|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Cameron Just (phoenix
veto.cx)Date: Wed Jun 27 2001 - 01:46:01 CDT
Hi,
This slightly fixed the problem but snort will still not start?
here is my error messages
Jun 27 16:44:20 phoenix snort: Initializing daemon mode
Jun 27 16:44:20 phoenix kernel: eth1: Setting promiscuous mode.
Jun 27 16:44:20 phoenix kernel: device eth1 entered promiscuous mode
Jun 27 16:44:20 phoenix snort: ERROR /etc/snort/snort.conf (7) => Rule netmask (32") didn't x-late, WTF?
Jun 27 16:44:20 phoenix kernel: device eth1 left promiscuous mode
Jun 27 16:44:20 phoenix snortd: snort startup succeeded
Here are the first few lines of my snort.conf file
var HOME_NET "192.168.1.1/32"
var EXTERNAL_NET any
var DNS_SERVERS [192.168.1.1/32,61.9.208.13/32,61.9.208.16/32,24.192.1.30/32]
Am I right in assuming the HOME_NET variable is the IP of the machine with snort running?
Becuase That is the IP address of the machine from inside the firewall.
I can't understand what is going wrong.
At 08:59 AM 27/06/01, you wrote:
>Quotes....
>
>var HOME_NET "192.168.1.1"/32
>
>Change that to
>
>var HOME_NET "192.168.1.1/32"
>
>Jason Lewis
>http://www.packetnexus.com
>It's not secure "Because they told me it was secure".
>The people at the other end of the link know less
>about security than you do. And that's scary.
>
>
>
>-----Original Message-----
>From: snort-users-adminlists.sourceforge.net
>[mailto:snort-users-adminlists.sourceforge.net]On Behalf Of Cameron
>Just
>Sent: Tuesday, June 26, 2001 6:28 PM
>To: Snort-userslists.sourceforge.net
>Subject: [Snort-users] Rule IP addr (!192.168.1.1) didn't x-late, WTF?
>
>
>Hi,
>
>Anyone know how to fix this problem on a Redhat 6.2 Machine with the latest
>Snort installed.
>
>Here is the /var/log/messages info
>
>Jun 26 13:01:51 him snort: Initializing daemon mode
>Jun 26 13:01:51 him kernel: eth0: Setting promiscuous mode.
>Jun 26 13:01:51 him kernel: device eth0 entered promiscuous mode
>Jun 26 13:01:51 him snort: ERROR /etc/snort/base.conf (8) => Rule IP addr
>(!192.168.1.1) didn't x-late, WTF?
>Jun 26 13:01:51 him kernel: device eth0 left promiscuous mode
>Jun 26 13:01:51 him snort: snort startup succeeded.
>
>
>This is the line it is dying on in my snort.conf
>
>var HOME_NET "192.168.1.1"/32
>
>I can't find anything in the FAQs and founf this problem on the Mailing
>lists but there was never any answer......
>
>
>
>
>
>_______________________________________________
>Snort-users mailing list
>Snort-userslists.sourceforge.net
>Go to this URL to change user options or unsubscribe:
>http://lists.sourceforge.net/lists/listinfo/snort-users
>Snort-users list archive:
>http://www.geocrawler.com/redir-sf.php3?list=snort-users
****************************************************************
Cameron Just (C.Justphoenixdigital.com)
Phoenix Digital Development
****************************************************************
_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]