OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Brent Kearney (brentkearneys.ca)
Date: Wed Jun 20 2001 - 17:35:09 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    On Wed, Jun 20, 2001 at 02:14:32PM -0700, Joe McAlerney wrote:
    > Hello Brent,
    >
    > Make sure you configure snort with the --enable-flexresp tag, then
    > recompile. Post back if you still have problems.
    >
    > -Joe M.
    >
    > --
    > | Joe McAlerney joeysilicondefense.com |
    > | Silicon Defense - Technical Support for Snort |
    > | http://www.silicondefense.com/ |
    > +-- --+

    Thanks for your prompt answer. This is a bit difficult, as there is
    no compiler on this box. I tried compiling it on a different machine
    (after installing libpcap, etc), but I'm having some troubles; the
    "configure" script automatically selects 'gcc'. How do I choose Sun's
    'cc' instead?

    Does anyone know of a (preferably statically linked) binary package
    for Solaris that has the --enable-flexresp option turned on?

    Many thanks,

    Brent

     
    > Brent Kearney wrote:
    > >
    > > Hello,
    > >
    > > I have installed Libnet 1.0.2a on a solaris 2.7 box that is
    > > running snort 1.7. After adding a rule,
    > >
    > > alert tcp $EXTERNAL_NET any -> $HOME_NET 515 (logto:"/var/log/snort/lp.log"; resp:rst_all,icmp_port; msg:"l
    > > p service is protected. Connection attempt logged.";)
    > >
    > > Snort refuses to start:
    > >
    > > snort -A full -c /usr/local/etc/snort.conf -i le0 -l /var/log/snort -v
    > >
    > > --== Initializing Snort ==--
    > >
    > > Initializing Network Interface le0
    > > Decoding Ethernet on interface le0
    > > Initializing Preprocessors!
    > > Initializing Plug-ins!
    > > Initializating Output Plugins!
    > >
    > > +++++++++++++++++++++++++++++++++++++++++++++++++++
    > > Initializing rule chains...
    > >
    > > ERROR: /usr/local/etc/snort.conf (77) => Unknown keyword "resp" in rule!
    > >
    > > Any suggestions would be appreciated. Please CC: brentkearneys.ca,
    > > because I'm not on the list.
    > >
    > > Thanks,
    > >
    > > -Brent
    > >
    > > _______________________________________________
    > > Snort-users mailing list
    > > Snort-userslists.sourceforge.net
    > > Go to this URL to change user options or unsubscribe:
    > > http://lists.sourceforge.net/lists/listinfo/snort-users
    > > Snort-users list archive:
    > > http://www.geocrawler.com/redir-sf.php3?list=snort-users

    _______________________________________________
    Snort-users mailing list
    Snort-userslists.sourceforge.net
    Go to this URL to change user options or unsubscribe:
    http://lists.sourceforge.net/lists/listinfo/snort-users
    Snort-users list archive:
    http://www.geocrawler.com/redir-sf.php3?list=snort-users