Menu
▾
▴
Re: [Snort-inline-users] FATAL ERROR: /etc/snort_inline/snort_inline.conf(9) => NULL rule type!
|
From: Wismin E. <wi...@ya...> - 2004-03-26 03:44:42
|
Hi Rob, I've tried both combination, binary 2.0.5 with rules from Snort2.0 (convert using snortconfig). (I have perl 5.8.3 ). Same error. then I tried binary 2.1.1 with rules 2.1 (convert using snortconfig). the config file was from honeynet.org, I add the $HOME_NET variable there. (I tried compile from source, I've make sure I copied the *.config to my rules directory. btw. I'm using Redhat 9.0 (2.0.18custom) (2.0.18 + the kernel patch from ebtables). my rc.firewall worked fine (when I disabled the QUEUE, I verified it blocked after 'N' numbers), but now I activate it for snort_inline) any idea what else should I check ? thanks, wismin --- Wismin Effendi <wi...@ya...> wrote: > Hi Rob, > It's binary I downloaded from honeynet.org > (snort_inline 2.0.5) > the snort_inline.conf also from the some location. > (except I modified the files locations for rules and > add the variable $HOME_NET as I didn't see the > $HONEYNET in the rule files as result for convertion > using snortconfig-1.9). > The input rules for convertion is I get from > snort.org > ......... > > Aha, I know now the problem, I used as the based for > input to snortconfig-1.9 the rule files for snort2.1 > > while my snort_inline is 2.0.5.. > > That might explain why it didn't work. I'll have a > try > again once I get home today. > > thanks, > > wismin > > > --- Rob McMillen <ro...@ho...> wrote: > > > Hello Everybody, > > > I hope somebody could help me with the > > following > > > problem with snort_inline startup. > > > > > > after I convert the rules using snortconfig-1.9 > > > (from honeynet.org), I start the snort_inline > > > ... last lines from snort_inline.sh .. > > > > > > $SNORT -D -d -c > > /etc/snort_inline/snort_inline.conf -Q > > > -i eth0 -l $DIR/$DATE -t $DIR/$DATE > > > > > > then I check the snort_inline process is not > > running. > > > I've verified the rule files location in > > > /etc/snort_inline/snort_inline.conf (where I > > copied > > > the rules result from snortconfig-1.9). > > > I've also make sure the variable $HOME_NET is > > declared > > > in snort_inline.conf (original file has > > $HONEYNET, I > > > added also the $HOME_NET with the same value) > > > > > > from /var/log/messages, I found: > > > Mar 25 00:52:51 gateway-1 snort_inline: > > Initializing > > > daemon mode > > > Mar 25 00:52:51 gateway-1 snort_inline: PID path > > stat > > > checked out ok, PID path set to /var/run/ > > > Mar 25 00:52:51 gateway-1 snort_inline: Writing > > PID > > > "2348" to file "/var/run//snort_inline.pid" > > > Mar 25 00:52:51 gateway-1 snort_inline: FATAL > > ERROR: > > > /etc/snort_inline/snort_inline.conf(9) => NULL > > rule > > > type! > > > > A few questions. > > > > What version of snort_inline are you using? > > What method did you use to install it? (src, diff, > > binary) > > what does your snort_inline.conf look like? > > > > Rob > > > > > > > ------------------------------------------------------- > > This SF.Net email is sponsored by: IBM Linux > > Tutorials > > Free Linux tutorial presented by Daniel Robbins, > > President and CEO of > > GenToo technologies. Learn everything from > > fundamentals to system > > > administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click > > _______________________________________________ > > Snort-inline-users mailing list > > Sno...@li... > > > https://lists.sourceforge.net/lists/listinfo/snort-inline-users > > > ===== > . > ^..^ --(:)OINK! > __||__(oo)___||___ > ---||---"--"-----||--- > _ _||_( __ )___||___ > > __________________________________ > Do you Yahoo!? > Yahoo! Finance Tax Center - File online. File on > time. > http://taxes.yahoo.com/filing.html > > > ------------------------------------------------------- > This SF.Net email is sponsored by: IBM Linux > Tutorials > Free Linux tutorial presented by Daniel Robbins, > President and CEO of > GenToo technologies. Learn everything from > fundamentals to system > administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click > _______________________________________________ > Snort-inline-users mailing list > Sno...@li... > https://lists.sourceforge.net/lists/listinfo/snort-inline-users ===== . ^..^ --(:)OINK! __||__(oo)___||___ ---||---"--"-----||--- _ _||_( __ )___||___ __________________________________ Do you Yahoo!? Yahoo! Finance Tax Center - File online. File on time. http://taxes.yahoo.com/filing.html |
