Menu
▾
▴
Re: [Snort-inline-users] FATAL ERROR: /etc/snort_inline/snort_inline.conf(9) => NULL rule type!
|
From: Wismin E. <wi...@ya...> - 2004-03-25 21:30:59
|
Hi Rob, It's binary I downloaded from honeynet.org (snort_inline 2.0.5) the snort_inline.conf also from the some location. (except I modified the files locations for rules and add the variable $HOME_NET as I didn't see the $HONEYNET in the rule files as result for convertion using snortconfig-1.9). The input rules for convertion is I get from snort.org ......... Aha, I know now the problem, I used as the based for input to snortconfig-1.9 the rule files for snort2.1 while my snort_inline is 2.0.5.. That might explain why it didn't work. I'll have a try again once I get home today. thanks, wismin --- Rob McMillen <ro...@ho...> wrote: > > Hello Everybody, > > I hope somebody could help me with the > following > > problem with snort_inline startup. > > > > after I convert the rules using snortconfig-1.9 > > (from honeynet.org), I start the snort_inline > > ... last lines from snort_inline.sh .. > > > > $SNORT -D -d -c > /etc/snort_inline/snort_inline.conf -Q > > -i eth0 -l $DIR/$DATE -t $DIR/$DATE > > > > then I check the snort_inline process is not > running. > > I've verified the rule files location in > > /etc/snort_inline/snort_inline.conf (where I > copied > > the rules result from snortconfig-1.9). > > I've also make sure the variable $HOME_NET is > declared > > in snort_inline.conf (original file has > $HONEYNET, I > > added also the $HOME_NET with the same value) > > > > from /var/log/messages, I found: > > Mar 25 00:52:51 gateway-1 snort_inline: > Initializing > > daemon mode > > Mar 25 00:52:51 gateway-1 snort_inline: PID path > stat > > checked out ok, PID path set to /var/run/ > > Mar 25 00:52:51 gateway-1 snort_inline: Writing > PID > > "2348" to file "/var/run//snort_inline.pid" > > Mar 25 00:52:51 gateway-1 snort_inline: FATAL > ERROR: > > /etc/snort_inline/snort_inline.conf(9) => NULL > rule > > type! > > A few questions. > > What version of snort_inline are you using? > What method did you use to install it? (src, diff, > binary) > what does your snort_inline.conf look like? > > Rob > > > ------------------------------------------------------- > This SF.Net email is sponsored by: IBM Linux > Tutorials > Free Linux tutorial presented by Daniel Robbins, > President and CEO of > GenToo technologies. Learn everything from > fundamentals to system > administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click > _______________________________________________ > Snort-inline-users mailing list > Sno...@li... > https://lists.sourceforge.net/lists/listinfo/snort-inline-users ===== . ^..^ --(:)OINK! __||__(oo)___||___ ---||---"--"-----||--- _ _||_( __ )___||___ __________________________________ Do you Yahoo!? Yahoo! Finance Tax Center - File online. File on time. http://taxes.yahoo.com/filing.html |
