[Snort]加了rule文件之后得到Unknown rule type: portvar错误
2008-07-30 12:03
399 查看
加了一些从网上下载的最新rules,并修改了对应的配置,结果报错:
[root@localhost snort]# snort -A full -s -c /etc/snort/etc/snort.conf -i eth0
Running in IDS mode
--== Initializing Snort ==--
Initializing Output Plugins!
Var 'any_ADDRESS' defined, value len = 15 chars, value = 0.0.0.0/0.0.0.0
Var 'lo_ADDRESS' defined, value len = 19 chars, value = 127.0.0.0/255.0.0.0
Initializing Preprocessors!
Initializing Plug-ins!
Parsing Rules file /etc/snort/etc/snort.conf
+++++++++++++++++++++++++++++++++++++++++++++++++++
Initializing rule chains...
Var 'HOME_NET' defined, value len = 3 chars, value = any
Var 'EXTERNAL_NET' defined, value len = 3 chars, value = any
Var 'DNS_SERVERS' defined, value len = 3 chars, value = any
Var 'SMTP_SERVERS' defined, value len = 3 chars, value = any
Var 'HTTP_SERVERS' defined, value len = 3 chars, value = any
Var 'SQL_SERVERS' defined, value len = 3 chars, value = any
Var 'TELNET_SERVERS' defined, value len = 3 chars, value = any
Var 'SNMP_SERVERS' defined, value len = 3 chars, value = any
Var 'FTP_SERVERS' defined, value len = 3 chars, value = any
Var 'SSH_SERVERS' defined, value len = 3 chars, value = any
Var 'POP_SERVERS' defined, value len = 3 chars, value = any
Var 'IMAP_SERVERS' defined, value len = 3 chars, value = any
Var 'RPC_SERVERS' defined, value len = 3 chars, value = any
Var 'WWW_SERVERS' defined, value len = 3 chars, value = any
Var 'AIM_SERVERS' defined, value len = 185 chars
[64.12.24.0/23,64.12.28.0/23,64.12.161.0/24,64.12.163.0/24,64.12.200.0/24,205.188.3.0/24,205.188.5.0/24,205.188.7.0/24,205.188.9
.0/24,205.188.153.0/24,205.188.179.0/24,205.188.248.0/24]
ERROR: /etc/snort/etc/snort.conf(123) => Unknown rule type: portvar
Fatal Error, Quitting..
网上查询说是路径设置的问题。我的路径设置如下:
var RULE_PATH /etc/snort/rules
之前是./rules,两种情况都是出上面的错误。
[root@localhost snort]# snort -A full -s -c /etc/snort/etc/snort.conf -i eth0
Running in IDS mode
--== Initializing Snort ==--
Initializing Output Plugins!
Var 'any_ADDRESS' defined, value len = 15 chars, value = 0.0.0.0/0.0.0.0
Var 'lo_ADDRESS' defined, value len = 19 chars, value = 127.0.0.0/255.0.0.0
Initializing Preprocessors!
Initializing Plug-ins!
Parsing Rules file /etc/snort/etc/snort.conf
+++++++++++++++++++++++++++++++++++++++++++++++++++
Initializing rule chains...
Var 'HOME_NET' defined, value len = 3 chars, value = any
Var 'EXTERNAL_NET' defined, value len = 3 chars, value = any
Var 'DNS_SERVERS' defined, value len = 3 chars, value = any
Var 'SMTP_SERVERS' defined, value len = 3 chars, value = any
Var 'HTTP_SERVERS' defined, value len = 3 chars, value = any
Var 'SQL_SERVERS' defined, value len = 3 chars, value = any
Var 'TELNET_SERVERS' defined, value len = 3 chars, value = any
Var 'SNMP_SERVERS' defined, value len = 3 chars, value = any
Var 'FTP_SERVERS' defined, value len = 3 chars, value = any
Var 'SSH_SERVERS' defined, value len = 3 chars, value = any
Var 'POP_SERVERS' defined, value len = 3 chars, value = any
Var 'IMAP_SERVERS' defined, value len = 3 chars, value = any
Var 'RPC_SERVERS' defined, value len = 3 chars, value = any
Var 'WWW_SERVERS' defined, value len = 3 chars, value = any
Var 'AIM_SERVERS' defined, value len = 185 chars
[64.12.24.0/23,64.12.28.0/23,64.12.161.0/24,64.12.163.0/24,64.12.200.0/24,205.188.3.0/24,205.188.5.0/24,205.188.7.0/24,205.188.9
.0/24,205.188.153.0/24,205.188.179.0/24,205.188.248.0/24]
ERROR: /etc/snort/etc/snort.conf(123) => Unknown rule type: portvar
Fatal Error, Quitting..
网上查询说是路径设置的问题。我的路径设置如下:
var RULE_PATH /etc/snort/rules
之前是./rules,两种情况都是出上面的错误。
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- Xcode引用C++头文件出现 Unknown type name 'namespace' 错误的解决方法
- ndk-build JNI头文件错误 error: unknown type name 'JNIEXPORT'
- iOS开发之Xcode6之后不再自动创建Pch预编译文件(解决unknown type name........)
- 头文件交叉定义出现--GetDocument missing storage-class or type specifiers错误的解决方法
- Darwin Streaming Server服务器mp4文件点播返回”415 Unsupported Media Type“错误
- 编绎显示Unknown type name “CGFloat” 错误解决方法
- hibernate:newclass.hbm.xml文件错误(the content of element type "class" must match "(meta*,column*,type?generator?...)
- Xcode更新到6.3之后,NSFileTypeForHFSTypeCode报了三个错误
- 关于Histcite导入txt文件出现format unknown错误
- input type="file"文件上传时得到文件的本地路劲
- 检测得到应用bug的错误提示信息,以文件的形式保存
- 关于java 下载文件出现的问题:ParserInitializationException: Unknown parser type:xxx
- android--jni编译错误的解决方案:.c源文件出现类似Type 'jstring' could not be resolved
- 继承“JdbcDaoSupport”之后,报了“The type org.springframework.dao.support.DaoSupport .class files”错误之后的一些解决方案
- 通过Parcelable协议传递数据出现错误(Unmarshalling unknown type code 7471205 at offset 232)
- 利用ALAssetsLibrary时候,将得到的ALAsset存到数组里,会出现ALAsset - Type:Unknown, URLs:(null)
- C# mysql 做成安装文件之后出现 Illegal mix of collations (gbk_chinese_ci,IMPLICIT) and (gb2312_chinese_ci,IMPLICIT) 错误
- JFinal上传文件报Posted content type isn't multipart/form-data错误解决办法。
- 安装Win7和Ubuntu12.04双系统后,意外删除Ubuntu12.04引导文件,出现error:unknown filesystem;grub rescue>错误的解决方案
- Linux系统下以RPM方式安装mysql-5.7.9【5.7版本以后,启动mysqld服务首次登录需要密码,为root生成的随机密码在错误日志文件/var/log/mysqld.log】