參考:
Good news, I uncommented those lines and then touched a blacklist and
whitelist file in the necessary directly and now it appears to be running.
I'm seeing commencing packet processing... I think that's a win. =)
On Sat, Aug 30, 2014 at 10:57 AM, Matt M. <mr10001 () gmail com> wrote:
Thanks Y. I did what you said, then ran into whitelist/blacklist 507
errors. So I commented out...
# If you are using reputation preprocessor set these
#var WHITE_LIST_PATH /etc/snort/rules
#var BLACK_LIST_PATH /etc/snort/rules
AND
# Reputation preprocessor. For more information see README.reputation
preprocessor reputation: \
memcap 500, \
priority whitelist, \
nested_ip inner, \
# whitelist $WHITE_LIST_PATH/white_list.rules, \
# blacklist $BLACK_LIST_PATH/black_list.rules
Then I'm back in the same boat with the same error that I had before
related to the web-application-attack.
Thanks for any ideas on this one,