Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: (no subject)

From: Erek Adams <erek () snort org>
Date: Thu, 27 Feb 2003 18:16:45 -0500 (EST)
On Thu, 27 Feb 2003 jcosta () lendleaserei com wrote:


Using snort-1.9.0 and the rules it ships with placed into /etc/snort
directory (customized snort.conf files located there also).

I'm trying to get snort to push its alerts into syslog with the following
command line: snort -A fast -s -c /etc/snort/snort.conf

When I issue this command (which seems syntactically correct), I get the
following error:

Initializing Output Plugins!
Log directory = /var/log/snort

Initializing Network Interface eth1
ERROR: OpenPcap() FSM compilation failed:
        parse error
PCAP command: /etc/snort/snort.conf
Fatal Error, Quitting..


I realize that some of the command line args for snort are passed onto
libpcap which in this case
is complaining about a parse error.  The error looks like its choking on
the argument pointing my snort.conf file.

 What am I doing wrong here?


Move the -c /etc/snort/snort.conf to the start of the line, or make it
simpler by symlinking /etc/snort.conf to /etc/snort/snort.conf.  Snort
will by default look for /etc/snort.conf upon startup.

Cheers!

-----
Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: