Re: issue of installing Snort_2.8.4.1 and Barnyard2 in Ubunto 9.10

[Jun Wan <junwei_wan () hotmail com>]

Hi Rob,

 

I have fixed this issue by following your instructions, now my Snort is working beautifully.

 

Many thanks to others who helped on this issue as well.

 

Regards

 

John


 


Date: Wed, 3 Mar 2010 18:57:11 -0500
Subject: Re: [Snort-users] issue of installing Snort_2.8.4.1 and Barnyard2 in Ubunto 9.10
From: rob.l.dixon () gmail com
To: junwei_wan () hotmail com

Try setting your HOME_NET and EXTERNAL_NET like this:

var HOME_NET [10.0.0.0/8,172.25.0.0/16,192.168.1.0/24]  (or what ever your internal network IP, CIDR or range is, this 
would be the netowrk that you want to protect.)

then:
var EXTERNAL_NET !$HOME_NET


Hope that helps.

Rob


On Wed, Mar 3, 2010 at 6:27 PM, Jun Wan <junwei_wan () hotmail com> wrote:


Hi,

I am new to Snort, I followed the instructions on this url:  https://wwwx.cs.unc.edu/~hays/archives/work/index.php

All went well until I reached the following stage:

 "Now a quick test. Run the following and see if snort runs:

sudo snort -c /etc/snort/snort.conf -i eth1"

After running the command line above, I got the following outcomes:

Running in IDS mode

        --== Initializing Snort ==--
Initializing Output Plugins!
Initializing Preprocessors!
Initializing Plug-ins!
Parsing Rules file /etc/snort/snort.conf
Var 'HOME_NET' redefined
PortVar 'HTTP_PORTS' defined :  [ 80 ]
PortVar 'SHELLCODE_PORTS' defined :  [ 0:79 81:65535 ]
PortVar 'ORACLE_PORTS' defined :  [ 1521 ]
Frag3 global config:
.....
.....

+++++++++++++++++++++++++++++++++++++++++++++++++++
Initializing rule chains...
ERROR: Undefined variable name: (/etc/snort/rules/bad-traffic.rules:27): EXTERNAL_NET
Fatal Error, Quitting..

Is there anyone know what's this all about? Would you please let me know "how to" fix this "Fatal Error"?  what should 
I do next?

Any information and help would be much appreciated.

Regards

John



_________________________________________________________________
Browse profiles for FREE! Meet local singles online.
http://clk.atdmt.com/NMN/go/150855801/direct/01/
------------------------------------------------------------------------------
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


-- 
Hackers for Charity Board Member
GPEN, GAWN, C|HFI, ESSE-D, SnortCP, TNAP, TNCP, TECP, A+, whatever..

Bad news doesn't get any better with age.

                                          
_________________________________________________________________
Get the latest jobs delivered. Sign up for SEEK Jobmail.
http://clk.atdmt.com/NMN/go/157639755/direct/01/

------------------------------------------------------------------------------
Download Intel&#174; Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users