Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: New Problem

From: Martin Roesch <roesch () sourcefire com>
Date: Sun, 06 May 2001 23:36:47 -0400
It's complaining that it doesn't know what the $elxl0_ADDRESS variable
is, use the -i switch at the command line to force it to use that
interface.

     -Marty

Phil wrote:


Hey all, I'm still messing around with snort. I've
changed my snort.conf file to look like:

var HOME_NET $elxl0_ADDRESS
var EXTERNAL_NET !$HOME_NET
var SMTP X.X.X.X
var HTTP_SERVERS $HOME_NET
var SQL_SERVERS $HOME_NET

where X.X.X.X is a valid IP.
and I'm now starting snort with:
/usr/local/bin/snort -A fast -l /var/log/snortlogs -c
/etc/snort/snort.conf -D

where /var/log/snortlogs DOES exist. Unfortunately,
when I start snort, it says it's initializing daemon
mode but dies. The error message in /var/adm/messages
is:

Apr 11 20:34:01 MYHOST.MYNETWORK snort[2091]: [!]
ERROR: Bad value in variable definition!
Apr 11 20:34:01 MYHOST.MYNETWORK snort[2091]:
Make sure you don't have a "$" in the var name

I've tried using "var HTTP_SERVERS HOME_NET" (i.e.
without the $) but that didn't work. It DID work
before when I had !$HOME_NET for EXTERNAL_NET, but I
had 10.x.x.x numbers for HTTP and MYSQL.

I'm running Solaris 2.6 x86. Thanks for your help.

Phil

__________________________________________________
Do You Yahoo!?
Get email at your own domain with Yahoo! Mail.
http://personal.mail.yahoo.com/

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


--
Martin Roesch
roesch () sourcefire com
http://www.sourcefire.com - http://www.snort.org

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: