'white_list'.

How can I solve this?

WHITE_LIST_PATH = '/etc/snort/rules'
BLACK_LIST_PATH = '/etc/snort/rules'

reputation =
{
    memcap = 500,
    priority = 'whitelist',
    nested_ip = 'inner',
    whitelist = WHITE_LIST_PATH/white_list.rules,
    blacklist = BLACK_LIST_PATH/black_list.rules,
}

snort -T -c /etc/snort/snort.lua -i eth0
--------------------------------------------------
o")~   Snort++ 3.0.0-a3-183
--------------------------------------------------
Loading /etc/snort/snort.lua:
FATAL: can't init /etc/snort/snort.lua: /etc/snort/snort.lua:1321: attempt to index global 'white_list' (a nil value)
Fatal Error, Quitting..
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20151221/cc59ba29/attachment.html>


More information about the Snort-users mailing list