[Snort-users] Startup error post-package install

Research research at ...17107...
Thu Feb 26 12:11:15 EST 2015


I have just begun using Snort and am following along with a book (“Linux Firewalls", 4th Edition (c) 2015).  I am currently just focussing on getting Snort up and running and plan to read the full Snort documentation set next.

Installing on Ubuntu LTS via the following:

	sudo apt-get install snort

…installs Snort.  Verision is:

	snort -V

…returning "Version 2.9.2 IPv6 GRE (Build 78)”.

I verified in: /etc/snort/snort.conf that the ruleset that ships with the Ubuntu package is correctly referenced:

	var RULE_PATH /etc/snort/rules

I then attempted to start Snort in non-daemon mode with:

	sudo snort start -c /etc/snort/snort.conf

…however I receive the following and then termination:

	(lines omitted)
	Initializing rule chains...
	WARNING /etc/snort/rules/chat.rules(33) threshold (in rule) is deprecated; use detection_filter instead.
	ERROR: /etc/snort/rules/community-virus.rules(19) !any is not allowed: !$DNS_SERVERS.
	Fatal Error, Quitting..

At this point, however, I have not edited any of the default rules or snort.conf configuration file.

If I then run Snort in daemon mode, there is success - Snort does not terminate - and I see alerts in the snort.log file.

What is going wrong on the non-daemon start that is causing it to terminate ?


More information about the Snort-users mailing list