Snort mailing list archives
Re: OpenPcap() error
From: Erek Adams <erek () snort org>
Date: Sat, 22 Mar 2003 12:06:28 -0500 (EST)
On Tue, 18 Mar 2003, Robert Cole wrote: [...snip...]
snort -de -l /var/log/snort and snort -de -l /var/log/snort -c /etc/snort/snort.conf
Suggested change: ln -s /etc/snort/snort.conf /etc/snort.conf Then start snort with: snort
config daemon config set_uid: snort config set_gid: snort var EXTERNAL_NET any config dump_payload config dump_chars_only config logdir: /var/log/snort config interface:eth0 config reference_net: 192.168.0.0/24 preprocessor frag2 log udp 192.168.0.12/32 any -> 192.168.0.111/32 514 logto: ws1.log ;
I've got it working with the following config with no problem. config daemon config set_uid: snort config set_gid: snort config decode_data_link config dump_payload config dump_chars_only config interface: eth0 log udp 192.168.0.12/32 any -> 192.168.0.111/32 514 (logto: "ws1.log";) No EXTERNAL_NET needed due to your rule. No logdir needed as /var/log/snort is the default. No reference net needed. With snort.conf symlinked, you don't need to specify that on startup. No need for frag2 unless you're worried about frags. As for your issue, part of it seems that you were missing () around logto: , and that you were missing quotes around ws1.log. Make those changes and you should be in business. Cheers! ----- Erek Adams "When things get weird, the weird turn pro." H.S. Thompson ------------------------------------------------------- This SF.net email is sponsored by:Crypto Challenge is now open! Get cracking and register here for some mind boggling fun and the chance of winning an Apple iPod: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0031en _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: OpenPcap() error, (continued)
- Re: OpenPcap() error Erek Adams (Mar 18)
- Re: OpenPcap() error Robert Cole (Mar 18)
- Re: OpenPcap() error Erek Adams (Mar 18)
- Re: OpenPcap() error Phil Wood (Mar 19)
- Re: OpenPcap() error Robert Cole (Mar 19)
- Re: OpenPcap() error Robert Cole (Mar 18)
- Re: OpenPcap() error Erek Adams (Mar 18)
- Re: OpenPcap() error Alberto Gonzalez (Mar 18)
- Re: OpenPcap() error Robert Cole (Mar 18)
- Re: OpenPcap() error Alberto Gonzalez (Mar 21)
- Re: OpenPcap() error Erek Adams (Mar 22)
- Re: OpenPcap() error Erek Adams (Mar 18)
- Re: OpenPcap() error John Sage (Mar 18)
- Re: OpenPcap() error Robert Cole (Mar 18)