Snort mailing list archives
Re: First run of snort
From: James Riden <j.riden () massey ac nz>
Date: Sat, 15 Jan 2005 10:25:13 +1300
Jiju Menon <security4rrm () gmail com> writes:
1/14 Hello, Thank you for the help in locating the snort.conf file. The snort.conf file was in the /etc directory of the source code. This is what I did..... 1) In the snort.conf file I changed the following parameters for the first run. var HOME_NET <Internal IP/mask> var RULE_PATH /root/snortDir/snort-2.3.ORC2/rules 2) The snort was run as root with the command snort -c /etc/short/snort.conf Problem: ERROR: Unable to open rules file: /root/snortDir/snort-2.3.ORC2/rules/local.rules
Really dumb question: does the above file exist and is it readable? Try commenting the include[1] out and see what happens. (I think local.rules is empty by default - I believe it's for rules you write yourself.) cheers, Jamie [1] that is, the line 'include $RULE_PATH/local.rules' in snort.conf -- James Riden / j.riden () massey ac nz / Systems Security Engineer Information Technology Services, Massey University, NZ. GPG public key available at: http://www.massey.ac.nz/~jriden/ ------------------------------------------------------- The SF.Net email is sponsored by: Beat the post-holiday blues Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek. It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- First run of snort Jiju Menon (Jan 14)
- Re: First run of snort James Riden (Jan 14)
- Addition tothe question "First run of snort" Jiju Menon (Jan 14)
- Newbie - More help for First run of snort :( Jiju Menon (Jan 19)
- Re: Newbie - First run of snort - Solution by hit and miss Jiju Menon (Jan 19)
- Re: Newbie - More help for First run of snort :( Matt Kettler (Jan 19)
- <Possible follow-ups>
- RE: First run of snort Hugo Chun Hin Lai (Jan 19)