[Snort-users] Conf issue

Al Lewis (allewi) allewi at cisco.com
Sat Aug 12 08:55:03 EDT 2017


Hello,

Your slash in the ip addresses for the netmask is the wrong one.

 i.e 64.12.24.0\23 should be 64.12.24.0/23

Thanks.

Albert Lewis
ENGINEER.SOFTWARE ENGINEERING
SOURCEfire, Inc. now part of Cisco
Email: allewi at cisco.com<mailto:allewi at cisco.com>

From: Snort-users <snort-users-bounces at lists.snort.org<mailto:snort-users-bounces at lists.snort.org>> on behalf of Sumit Balodi via Snort-users <snort-users at lists.snort.org<mailto:snort-users at lists.snort.org>>
Reply-To: Sumit Balodi <balodi.sumit at gmail.com<mailto:balodi.sumit at gmail.com>>
Date: Saturday, August 12, 2017 at 8:15 AM
To: "snort-users at lists.snort.org<mailto:snort-users at lists.snort.org>" <snort-users at lists.snort.org<mailto:snort-users at lists.snort.org>>
Subject: [Snort-users] Conf issue

Facing problem with failed to parse the ip address.
error:
Running in Test mode

        --== Initializing Snort ==--
Initializing Output Plugins!
Initializing Preprocessors!
Initializing Plug-ins!
Parsing Rules file "c:\snort\etc\snort.conf"
PortVar 'HTTP_PORTS' defined :  [ 36 80:90 311 383 555 591 593 631 801 808 818 901 972 1158 1220 1414 1533 1741 1830 1942 2231 2301 2381 2578 2809 2980 3029 3037 3057 3128 3443 3702 4000 4343 4848 5000 5117 5250 5450 5600 5814 6080 6173 6988 7000:7001 7005 7071 7144:7145 7510 7770 7777:7779 8000:8001 8008 8014:8015 8020 8028 8040 8080:8082 8085 8088 8090 8118 8123 8180:8182 8222 8243 8280 8300 8333 8344 8400 8443 8500 8509 8787 8800 8888 8899 8983 9000 9002 9060 9080 9090:9091 9111 9290 9443 9447 9710 9788 9999:10000 11371 12601 13014 15489 19980 29991 33300 34412 34443:34444 40007 41080 44449 50000 50002 51423 53331 55252 55555 56712 ]
PortVar 'SHELLCODE_PORTS' defined :  [ 0:79 81:65535 ]
PortVar 'ORACLE_PORTS' defined :  [ 1024:65535 ]
PortVar 'SSH_PORTS' defined :  [ 22 ]
PortVar 'FTP_PORTS' defined :  [ 21 2100 3535 ]
PortVar 'SIP_PORTS' defined :  [ 5060:5061 5600 ]
PortVar 'FILE_DATA_PORTS' defined :  [ 36 80:90 110 143 311 383 555 591 593 631 801 808 818 901 972 1158 1220 1414 1533 1741 1830 1942 2231 2301 2381 2578 2809 2980 3029 3037 3057 3128 3443 3702 4000 4343 4848 5000 5117 5250 5450 5600 5814 6080 6173 6988 7000:7001 7005 7071 7144:7145 7510 7770 7777:7779 8000:8001 8008 8014:8015 8020 8028 8040 8080:8082 8085 8088 8090 8118 8123 8180:8182 8222 8243 8280 8300 8333 8344 8400 8443 8500 8509 8787 8800 8888 8899 8983 9000 9002 9060 9080 9090:9091 9111 9290 9443 9447 9710 9788 9999:10000 11371 12601 13014 15489 19980 29991 33300 34412 34443:34444 40007 41080 44449 50000 50002 51423 53331 55252 55555 56712 ]
PortVar 'GTP_PORTS' defined :  [ 2123 2152 3386 ]
ERROR: c:\snort\etc\snort.conf(99) Failed to parse the IP address: [64.12.24.0\23,64.12.28.0\23,64.12.161.0\24,64.12.163.0\24,64.12.200.0\24,205.188.3.0\24,205.188.5.0\24,205.188.7.0\24,205.188.9.0\24,205.188.153.0\24,205.188.179.0\24,205.188.248.0\24,192.168.0.5\24].
Fatal Error, Quitting..
Looking Forward for a reply!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20170812/022b60c2/attachment.html>


More information about the Snort-users mailing list