I have installed snort3 on my ubuntu server using this URL from the snort web site:
I have compiled it according to the instructions and edited /usr/local/etc/snort/snort.lua to add my HOME_NET and other variables as per the document.
Once I enable the snort3-community.rules I see these errors.
Finished /usr/local/etc/snort/snort.lua:
Loading ips.rules:
Loading /usr/local/etc/rules/local.rules:
Finished /usr/local/etc/rules/local.rules:
Loading /usr/local/etc/rules/snort3-community.rules:
ERROR: /usr/local/etc/rules/snort3-community.rules:1778 Undefined variable in the string: $HOME_NET.
ERROR: /usr/local/etc/rules/snort3-community.rules:1778 undefined variable in the string: $EXTERNAL_NET.
FATAL: /usr/local/etc/rules/snort3-community.rules:1778 ***PortVar Lookup failed on '$HTTP_PORTS'.
These variables are defined in: -
- /usr/local/etc/snort/snort.lua
HOME_NET = [[ 10.0.0.0/24 192.168.0.0/24 ]]
EXTERNAL_NET = 'any'
- /usr/local/etc/snort/snort_defaults.lua
HTTP_PORTS =
[[
80 81 311 383 591 593 901 1220 1414 1741 1830 2301 2381 2809 3037 3128
3702 4343 4848 5250 6988 7000 7001 7144 7145 7510 7777 7779 8000 8008
8014 8028 8080 8085 8088 8090 8118 8123 8180 8181 8243 8280 8300 8800
8888 8899 9000 9060 9080 9090 9091 9443 9999 11371 34443 34444 41080
50002 55555
]]
But are not seen in the rules? Can anyone suggest why.
