Snort mailing list archives
Re: SNORT + PulledPork: FATAL ERROR: ... Invalid configuration line
From: Jeremy Hoel <jthoel () gmail com>
Date: Fri, 19 Dec 2014 20:51:36 -0700
The last line in the error messages points to the issue. You have a problem with the file blacklist.rules. snort.conf is set to read that file and if you're not using it you should remove it from the snort.conf. On Dec 19, 2014 8:40 PM, "RŌNIN" <correo.cuervo () gmail com> wrote:
I have installed SNORT following this how-to: http://blog.globaldyne.co.uk/installing-snort-on-centos-6-6-64bit/ and everything goes fine. After, I followed this how-to (step by step): http://blog.globaldyne.co.uk/install-pulledpork-and-barnyard2-for-snort-on-centos-6-6-64bit/ but when I try start it, SNORT fails. Last messages from my tries: SSL_connect:SSLv2/v3 write client hello A SSL_connect:SSLv3 read server hello A SSL_connect:SSLv3 read server certificate A SSL_connect:SSLv3 read server key exchange A SSL_connect:SSLv3 read server done A SSL_connect:SSLv3 write client key exchange A SSL_connect:SSLv3 write change cipher spec A SSL_connect:SSLv3 write finished A SSL_connect:SSLv3 flush data SSL_connect:SSLv3 read server session ticket A SSL_connect:SSLv3 read finished A 200 OK (4s) most recent rules file digest: 489712cc1f594ad03958473e8a4c00d0 current local rules file digest: 489712cc1f594ad03958473e8a4c00d0 The MD5 for opensource.gz matched 489712cc1f594ad03958473e8a4c00d0 Cleanup.... removed 0 temporary snort files or directories from /tmp/tha_rules! Writing Blacklist File /etc/snort/rules/blacklist.rules.... Writing Blacklist Version 909586785 to /etc/snort/rules/iplistsIPRVersion.dat.... Writing /var/log/sid_changes.log.... Done No Rule Changes IP Blacklist Stats... Total IPs:-----13771 Done Please review /var/log/sid_changes.log for additional details Fly Piggy Fly! [root@snortest ~]# service snortd start Starting snort: [FAILED] [root@snortest ~]# Check the last messages: [root@snortest ~]# tail -f /var/log/messages Dec 19 21:39:18 snortest snort[17305]: Dec 19 21:39:18 snortest snort[17305]: PortVar 'GTP_PORTS' defined : Dec 19 21:39:18 snortest snort[17305]: [ 2123 2152 3386 ] Dec 19 21:39:18 snortest snort[17305]: Dec 19 21:39:18 snortest snort[17305]: Detection: Dec 19 21:39:18 snortest snort[17305]: Search-Method = AC-Full-Q Dec 19 21:39:18 snortest snort[17305]: Split Any/Any group = enabled Dec 19 21:39:18 snortest snort[17305]: Search-Method-Optimizations = enabled Dec 19 21:39:18 snortest snort[17305]: Maximum pattern length = 20 Dec 19 21:39:18 snortest snort[17305]: FATAL ERROR: /etc/snort/rules/blacklist.rules(1) Invalid configuration line: 1.120.215.97#012 What's wrong here? -- I don't receipt / send information developed in / for M$ -Word, M$ -Excel, M$ -PowerPoint, M$ -Outlook or similar proprietary formats. I invite you to read my reasons: http://www.gnu.org/philosophy/no-word-attachments.en.html ------------------------------------------------------------------------------ Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration & more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration & more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- SNORT + PulledPork: FATAL ERROR: ... Invalid configuration line RŌNIN (Dec 19)
- Re: SNORT + PulledPork: FATAL ERROR: ... Invalid configuration line Jeremy Hoel (Dec 19)
- Re: SNORT + PulledPork: FATAL ERROR: ... Invalid configuration line waldo kitty (Dec 20)
- Re: SNORT + PulledPork: FATAL ERROR: ... Invalid configuration line RŌNIN (Dec 20)
- Re: SNORT + PulledPork: FATAL ERROR: ... Invalid configuration line waldo kitty (Dec 20)
- Re: SNORT + PulledPork: FATAL ERROR: ... Invalid configuration line RŌNIN (Dec 21)
- Re: SNORT + PulledPork: FATAL ERROR: ... Invalid configuration line RŌNIN (Dec 20)