Snort mailing list archives
[ Snort-users]
From: "Deyoung, Richard E. - Raleigh, NC" <RDeyoung () email usps gov>
Date: Thu, 30 Jan 2003 15:57:26 -0500
G'day all. I've been experimenting with migrating all of the command line options into the particular snort configuration file I'm using at run-time and have found that even if I start snort with the "-c" switch, and have specified my logging directory as "/var/log/foo", snort will not pick up my config directive but will continue to try and log to "/var/log/snort". NOTE: The other vars, preprocessor, and output plug-ins are being read successfully from my main config file; it's only the "config" directives that it's failing to pick up. [Particulars] OSver: Redhat v7.3 Snortver: 1.9.0, Build 209 Other configs: All var, preprocessor, and output plug-ins, as well as Config directives have been implemented in a single file [Specific configs as they exist in the main config file with all of the other "stuff"] config decode_data_link config daemon config show_year config interface: eth1 config logdir: /var/log/foo config utc config dump_payload_verbose [Questions] 1. Will snort v1.9.0 support a single, main configuration file? 2. If not, which portions of the default config file that comes with the source, can be excluded from the main config file and included in an alternate file (which could be referenced by the "include" directive....) Thanks all, Richard DeYoung Email: RDeYoung () email usps gov _______________________________________________________________________ |Notice: This e-mail message, including any attachments, is |for the sole use of the intended recipients and may contain sensitive |and privileged information. Any unauthorized review, use, disclosure |or distribution is prohibited. If you are not the intended recipient, |please contact the sender by reply e-mail and destroy all copies of |the original message. |_______________________________________________________________________ ------------------------------------------------------- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- [ Snort-users] Deyoung, Richard E. - Raleigh, NC (Jan 30)