Problem with my snort.conf

Support for security such as Firewalls and securing linux
Post Reply
HomerGlemkin
Posts: 3
Joined: 2005/01/19 17:49:07

Problem with my snort.conf

Post by HomerGlemkin » 2005/06/22 13:28:06

When I added var EXTERNAL_NET $eth1_ADDRESS I get an error when running snort. I thought this was the right syntax, but I must be wrong. When I use any as the EXTERNAL_NET it works fine. but I would rather have it and eth1. Any help would be great.

SNORT.CONF
#--------------------------------------------------
# http://www.snort.org Snort 2.3.3 Ruleset
# Contact: snort-sigs@lists.sourceforge.net
#--------------------------------------------------
# $Id: snort.conf,v 1.144.2.11 2005/04/22 19:15:49 jhewlett Exp $
#
###################################################
# This file contains a sample snort configuration.
# You can take the following steps to create your own custom configuration:
#
# 1) Set the network variables for your network
# 2) Configure preprocessors
# 3) Configure output plugins
# 4) Customize your rule set
#
###################################################
# Step #1: Set the network variables:
#
# You must change the following variables to reflect your local network. The
# variable is currently setup for an RFC 1918 address space.
#
# You can specify it explicitly as:
#
# var HOME_NET 10.1.1.0/24
#
# or use global variable $_ADDRESS which will be always
# initialized to IP address and netmask of the network interface which you run
# snort at. Under Windows, this must be specified as
# $(_ADDRESS), such as:
# $(\Device\Packet_{12345678-90AB-CDEF-1234567890AB}_ADDRESS)
#
var HOME_NET $eth0_ADDRESS
#
# You can specify lists of IP addresses for HOME_NET
# by separating the IPs with commas like this:
#
# var HOME_NET [10.1.1.0/24,192.168.1.0/24]
#
# MAKE SURE YOU DON'T PLACE ANY SPACES IN YOUR LIST!
#
# or you can specify the variable to be any IP address
# like this:

#var HOME_NET 192.168.1.0/24

# Set up the external network addresses as well. A good start may be "any"
var EXTERNAL_NET $eth1_ADDRESS


THE ERROR:
[root@eskimo kanderson]# /usr/sbin/snort -T -c /etc/snort/snort.conf
Running in IDS mode

Initializing Network Interface eth0

--== Initializing Snort ==--
Initializing Output Plugins!
Decoding Ethernet on interface eth0
Initializing Preprocessors!
Initializing Plug-ins!
Parsing Rules file /etc/snort/snort.conf

+++++++++++++++++++++++++++++++++++++++++++++++++++
Initializing rule chains...
ERROR: Undefined variable name: (/etc/snort/snort.conf:47): eth1_ADDRESS
Fatal Error, Quitting..
[root@eskimo ]# nano /etc/snort/snort.conf
[root@eskimo ]# /usr/sbin/snort -T -c /etc/snort/snort.conf
Running in IDS mode

Initializing Network Interface eth0

--== Initializing Snort ==--
Initializing Output Plugins!
Decoding Ethernet on interface eth0
Initializing Preprocessors!
Initializing Plug-ins!
Parsing Rules file /etc/snort/snort.conf

+++++++++++++++++++++++++++++++++++++++++++++++++++
Initializing rule chains...
ERROR: Undefined variable name: (/etc/snort/snort.conf:47): eth1_ADDRESS
Fatal Error, Quitting..
ERROR

Post Reply

Return to “CentOS 4 - Security Support”