Menu
▾
▴
Re: [Snort-inline-users] FATAL ERROR: /etc/snort_inline/snort_inline.conf(9) => NULL rule type!
|
From: Rob M. <ro...@ho...> - 2004-03-25 13:31:07
|
> Hello Everybody, > I hope somebody could help me with the following > problem with snort_inline startup. > > after I convert the rules using snortconfig-1.9 > (from honeynet.org), I start the snort_inline > ... last lines from snort_inline.sh .. > > $SNORT -D -d -c /etc/snort_inline/snort_inline.conf -Q > -i eth0 -l $DIR/$DATE -t $DIR/$DATE > > then I check the snort_inline process is not running. > I've verified the rule files location in > /etc/snort_inline/snort_inline.conf (where I copied > the rules result from snortconfig-1.9). > I've also make sure the variable $HOME_NET is declared > in snort_inline.conf (original file has $HONEYNET, I > added also the $HOME_NET with the same value) > > from /var/log/messages, I found: > Mar 25 00:52:51 gateway-1 snort_inline: Initializing > daemon mode > Mar 25 00:52:51 gateway-1 snort_inline: PID path stat > checked out ok, PID path set to /var/run/ > Mar 25 00:52:51 gateway-1 snort_inline: Writing PID > "2348" to file "/var/run//snort_inline.pid" > Mar 25 00:52:51 gateway-1 snort_inline: FATAL ERROR: > /etc/snort_inline/snort_inline.conf(9) => NULL rule > type! A few questions. What version of snort_inline are you using? What method did you use to install it? (src, diff, binary) what does your snort_inline.conf look like? Rob |
