Snort mailing list archives
Re: demarc help requested....
From: SkatFiend () aol com
Date: Fri, 08 Feb 2002 12:34:57 EST
Ok, Im hangin out at home with my sick 5yr old son, so Ill try to give you a hand ;) Snort, as you probably know needs to read the following files in this order to ititalize correctly. 1) snort.conf file 2) classification.conf file 3) all of the *.rules files As I understand it Demarc copies the config files into the MySql database, so... here is what you need to do: 1) All config files MUST be done through the Demarc web interface. 2) They must be done in the order that snort needs to read them to initalize correctly. That means, under the "Configure" menu button, then the "Configure NIDS Rules",1st cut and paste from your snort.conf text file into a ruleset named snort.conf. 2nd cut and paste the contents of the classification.conf into a second ruleset named (surprise :) classifcation.conf. 3rd cut and paste the "include" rules lines that are normally at the end of the snort.conf into a third ruleset named rules.conf. (Oh, by the way make sure to take the include lines out of the snort.conf copies to Demarc. It is important to build the rulesets in this order as I believe Demarc reads them in the order they were inputed. Lastly, if you have problems with rule errors you can cut and paste the contents of the classification.conf onto the end of the snort.conf in the Demarc interface. The bottom line is that snort is able to initalize and read the config files in the correct order. O ya, and the "Validate" option does NOT work for the Win32 version at present. Best bet is to simply look at the DOS box when snort is initalized via Demarc and visually check that it started correctly. Hope this helps, Clifford Arms Network Nut - Metrocall, Inc. Subj: [Snort-users] demarc help requested.... Date: Thu, 7 Feb 2002 9:44:47 PM Eastern Standard Time From: "Jeff Jennings" <jjennings () zoominternet net> To: <snort-users () lists sourceforge net> Im having trouble getting demark to read any rules Anyone out there using demark on W2k??? Thanks _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- demarc help requested.... Jeff Jennings (Feb 07)
- <Possible follow-ups>
- Re: demarc help requested.... SkatFiend (Feb 08)