Re: Rule set not initializing

[Erek Adams <erek () snort org>]

On Sat, 22 Mar 2003, Monkey Boy wrote:

> Greets, I was once able to get the rule set to initialize and filter a
> binary log through the ruleset.

Yep.  Nice handy feature.

> I did this by
> involing snort from within the rule directory. I then installed snort 1.9.1
> and attempted to do the same. I got
> the error unable to initialize rule, rules not found /root/. and so on.
> I then went into the snort.conf and changed the var RULE_PATH ./   To where
> the rules were in my drive ie:
> /home/don/snort-1.9.1/rules and tried to run it again with the same error,
> --> unable to initialize rules....
> If someone could point out where I am going wrong it would be most
> appreciated. The binary file is fine as snort
> will process it.

A couple of things:

  *  Snort has five default config files it looks for on startup.  If your
config file isn't one of those, you must specify it using -c <file>.
        /etc/snort.conf
        ./snort.conf
        ./.snortrc
        $HOMEDIR/snort.conf
        $HOMEDIR/.snort.conf
  *  Use _full_ paths in your config file.  If you don't, it makes for
troubleshooting to be a _real_ pain.
        var RULES_PATH /etc/snort/rules
     Or wherever you have it.  The same goes for any included file within
snort.conf.

Cheers!

-----
Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users