Snort mailing list archives
Re: Startup error post-package install
From: Research <research () nativemethods com>
Date: Thu, 26 Feb 2015 12:58:20 -0500
On Feb 26, 2015, at 12:45 PM, James Lay <jlay () slave-tothe-box net> wrote:
On Thu, 2015-02-26 at 12:11 -0500, Research wrote:Hello, I have just begun using Snort and am following along with a book (“Linux Firewalls", 4th Edition (c) 2015). I am currently just focussing on getting Snort up and running and plan to read the full Snort documentation set next. Installing on Ubuntu 12.0.4.5 LTS via the following: sudo apt-get install snort …installs Snort. Verision is: snort -V …returning "Version 2.9.2 IPv6 GRE (Build 78)”. I verified in: /etc/snort/snort.conf that the ruleset that ships with the Ubuntu package is correctly referenced: var RULE_PATH /etc/snort/rules I then attempted to start Snort in non-daemon mode with: sudo snort start -c /etc/snort/snort.conf …however I receive the following and then termination: (lines omitted) +++++++++++++++++++++++++++++++++++++++++++++++++++ Initializing rule chains... WARNING /etc/snort/rules/chat.rules(33) threshold (in rule) is deprecated; use detection_filter instead. ERROR: /etc/snort/rules/community-virus.rules(19) !any is not allowed: !$DNS_SERVERS. Fatal Error, Quitting.. At this point, however, I have not edited any of the default rules or snort.conf configuration file. If I then run Snort in daemon mode, there is success - Snort does not terminate - and I see alerts in the snort.log file. What is going wrong on the non-daemon start that is causing it to terminate ? ThanksI suggest you reference: https://snort.org/documents/snort-2-9-7-x-on-ubuntu-12-lts-and-14-lts Installing and upgrading from source matches well with the speed at which snort is updated (current version is 2.9.7....2.9.2 is ANCIENT). I do not know of any repos that keep a current version of snort. James
Hi James, Thank you for the document outlining installing from source. I will proceed to try that out in a test VM and then replicate the process on my web server. Out of curiosity - have later versions of Snort (such as 2.9.7 as you mention), rectified the problem I ran into or is it likely the same thing will happen. I ask because I appreciate knowing about the latest version and will install it, but wonder if it will address the issue of snort terminating when I run it in non-daemon mode ? Thanks
------------------------------------------------------------------------------ Dive into the World of Parallel Programming The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Startup error post-package install Research (Feb 26)
- Re: Startup error post-package install James Lay (Feb 26)
- Re: Startup error post-package install Research (Feb 26)
- Re: Startup error post-package install James Lay (Feb 26)
- Re: Startup error post-package install Research (Feb 26)
- Re: Startup error post-package install Y M (Feb 26)
- Re: Startup error post-package install Research (Feb 26)
- Re: Startup error post-package install James Lay (Feb 26)
- Re: Startup error post-package install Research (Feb 26)
- Re: Startup error post-package install Research (Feb 26)
- Re: Startup error post-package install Joel Esler (jesler) (Feb 27)
- Re: Startup error post-package install Research (Feb 28)
- Re: Startup error post-package install Joel Esler (jesler) (Feb 28)
- Re: Startup error post-package install James Lay (Feb 26)