Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Snort error: Unterminated IP List and clamav problems

From: "Will Metcalf" <william.metcalf () gmail com>
Date: Fri, 21 Sep 2007 16:39:57 -0500
are you running as user snort?

On 9/21/07, carlopmart <carlopmart () gmail com> wrote:

Sorry rmkml, but it isn't possible. If I change bleeding-dshield.rules
for bleeding-web.rules, error is the same:

FATAL ERROR: /etc/snort_ids-lan/bleeding-web.rules(38) => Unterminated
IP List

And this error, repeats every rule that I put ... from snort.org, from
bledingedge site ...

rmkml wrote:

Hi,
Your error are on line 32 on your bleeding-dshield.rules,
what is on line 32 please ?
test on comments only this line 32.
Regards
Rmkml


On Fri, 21 Sep 2007, carlopmart wrote:


Date: Fri, 21 Sep 2007 22:04:08 +0200
From: carlopmart <carlopmart () gmail com>
To: snort-users () lists sourceforge net
Subject: [Snort-users] Snort error: Unterminated IP List and clamav
problems

Hi all,

 I have installed an ids sensor with snort 2.6.1.5. When I try to
startup returns me this error:

snort[16936]: FATAL ERROR: /etc/snort_ids-lan/bleeding-dshield.rules(32)
=> Unterminated IP List

 If I disbled all rules, this error doesn't appears .. but i need to
disable all rules ....

What does it means??

I have compiled snort with this options:

--enable-stream4udp --enable-dynamicplugin --prefix=/usr/local
--with-mysql --enable-clamav --with-dnet-includes=/usr/local/include
--with-dnet-libraries=/usr/local/lib

 And another error displayed is referred to clamav:

 LibClamAV Error: Cannot create file
/tmp/clamav-8dd09f7dffc45dd0a8d680e06f3ee34c/COPYING.
LibClamAV Error: cli_cvdload(): Can't unpack CVD file.
LibClamAV Error: Can't load /var/lib/clamav/main.cvd: CVD extraction
failure

 I have searching via google, and all posts that I find talks about
space problems on /tmp directory, but my /tmp directory is 5% of 512 MB
occuped. How can I fix this??

Many thanks.
--
CL Martinez
carlopmart {at} gmail {d0t} com

-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users






--
CL Martinez
carlopmart {at} gmail {d0t} com

-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users



-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: