Snort mailing list archives
RE: First time in NIDS mode, and...
From: "Oxenreider, Jeff" <jox () safelite com>
Date: Wed, 16 May 2001 10:55:37 -0400
I've seen this happen to me on occasion, and if I open up the snort.conf file, in "vi" and then do a "write quit", thereby updating the timestamp on the file, and rerun snort, it fires right up. I don't have an explanation for the action and it hasn't been a burden on me too much and I just chalked it up to something I was doing wrong so never posted any sort of a bug report on it. Bad Jeff, Bad..... Jeffrey A. Oxenreider Senior Network/Security Engineer Safelite Glass Corp -----Original Message----- From: John Sage [mailto:jsage () finchhaven com] Sent: Wednesday, May 16, 2001 10:27 AM To: Snort Users Subject: [Snort-users] First time in NIDS mode, and... Just got snort on; works great in packet logging mode; now I'm moving on to NIDS mode and I'm getting this: from logcheck: May 16 06:49:42 sparky pppd[10996]: Connect: ppp0 <--> /dev/modem : May 16 06:49:45 sparky snort: ERROR: Unable to open rules file: webcgi-lib : May 16 06:49:45 sparky kernel: device ppp0 entered promiscuous mode May 16 06:49:45 sparky kernel: device ppp0 left promiscuous mode command line (run from the script that sets up ipchains): /usr/bin/snort -d -D -l /var/log/snort -h 192.168.1.0/24 -i ppp0 -c /usr/local/snort-1.7/snort.conf snort.conf is the box-stock one that came with the 1.7 distro. Question: Why can't it load webcgi-lib? It's there, etc etc.. I'm getting no other messages about anything. ps ax shows snort running in daemon mode with that command line, and there is a zero-length file at /var/log/snort/portscan.log Thnx.. - John -- John Sage FinchHaven, Vashon Island, WA, USA http://www.finchhaven.com/ mailto:jsage () finchhaven com "The web is so, like, five minutes ago..." _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- First time in NIDS mode, and... John Sage (May 16)
- Re: First time in NIDS mode, and... John Sage (May 16)
- <Possible follow-ups>
- RE: First time in NIDS mode, and... Oxenreider, Jeff (May 16)
- RE: First time in NIDS mode, and... Scott, Joshua (May 16)
- RE: First time in NIDS mode, and... John Berkers (May 16)