[Snort-users] Startup error post-package install
research at ...17107...
Thu Feb 26 12:11:15 EST 2015
I have just begun using Snort and am following along with a book (“Linux Firewalls", 4th Edition (c) 2015). I am currently just focussing on getting Snort up and running and plan to read the full Snort documentation set next.
Installing on Ubuntu 220.127.116.11 LTS via the following:
sudo apt-get install snort
…installs Snort. Verision is:
…returning "Version 2.9.2 IPv6 GRE (Build 78)”.
I verified in: /etc/snort/snort.conf that the ruleset that ships with the Ubuntu package is correctly referenced:
var RULE_PATH /etc/snort/rules
I then attempted to start Snort in non-daemon mode with:
sudo snort start -c /etc/snort/snort.conf
…however I receive the following and then termination:
Initializing rule chains...
WARNING /etc/snort/rules/chat.rules(33) threshold (in rule) is deprecated; use detection_filter instead.
ERROR: /etc/snort/rules/community-virus.rules(19) !any is not allowed: !$DNS_SERVERS.
Fatal Error, Quitting..
At this point, however, I have not edited any of the default rules or snort.conf configuration file.
If I then run Snort in daemon mode, there is success - Snort does not terminate - and I see alerts in the snort.log file.
What is going wrong on the non-daemon start that is causing it to terminate ?
More information about the Snort-users