[Snort-users] Snort 3 rule variables

Aurimas Rudinskis arudinskis at ...11827...
Tue Dec 22 03:16:05 EST 2015


Hi,

I have some custom Snort 2.9.x rules which I've converted to Snort3-a3
using snort2lua. When running "snort -c /etc/snort/snort.lua -R
/etc/snort/rules/global.lua" I'm getting errors about "Undefined variable
in the string". All variables used in the rules are described in snort.lua
configuration.

Rules:
pass udp $QUALYS any -> $HOME_NET any ( msg:"False Positive - Qualys
Internal Scanner IP"; sid:5000005; rev:1; )
pass tcp $QUALYS any -> $HOME_NET any ( msg:"False Positive - Qualys
Internal Scanner IP"; sid:5000006; rev:1; )

Variable QUALYS in snort.lua:
QUALYS = [[ 1.2.3.4 1.3.4.5 ]]

Errors:
ERROR: /etc/snort/rules/global.lua:29 Undefined variable in the string:
$QUALYS.
ERROR: /etc/snort/rules/global.lua:30 Undefined variable in the string:
$QUALYS.

Do I need to add variables to Snort 3 rules? How to solve this?

-- 
Linkėjimai/Regards,
*Aurimas Rudinskis*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20151222/0fcea401/attachment.html>


More information about the Snort-users mailing list