Snort mailing list archives

Re: Config Question

From: Matt Kettler <mkettler () evi-inc com>
Date: Mon, 03 Apr 2006 15:29:05 -0400

James Jalbert wrote:

I am looking to see if it is possible to configure one snort machine for
many "Home" networks. I have 7 subnets that are the lan and wan for my
location. I tried to configure snort with the var home_net set with the
network address, but was unable to run snort after. For security reasons
I will not post entire IP's but will post last sections, please tell me
if I have done something wrong.

Subnets are :   xx.xx.94.0/23
                     xx.xx.72.0/23
                     xx.xx.74.0/25
                     xx.xx.74.128/25
                     xx.xx.75.0/25
                     xx.xx.75.128/26
                     xx.xx.75.192/26

Any thoughts or advice would be appreciated


Well, AFAIK, here's nothing intrinsically wrong with the above. However, I'd
have to assume you correctly built a home_net declaration that matched the
above. Given that you're having trouble running snort, it suggests the above is
not correct.

Can you post your home_net declaration from your snort.conf? Modified with the
same censoring as above is fine, I'm looking for syntactic errors in format, not
specific numbers. (Side note: Be aware this censoring of IPs only grants you
very little, if any, extra privacy.)

Can you post the output that occurs when you start snort manually from the
command line?  Do this without any "service" or other init scripts. Call snort
directly from the command-line with the appropriate parameters,  Leave off any
-D parameters. For most folks, this would just be snort -c /etc/snort.conf.



-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Config Question James Jalbert (Apr 03)
- Re: Config Question Matt Kettler (Apr 03)
  - Re: Config Question Lorine Ruotolo (Apr 03)
    - Re: Config Question Matt Kettler (Apr 03)
  - Re: Config Question James Jalbert (Apr 04)
    - Re: Config Question Frank Knobbe (Apr 04)
- RE: Config Question Patrick S. Harper (Apr 03)
- <Possible follow-ups>
- Re: Config Question Carl Brown (Apr 04)