[Snort-users] Snort Error

Al Lewis (allewi) allewi at ...589...
Wed Jan 18 19:08:39 EST 2017


Please send a copy of your config.

Albert Lewis
ENGINEER.SOFTWARE ENGINEERING
SOURCEfire, Inc. now part of Cisco
Email: allewi at ...589...<mailto:allewi at ...589...>

From: Paraskevas Lampadas <parislampadas at ...11827...<mailto:parislampadas at ...11827...>>
Date: Wednesday, January 18, 2017 at 7:06 PM
To: allewi <allewi at ...589...<mailto:allewi at ...589...>>
Cc: 'snort-users' <snort-users at lists.sourceforge.net<mailto:snort-users at lists.sourceforge.net>>, waldo kitty <wkitty42 at ...14940...<mailto:wkitty42 at ...14940...>>
Subject: Re: [Snort-users] Snort Error

As I mentioned on my first message :

Everything is fine except that i get alerts coming from my internal network as attacks, which are false alarms. On /etc/snort/snort.conf i have set the EXTERNAL NET as any.

I tried to make as !$HOME NET, but then the snort fails to load at startup. If i change it back to any everything works fine.

How else can i avoid receiving alerts from my internal network?

Στις 19 Ιαν 2017 02:03, ο χρήστης "Al Lewis (allewi)" <allewi at ...589...<mailto:allewi at ...589...>> έγραψε:
Looks like you need to set EXTERNAL_NET to something.

Take a look at the default config that comes with the download.


cliffjumper$ less /var/tmp/snort-2.9.8.3/etc/snort.conf | grep EXTERNAL
ipvar EXTERNAL_NET any

Albert Lewis
ENGINEER.SOFTWARE ENGINEERING
SOURCEfire, Inc. now part of Cisco
Email: allewi at ...589...<mailto:allewi at ...589...>

From: Paraskevas Lampadas <parislampadas at ...11827...<mailto:parislampadas at ...11827...>>
Date: Wednesday, January 18, 2017 at 6:51 PM
To: waldo kitty <wkitty42 at ...14940...<mailto:wkitty42 at ...14940...>>
Cc: 'snort-users' <snort-users at lists.sourceforge.net<mailto:snort-users at lists.sourceforge.net>>
Subject: Re: [Snort-users] Snort Error

" FATAL ERROR: /etc/snort/snort.conf(48) Missing argument to EXTERNAL_NET"

The exact error message

Με εκτίμηση,

Λαμπαδάς Πάρης
Μηχανικός Πληροφορικής Τ.Ε.
Cisco Certified Network Associate

On Thu, Jan 19, 2017 at 1:43 AM, Paraskevas Lampadas <parislampadas at ...11827...<mailto:parislampadas at ...11827...>> wrote:
FATAL ERROR variable EXTERNAL_NET not set, or something like that.

Με εκτίμηση,

Λαμπαδάς Πάρης
Μηχανικός Πληροφορικής Τ.Ε.
Cisco Certified Network Associate

On Wed, Jan 18, 2017 at 4:02 AM, <wkitty42 at ...14940...<mailto:wkitty42 at ...14940...>> wrote:
On 01/17/2017 04:37 PM, Paraskevas Lampadas wrote:
> I tried to make as !$HOME NET, but then the snort fails to load at startup.
> If i change it back to any everything works fine.
>
> How else can i avoid receiving alerts from my internal network?

what is the exact error message given at startup when you set EXTERNAL_NET to
!HOME_NET??

--
  NOTE: No off-list assistance is given without prior approval.
        *Please keep mailing list traffic on the list* unless
        private contact is specifically requested and granted.

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net<mailto:Snort-users at lists.sourceforge.net>
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20170119/bc74c6e3/attachment.html>


More information about the Snort-users mailing list