Snort mailing list archives
Re: Config Question
From: "Lorine Ruotolo" <lori.ruotolo () hotmail com>
Date: Mon, 03 Apr 2006 14:54:11 -0500
For:
> Subnets are : xx.xx.94.0/23 > xx.xx.72.0/23 > xx.xx.74.0/25 > xx.xx.74.128/25 > xx.xx.75.0/25 > xx.xx.75.128/26 > xx.xx.75.192/26
You can further summarize to: [xx.xx.94.0/23,xx.xx.72.0/22]
From: Matt Kettler <mkettler () evi-inc com> To: James Jalbert <jjalbert () mail caribouschools org> CC: Snort Users <snort-users () lists sourceforge net> Subject: Re: [Snort-users] Config Question Date: Mon, 03 Apr 2006 15:29:05 -0400 James Jalbert wrote: > I am looking to see if it is possible to configure one snort machine for > many "Home" networks. I have 7 subnets that are the lan and wan for my > location. I tried to configure snort with the var home_net set with the > network address, but was unable to run snort after. For security reasons > I will not post entire IP's but will post last sections, please tell me > if I have done something wrong. > > Subnets are : xx.xx.94.0/23 > xx.xx.72.0/23 > xx.xx.74.0/25 > xx.xx.74.128/25 > xx.xx.75.0/25 > xx.xx.75.128/26 > xx.xx.75.192/26 > > Any thoughts or advice would be appreciatedWell, AFAIK, here's nothing intrinsically wrong with the above. However, I'dhave to assume you correctly built a home_net declaration that matched theabove. Given that you're having trouble running snort, it suggests the above isnot correct.Can you post your home_net declaration from your snort.conf? Modified with the same censoring as above is fine, I'm looking for syntactic errors in format, not specific numbers. (Side note: Be aware this censoring of IPs only grants youvery little, if any, extra privacy.) Can you post the output that occurs when you start snort manually from thecommand line? Do this without any "service" or other init scripts. Call snort directly from the command-line with the appropriate parameters, Leave off any-D parameters. For most folks, this would just be snort -c /etc/snort.conf. ------------------------------------------------------- This SF.Net email is sponsored by xPML, a groundbreaking scripting languagethat extends applications into web and mobile media. Attend the live webcastand join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
_________________________________________________________________FREE pop-up blocking with the new MSN Toolbar get it now! http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/
------------------------------------------------------- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Config Question James Jalbert (Apr 03)
- Re: Config Question Matt Kettler (Apr 03)
- Re: Config Question Lorine Ruotolo (Apr 03)
- Re: Config Question Matt Kettler (Apr 03)
- Re: Config Question James Jalbert (Apr 04)
- Re: Config Question Frank Knobbe (Apr 04)
- Re: Config Question Lorine Ruotolo (Apr 03)
- RE: Config Question Patrick S. Harper (Apr 03)
- <Possible follow-ups>
- Re: Config Question Carl Brown (Apr 04)
- Re: Config Question Matt Kettler (Apr 03)