Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Only an empty Alert file :(

From: Community Signatures <lists () packetmail net>
Date: Tue, 13 Mar 2012 08:46:15 -0500
On 03/13/12 08:30, Dean Farwood wrote:

I wish I knew why adding the –c argument messes up logging?


The '-c' flag also specifies the path to the configuration/rules file,
perhaps you're using a different/default configuration file/setting than
/etc/snort/snort.conf when dropping the '-c' flag?

Testing here locally, with strace, against Snort I never see
/etc/snort/snort.conf referenced.

Perhaps the crux of the issue is a borked /etc/snort/snort.conf?
Looking at snort.c as well I only see a character array pointed to
"/etc/snort.conf" or "./snort.conf", never "/etc/snort/snort.conf"

In function *ConfigFileSearch(void):
snort.c: char *conf_files[]={"/etc/snort.conf", "./snort.conf", NULL};

Hope this helped,
Nathan








------------------------------------------------------------------------------
Keep Your Developer Skills Current with LearnDevNow!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-d2d
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!
Previous By Date Next
Previous By Thread Next

Current thread: