Itrepid~snort error in terminal !

**bodhi.zazen** · March 20th, 2009

Ah, so your ip address is in fact changing rapidly.

Try the variable as suggested i nth econfig file :

use global variable $<interfacename>_ADDRESS which will be always
# initialized to IP address and netmask of the network interface which you run
# snort at.

so

Code:

var HOME_NET $<interfacename>_ADDRESS

I am not sure if you need to change $<interfacename> to eth0 or not, you will have to try and watch snort for errors as you start it manually.

Code:

/usr/local/bin/snort -c /etc/snort/snort.conf -u snort -g snort

YOU NEED TO START SNORT AS ROOT, so either sudo -i then enter that command.

**KEE** · March 20th, 2009

Originally Posted by bodhi.zazen

;

Code:

output database: log, mysql, user=mysql_user_name password=psswed dbname=snortme host=localhost
# output database: alert, postgresql, user=snort dbname=snort

ok, but do mean that i just left the "#" out? sorry that is a typo its in there =)

**KEE** · March 20th, 2009

Originally Posted by bodhi.zazen

Ah, so your ip address is in fact changing rapidly.

Try the variable as suggested i nth econfig file :

so

Code:

var HOME_NET $<interfacename>_ADDRESS

I am not sure if you need to change $<interfacename> to eth0 or not, you will have to try and watch snort for errors as you start it manually.

Code:

/usr/local/bin/snort -c /etc/snort/snort.conf -u snort -g snort

YOU NEED TO START SNORT AS ROOT, so either sudo -i then enter that command.

where would i find my interfacename? you mean the os?

**bodhi.zazen** · March 20th, 2009

interface name is eth0 and is your network card and is listed with

sudo ifconfig

I would start with the syntax as in the config file :

var HOME_NET $<interfacename>_ADDRESS

**KEE** · March 20th, 2009

Originally Posted by bodhi.zazen

interface name is eth0 and is your network card and is listed with

sudo ifconfig

I would start with the syntax as in the config file :

var HOME_NET $<interfacename>_ADDRESS

pardon? do i put this whole thing?

Code:

var HOME_NET $eth0      Link encap:Ethernet  HWaddr 00:0d:60:23:0d:13  
          inet addr:96.54.115.44  Bcast:96.54.115.255  Mask:255.255.252.0
          UP BROADCAST RUNNING MULTICAST  MTU:576  Metric:1
          RX packets:17672779 errors:0 dropped:0 overruns:0 frame:0
          TX packets:17404351 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:1514096023 (1.5 GB)  TX bytes:2005261126 (2.0 GB)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:45 errors:0 dropped:0 overruns:0 frame:0
          TX packets:45 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:3232 (3.2 KB)  TX bytes:3232 (3.2 KB)_ADDRESS