Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Snort IGNORES var HOME_NET

From: Matt Kettler <mkettler () evi-inc com>
Date: Wed, 08 May 2002 14:24:49 -0400
(originally sent to "Vadim Pushkin" <wiskbroom () hotmail com>, but I messed up the CC to snort-users, hence the resend) 

Could you show the exact line you used for var EXTERNAL_NET?

Did you accidentally forget the $ in the EXTERNAL_NET line?

You should have this:

var HOME_NET [192.168.1.0/24,10.10.0.0/16]

var EXTERNAL_NET !$HOME_NET


I suspect (educated guess only) that you have this:

var EXTERNAL_NET !HOME_NET

Which is not the same.

I did this on my setup and it works fine:

var HOME_NET [10.xx.0.0/16,192.168.xx.0/24,192.168.xx.0/24,192.168.xx.0/24]

var EXTERNAL_NET !$HOME_NET
Pardon the xx's, hiding some minor details about the inside of my network which really don't need to be hidden, but I'm using a little bit of paranoia. 

At 02:15 PM 5/8/2002 +0000, Vadim Pushkin wrote:

I've done this, and defined my HOME_NET to be
the following:

var HOME_NET [192.168.1.0/24,10.10.0.0/16]

And I now get:
May 8 10:06:21 hostname-1 snort: FATAL ERROR: ERROR /snort/rules/bad-traffic.rules (11) => Couldn't resolve hostname HOME_NET 


_______________________________________________________________

Have big pipes? SourceForge.net is looking for download mirrors. We supply
the hardware. You get the recognition. Email Us: bandwidth () sourceforge net
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: