[Snort-users] Snort-users Digest, Vol 115, Issue 47

Aurimas Rudinskis arudinskis at ...11827...
Tue Dec 22 01:44:43 EST 2015


Thanks Tom. Your solution helped!

On Mon, Dec 21, 2015 at 7:06 PM, <snort-users-request at lists.sourceforge.net>
wrote:

> Send Snort-users mailing list submissions to
>         snort-users at lists.sourceforge.net
>
> To subscribe or unsubscribe via the World Wide Web, visit
>         https://lists.sourceforge.net/lists/listinfo/snort-users
> or, via email, send a message with subject or body 'help' to
>         snort-users-request at lists.sourceforge.net
>
> You can reach the person managing the list at
>         snort-users-owner at lists.sourceforge.net
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Snort-users digest..."
>
>
> When responding, please don't respond with the entire Digest.  Please trim
> your response.
>
> Today's Topics:
>
>    1. Active response: can't open ip (Aneela Safdar)
>    2. Snort 3 reputation configuration (Aurimas Rudinskis)
>    3. Re: Snort 3 reputation configuration (Tom Peters (thopeter))
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Sun, 20 Dec 2015 11:08:11 +0000 (UTC)
> From: Aneela Safdar <ansaf_130 at ...131...>
> Subject: [Snort-users] Active response: can't open ip
> To: "snort-users at lists.sourceforge.net"
>         <snort-users at lists.sourceforge.net>
> Message-ID:
>         <1974694672.1344948.1450609691870.JavaMail.yahoo at ...17079...>
> Content-Type: text/plain; charset="utf-8"
>
>
>
>
> Hi,
> I am trying to run snort on windows as newbie. I have followed?this
> tutorial?to start off. After completing all steps, when I try to test
> configuration file, it gives me above error. I am running cmd in
> Administrator mode. Is there anything else I am missing? Thanks.
> |  |  |
>
>
>
> ?Regards, Aneela Safdar
> | ? |
> | ? |  | ? | ? | ? | ? | ? |
> | Install Snort 2.9.7 on Windows |
> |  |
> | View on www.youtube.com | Preview by Yahoo |
> |  |
> | ? |
>
>
>
>
>
>
>
> -------------- next part --------------
> An HTML attachment was scrubbed...
>
> ------------------------------
>
> Message: 2
> Date: Mon, 21 Dec 2015 16:48:45 +0200
> From: Aurimas Rudinskis <arudinskis at ...11827...>
> Subject: [Snort-users] Snort 3 reputation configuration
> To: snort-users at lists.sourceforge.net
> Message-ID:
>         <CA+UY0_hvVVR4OtFP8u8hH21pqpj4Qb=
> H8gPuVqcJ26oKpbrMqg at ...11828...>
> Content-Type: text/plain; charset="utf-8"
>
> Hi,
>
> I'm trying to configure Snort 3 (aka Snort++) snort.lua. I've tried to add
> some IPs to 'white_list.rules' and 'black_list.rules' files, but didn't
> helped. Still getting an error about global 'white_list'.
>
> How can I solve this?
>
> WHITE_LIST_PATH = '/etc/snort/rules'
> BLACK_LIST_PATH = '/etc/snort/rules'
>
> reputation =
> {
>     memcap = 500,
>     priority = 'whitelist',
>     nested_ip = 'inner',
>     whitelist = WHITE_LIST_PATH/white_list.rules,
>     blacklist = BLACK_LIST_PATH/black_list.rules,
> }
>
> snort -T -c /etc/snort/snort.lua -i eth0
> --------------------------------------------------
> o")~   Snort++ 3.0.0-a3-183
> --------------------------------------------------
> Loading /etc/snort/snort.lua:
> FATAL: can't init /etc/snort/snort.lua: /etc/snort/snort.lua:1321: attempt
> to index global 'white_list' (a nil value)
> Fatal Error, Quitting..
> -------------- next part --------------
> An HTML attachment was scrubbed...
>
> ------------------------------
>
> Message: 3
> Date: Mon, 21 Dec 2015 17:06:42 +0000
> From: "Tom Peters (thopeter)" <thopeter at ...589...>
> Subject: Re: [Snort-users] Snort 3 reputation configuration
> To: Aurimas Rudinskis <arudinskis at ...11827...>,
>         "snort-users at lists.sourceforge.net"
>         <snort-users at lists.sourceforge.net>
> Message-ID: <D29D9AE2.254FC%thopeter at ...589...>
> Content-Type: text/plain; charset="iso-8859-1"
>
> Hi,
>
> Looks like a lua syntax error.
>
> Instead of:
>
>     whitelist = WHITE_LIST_PATH/white_list.rules,
>     blacklist = BLACK_LIST_PATH/black_list.rules,
>
> Try:
>
>     whitelist = WHITE_LIST_PATH .. '/white_list.rules',
>     blacklist = BLACK_LIST_PATH .. '/black_list.rules',
>
> .. is the lua string concatenation operator.
>
> Good luck and let me know if this works.
>
> Tom
>
>
> From: Aurimas Rudinskis <arudinskis at ...11827...<mailto:arudinskis at ...13610...7...
> >>
> Date: Monday, December 21, 2015 at 9:48 AM
> To: "snort-users at lists.sourceforge.net<mailto:
> snort-users at lists.sourceforge.net>" <snort-users at lists.sourceforge.net
> <mailto:snort-users at lists.sourceforge.net>>
> Subject: [Snort-users] Snort 3 reputation configuration
>
> Hi,
>
> I'm trying to configure Snort 3 (aka Snort++) snort.lua. I've tried to add
> some IPs to 'white_list.rules' and 'black_list.rules' files, but didn't
> helped. Still getting an error about global 'white_list'.
>
> How can I solve this?
>
> WHITE_LIST_PATH = '/etc/snort/rules'
> BLACK_LIST_PATH = '/etc/snort/rules'
>
> reputation =
> {
>     memcap = 500,
>     priority = 'whitelist',
>     nested_ip = 'inner',
>     whitelist = WHITE_LIST_PATH/white_list.rules,
>     blacklist = BLACK_LIST_PATH/black_list.rules,
> }
>
> snort -T -c /etc/snort/snort.lua -i eth0
> --------------------------------------------------
> o")~   Snort++ 3.0.0-a3-183
> --------------------------------------------------
> Loading /etc/snort/snort.lua:
> FATAL: can't init /etc/snort/snort.lua: /etc/snort/snort.lua:1321: attempt
> to index global 'white_list' (a nil value)
> Fatal Error, Quitting..
> -------------- next part --------------
> An HTML attachment was scrubbed...
>
> ------------------------------
>
>
> ------------------------------------------------------------------------------
>
>
> ------------------------------
>
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-users
>
>
> End of Snort-users Digest, Vol 115, Issue 47
> ********************************************
>



-- 
Linkėjimai/Regards,
*Aurimas Rudinskis*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20151222/ddd3f877/attachment.html>


More information about the Snort-users mailing list