Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Snort 3 reputation configuration

From: "Tom Peters (thopeter)" <thopeter () cisco com>
Date: Mon, 21 Dec 2015 17:06:42 +0000
Hi,

Looks like a lua syntax error.

Instead of:

    whitelist = WHITE_LIST_PATH/white_list.rules,
    blacklist = BLACK_LIST_PATH/black_list.rules,

Try:

    whitelist = WHITE_LIST_PATH .. '/white_list.rules',
    blacklist = BLACK_LIST_PATH .. '/black_list.rules',

.. is the lua string concatenation operator.

Good luck and let me know if this works.

Tom


From: Aurimas Rudinskis <arudinskis () gmail com<mailto:arudinskis () gmail com>>
Date: Monday, December 21, 2015 at 9:48 AM
To: "snort-users () lists sourceforge net<mailto:snort-users () lists sourceforge net>" <snort-users () lists 
sourceforge net<mailto:snort-users () lists sourceforge net>>
Subject: [Snort-users] Snort 3 reputation configuration

Hi,

I'm trying to configure Snort 3 (aka Snort++) snort.lua. I've tried to add some IPs to 'white_list.rules' and 
'black_list.rules' files, but didn't helped. Still getting an error about global 'white_list'.

How can I solve this?

WHITE_LIST_PATH = '/etc/snort/rules'
BLACK_LIST_PATH = '/etc/snort/rules'

reputation =
{
    memcap = 500,
    priority = 'whitelist',
    nested_ip = 'inner',
    whitelist = WHITE_LIST_PATH/white_list.rules,
    blacklist = BLACK_LIST_PATH/black_list.rules,
}

snort -T -c /etc/snort/snort.lua -i eth0
--------------------------------------------------
o")~   Snort++ 3.0.0-a3-183
--------------------------------------------------
Loading /etc/snort/snort.lua:
FATAL: can't init /etc/snort/snort.lua: /etc/snort/snort.lua:1321: attempt to index global 'white_list' (a nil value)
Fatal Error, Quitting..

------------------------------------------------------------------------------

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: