Snort mailing list archives
Re: SNORT + PulledPork: FATAL ERROR: ... Invalid configuration line
From: RŌNIN <correo.cuervo () gmail com>
Date: Sun, 21 Dec 2014 08:30:29 -0500
Hi to everyone: I've changed snort.conf file: [root@snortest ~]# grep -ir "black" /etc/snort/snort.conf #var BLACK_LIST_PATH ../rules var BLACK_LIST_PATH /etc/snort/rules blacklist $BLACK_LIST_PATH/black_list.rules include $RULE_PATH/black_list.rules And now SNORT is running: [root@snortest ~]# service snortd start Starting snort: Spawning daemon child... My daemon child 1366 lives... Daemon parent exiting (0) [ OK ] [root@snortest ~]# tail -f /var/log/messages Dec 21 08:21:29 centos6 snort[1366]: Preprocessor Object: SF_REPUTATION Version 1.1 <Build 1> Dec 21 08:21:29 centos6 snort[1366]: Preprocessor Object: SF_SIP Version 1.1 <Build 1> Dec 21 08:21:29 centos6 snort[1366]: Preprocessor Object: SF_SSLPP Version 1.1 <Build 4> Dec 21 08:21:29 centos6 snort[1366]: Preprocessor Object: SF_DNS Version 1.1 <Build 4> Dec 21 08:21:29 centos6 snort[1366]: Preprocessor Object: SF_SMTP Version 1.1 <Build 9> Dec 21 08:21:29 centos6 snort[1366]: Preprocessor Object: SF_DCERPC2 Version 1.0 <Build 3> Dec 21 08:21:29 centos6 snort[1366]: Preprocessor Object: SF_GTP Version 1.1 <Build 1> Dec 21 08:21:29 centos6 snort[1366]: Preprocessor Object: SF_SSH Version 1.1 <Build 3> Dec 21 08:21:29 centos6 snort[1366]: Preprocessor Object: SF_DNP3 Version 1.1 <Build 1> Dec 21 08:21:29 centos6 snort[1366]: Commencing packet processing (pid=1366) [root@snortest ~]# grep -ir "black" /etc/snort/pulledpork.conf # NEW For IP Blacklisting! Note the format is urltofile|IPBLACKLIST|<oinkcode> # This format MUST be followed to let pulledpork know that this is a blacklist rule_url=http://labs.snort.org/feeds/ip-filter.blf|IPBLACKLIST|open # want to tell pulledpork where your blacklist file lives, PP automagically will black_list=/etc/snort/rules/blacklist.rules # This should be the same path where your black_list lives! Must I change something in pulledpork.conf file or not? A lot of thanks by your help!. ------------------------------------------------------------------------------ Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration & more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- SNORT + PulledPork: FATAL ERROR: ... Invalid configuration line RŌNIN (Dec 19)
- Re: SNORT + PulledPork: FATAL ERROR: ... Invalid configuration line Jeremy Hoel (Dec 19)
- Re: SNORT + PulledPork: FATAL ERROR: ... Invalid configuration line waldo kitty (Dec 20)
- Re: SNORT + PulledPork: FATAL ERROR: ... Invalid configuration line RŌNIN (Dec 20)
- Re: SNORT + PulledPork: FATAL ERROR: ... Invalid configuration line waldo kitty (Dec 20)
- Re: SNORT + PulledPork: FATAL ERROR: ... Invalid configuration line RŌNIN (Dec 21)
- Re: SNORT + PulledPork: FATAL ERROR: ... Invalid configuration line RŌNIN (Dec 20)