Snort mailing list archives
Re: Startup error post-package install
From: Research <research () nativemethods com>
Date: Sat, 28 Feb 2015 16:11:20 -0500
On Feb 28, 2015, at 12:38 AM, Joel Esler (jesler) <jesler () cisco com> wrote:
On Feb 26, 2015, at 2:34 PM, Y M <snort () outlook com> wrote:ERROR: /etc/snort/rules/community-virus.rules(19) !any is not allowed: !$DNS_SERVERS. Fatal Error, Quitting..This error is due to the fact that $DNS_SERVERS variable is defined as any, however, you have a rule in "community-virus.rules" that looks for IP addresses that are "not" in $DNS_SERVERS by using the deny operator "!"; i.e.: the rules is negating any, which is not an IP address. This is not a Snort error per se, you need to define the IP addresses that should go into $DNS_SERVERS, $HOME_NET, etc so that when the negation takes place, it negates IP addresses and not the keyword any.community-virus.rules? We’ve not produced that rule file in <checks the logs> Heck, I deleted the file from our build system 23 months ago… Last rule that was added to it was 8 years and 4 months ago… We have a totally new community rules file system now, it’s available for download here: https://www.snort.org/downloads -- Joel Esler Open Source Manager Threat Intelligence Team Lead Talos Security Intelligence and Research Group
Hi Joel, Yes, I believe that was because I was using an old package for my Linux distro. Upon the advice from the forum and downloading the latest release and building from source, that problem went I away and I assume that the erroneous, old line in the snort.conf has been removed. I have also signed up for an Oinkcode and am pulling the latest rules down. Thanks for following up.
------------------------------------------------------------------------------ Dive into the World of Parallel Programming The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Startup error post-package install Research (Feb 26)
- Re: Startup error post-package install James Lay (Feb 26)
- Re: Startup error post-package install Research (Feb 26)
- Re: Startup error post-package install James Lay (Feb 26)
- Re: Startup error post-package install Research (Feb 26)
- Re: Startup error post-package install Y M (Feb 26)
- Re: Startup error post-package install Research (Feb 26)
- Re: Startup error post-package install James Lay (Feb 26)
- Re: Startup error post-package install Research (Feb 26)
- Re: Startup error post-package install Research (Feb 26)
- Re: Startup error post-package install Joel Esler (jesler) (Feb 27)
- Re: Startup error post-package install Research (Feb 28)
- Re: Startup error post-package install Joel Esler (jesler) (Feb 28)
- Re: Startup error post-package install James Lay (Feb 26)