Snort mailing list archives
Re: SnortCenter
From: "larc" <larc () pandora be>
Date: Wed 07 Aug 2002 18:59:14 +0200
Hi, The problem is, that you specify the snort path in your management console. The sensor normal knows already where where to find it, so just leave it of. And also the -c for the snort.conf file is not needed, anly if you work in a chroot environment and then it would be snort.eth0.conf Just enter the command line like: Snort command line: -l /var/snort_log_storage if you want to log to a different file or directory. You can also leave the snort command line empty, then snortcenter will make: -D -i ethx -c /dir/to/snort.ethx.conf I hope this helps Stefan Dens ------------------------ "Jeremy Junginger" <jjunginger () interactcommerce com> wrote: ------------------------ Hello,
If you have time to help out, I'm a bit stuck. I have snortcenter installed on a RedHat 7.2 Linux Machine that is already running ACID/MySQL/PHP/Snort/ADODB. I am able to pull system status, but it looks like SnortCenter cannot see snort. Snort lives at: /usr/local/snort/ Snort logs live at: /var/snort_log_storage/ When I add the sensor, I enter the following: Sensor Name: LabSensor Sensor IP: x.x.x.x Sensor Username: userx Sensor Password: **** Sensor Agent Type: SnortCenter Client v.1 (SSL enabled) Interface name to sniff: eth0 Snort command line: /usr/local/snort/snort -c /usr/local/snort/rules/snort.conf -l /var/snort_log_storage And when I click the "restart" link within snort center, I get the following on the web page: Current config file error: Log directory = /var/log/snort Initializing Network Interface eth0 using config file /root/.snortrc Parsing Rules file /root/.snortrc ERROR: Unable to open rules file: /root/.snortrc or /root//root/.snortrc Fatal Error, Quitting.. Initializing Preprocessors! Initializing Plug-ins! Initializating Output Plugins! +++++++++++++++++++++++++++++++++++++++++++++++++++ Initializing rule chains. And on the host, I get: Cat: /usr/local/snort/rules/snort_cmd_line.eth0: No such file or directory. Any assistance you can provide would be helpful. Jeremy SnortCenter Hello, If you have time to help out, I'm a bit stuck. I have snortcenter installed on a RedHat 7.2 Linux Machine that is already running ACID/MySQL/PHP/Snort/ADODB. I am able to pull system status, but it looks like SnortCenter cannot see snort. Snort lives at: /usr/local/snort/ Snort logs live at: /var/snort_log_storage/ When I add the sensor, I enter the following: Sensor Name: LabSensor Sensor IP: x.x.x.x Sensor Username: userx Sensor Password: **** Sensor Agent Type: SnortCenter Client v.1 (SSL enabled) Interface name to sniff: eth0 Snort command line: /usr/local/snort/snort -c /usr/local/snort/rules/snort.conf -l /var/snort_log_storage And when I click the "restart" link within snort center, I get the following on the web page: Current config file error: Log directory = /var/log/snort Initializing Network Interface eth0 using config file /root/.snortrc Parsing Rules file /root/.snortrc ERROR: Unable to open rules file: /root/.snortrc or /root//root/.snortrc Fatal Error, Quitting.. Initializing Preprocessors! Initializing Plug-ins! Initializating Output Plugins! +++++++++++++++++++++++++++++++++++++++++++++++++++ Initializing rule chains… And on the host, I get: Cat: /usr/local/snort/rules/snort_cmd_line.eth0: No such file or directory. Any assistance you can provide would be helpful. Jeremy
------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- SnortCenter Jeremy Junginger (Aug 07)
- <Possible follow-ups>
- SnortCenter Jeremy Junginger (Aug 07)
- Re: SnortCenter larc (Aug 07)
- Re: SnortCenter larc (Aug 07)
- Re: SnortCenter larc (Aug 07)