|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Cameron Just (phoenix
veto.cx)Date: Wed Jun 27 2001 - 02:20:57 CDT
Unfortunately I have :(
Thanks for your help anyway
At 05:11 PM 27/06/01, you wrote:
>Have you checked the FAQ?
>
>http://www.snort.org/FAQ.html
>
>jas
>
>-----Original Message-----
>From: Cameron Just [mailto:phoenixveto.cx]
>Sent: Wednesday, June 27, 2001 3:06 AM
>To: jlewisjasonlewis.net
>Cc: Snort-userslists.sourceforge.net
>Subject: RE: [Snort-users] Rule IP addr (!192.168.1.1) didn't x-late,
>WTF?
>
>
>Yeah just tried it without quotes and again it's a little better.
>Here is the current setup
>
>var HOME_NET 192.168.1.1/32
>var EXTERNAL_NET any
>var DNS_SERVERS [61.9.208.13/32,61.9.208.16/32,24.192.1.30/32]
>
>giving the following /var/log/messages/
>
>Jun 27 17:03:30 phoenix snort: Initializing daemon mode
>Jun 27 17:03:30 phoenix kernel: eth1: Setting promiscuous mode.
>Jun 27 17:03:30 phoenix kernel: device eth1 entered promiscuous mode
>Jun 27 17:03:31 phoenix snortd: snort startup succeeded
>Jun 27 17:03:31 phoenix kernel: device eth1 left promiscuous mode
>
>Then snort just dies
>
>Still not sure of the problem??????
>I have also changed
>var HOME_NET 192.168.1.1/32
>to be my IP given to me by my ISP
>Still no luck
>
>At 04:55 PM 27/06/01, you wrote:
>>None of my configs have quotes. I am using snort from CVS, so I am not
>sure
>>what older versions need.
>>
>>Have you tried it without quotes?
>>
>>var HOME_NET 192.168.1.1/32
>>
>>Jason Lewis
>>http://www.packetnexus.com
>>It's not secure "Because they told me it was secure".
>>The people at the other end of the link know less
>>about security than you do. And that's scary.
>>
>>
>>
>>-----Original Message-----
>>From: Cameron Just [mailto:phoenixveto.cx]
>>Sent: Wednesday, June 27, 2001 2:46 AM
>>To: jlewisjasonlewis.net
>>Cc: Snort-userslists.sourceforge.net
>>Subject: RE: [Snort-users] Rule IP addr (!192.168.1.1) didn't x-late,
>>WTF?
>>
>>
>>Hi,
>>
>>This slightly fixed the problem but snort will still not start?
>>here is my error messages
>>
>>Jun 27 16:44:20 phoenix snort: Initializing daemon mode
>>Jun 27 16:44:20 phoenix kernel: eth1: Setting promiscuous mode.
>>Jun 27 16:44:20 phoenix kernel: device eth1 entered promiscuous mode
>>Jun 27 16:44:20 phoenix snort: ERROR /etc/snort/snort.conf (7) => Rule
>>netmask (32") didn't x-late, WTF?
>>Jun 27 16:44:20 phoenix kernel: device eth1 left promiscuous mode
>>Jun 27 16:44:20 phoenix snortd: snort startup succeeded
>>
>>Here are the first few lines of my snort.conf file
>>
>>var HOME_NET "192.168.1.1/32"
>>var EXTERNAL_NET any
>>var DNS_SERVERS
>>[192.168.1.1/32,61.9.208.13/32,61.9.208.16/32,24.192.1.30/32]
>>
>>Am I right in assuming the HOME_NET variable is the IP of the machine with
>>snort running?
>>Becuase That is the IP address of the machine from inside the firewall.
>>I can't understand what is going wrong.
>>
>>
>>At 08:59 AM 27/06/01, you wrote:
>>>Quotes....
>>>
>>>var HOME_NET "192.168.1.1"/32
>>>
>>>Change that to
>>>
>>>var HOME_NET "192.168.1.1/32"
>>>
>>>Jason Lewis
>>>http://www.packetnexus.com
>>>It's not secure "Because they told me it was secure".
>>>The people at the other end of the link know less
>>>about security than you do. And that's scary.
>>>
>>>
>>>
>>>-----Original Message-----
>>>From: snort-users-adminlists.sourceforge.net
>>>[mailto:snort-users-adminlists.sourceforge.net]On Behalf Of Cameron
>>>Just
>>>Sent: Tuesday, June 26, 2001 6:28 PM
>>>To: Snort-userslists.sourceforge.net
>>>Subject: [Snort-users] Rule IP addr (!192.168.1.1) didn't x-late, WTF?
>>>
>>>
>>>Hi,
>>>
>>>Anyone know how to fix this problem on a Redhat 6.2 Machine with the
>latest
>>>Snort installed.
>>>
>>>Here is the /var/log/messages info
>>>
>>>Jun 26 13:01:51 him snort: Initializing daemon mode
>>>Jun 26 13:01:51 him kernel: eth0: Setting promiscuous mode.
>>>Jun 26 13:01:51 him kernel: device eth0 entered promiscuous mode
>>>Jun 26 13:01:51 him snort: ERROR /etc/snort/base.conf (8) => Rule IP addr
>>>(!192.168.1.1) didn't x-late, WTF?
>>>Jun 26 13:01:51 him kernel: device eth0 left promiscuous mode
>>>Jun 26 13:01:51 him snort: snort startup succeeded.
>>>
>>>
>>>This is the line it is dying on in my snort.conf
>>>
>>>var HOME_NET "192.168.1.1"/32
>>>
>>>I can't find anything in the FAQs and founf this problem on the Mailing
>>>lists but there was never any answer......
>>>
>>>
>>>
>>>
>>>
>>>_______________________________________________
>>>Snort-users mailing list
>>>Snort-userslists.sourceforge.net
>>>Go to this URL to change user options or unsubscribe:
>>>http://lists.sourceforge.net/lists/listinfo/snort-users
>>>Snort-users list archive:
>>>http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>
>>
>>****************************************************************
>>Cameron Just (C.Justphoenixdigital.com)
>>
>>Phoenix Digital Development
>>****************************************************************
>
>
>****************************************************************
>Cameron Just (C.Justphoenixdigital.com)
>
>Phoenix Digital Development
>****************************************************************
****************************************************************
Cameron Just (C.Justphoenixdigital.com)
Phoenix Digital Development
****************************************************************
_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]