Re: Newbie - More help for First run of snort :(

[Matt Kettler <mkettler () evi-inc com>]

At 10:02 AM 1/18/2005, Jiju Menon wrote:
> The first time I ran Snort-2.3.ORC2 on Redhat9 I got the error
>
> ERROR: Unable to open rules file:
> /root/snortDir/snort-2.3.ORC2/rules/local.rules or
> /etc/snort//root/snortDir/snort-2.3.ORC2/rules/local.rules
> Fatal Error, Quitting..
>
> All the files are in the rules folder and the path given in the
> snort.conf file is correct.
>
> The Snort runs when I comment the include statements in the snort.conf file.
>
> I am running Snort as a root user and I feel he has access to the snort 
> folder.

Based on such limited information, all I can really say is one of your 
statements is in error. Either the files are not where you claim, or 
there's a lack of access to the files. Given that you're running as root, 
lack of access seems a bit unlikely, but it's still possible...

Can you include some additional information so we can help you narrow in on 
the problem?

1) what does your invocation of snort look like? Most importantly, are you 
passing snort -t, -g or -u ?

2) what does the include statement for local.rules look like?

3) what does your var RULE_PATH statement in snort.conf look like?

4) ls -l /root/snortDir/snort-2.3.ORC2/rules/

Note: make sure you use an O as in OUT not 0 is in 01234 in the ls -l.




-------------------------------------------------------
The SF.Net email is sponsored by: Beat the post-holiday blues
Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek.
It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users