Snort mailing list archives
Re: Having trouble editing the configuration file for Windows
From: Trevor Thompson <trevthom18 () gmail com>
Date: Fri, 25 Jul 2014 16:25:04 -0400
I managed to fix the problem. I commented out all of the different rules files that were included in the configuration file in Snort and after doing so I was able to run Snort using the snort.conf file as a argument. Thanks, everyone, for helping me solve this configuration issues that I am having. Here are the edits that I made in case anyone else manages to run into the same problem: # site specific rules # include $RULE_PATH\local.rules # include $RULE_PATH\file-identify.rules # include $RULE_PATH\app-detect.rules # include $RULE_PATH\attack-responses.rules # include $RULE_PATH\backdoor.rules # include $RULE_PATH\bad-traffic.rules # include $RULE_PATH\blacklist.rules # include $RULE_PATH\botnet-cnc.rules # include $RULE_PATH\browser-chrome.rules # include $RULE_PATH\browser-firefox.rules # include $RULE_PATH\browser-ie.rules # include $RULE_PATH\browser-other.rules # include $RULE_PATH\browser-plugins.rules # include $RULE_PATH\browser-webkit.rules # include $RULE_PATH\chat.rules # include $RULE_PATH\content-replace.rules # include $RULE_PATH\ddos.rules # include $RULE_PATH\dns.rules # include $RULE_PATH\dos.rules # include $RULE_PATH\experimental.rules # include $RULE_PATH\exploit-kit.rules # include $RULE_PATH\exploit.rules # include $RULE_PATH\file-executable.rules # include $RULE_PATH\file-flash.rules # include $RULE_PATH\file-image.rules # include $RULE_PATH\file-java.rules # include $RULE_PATH\file-multimedia.rules # include $RULE_PATH\file-office.rules # include $RULE_PATH\file-other.rules # include $RULE_PATH\file-pdf.rules # include $RULE_PATH\finger.rules # include $RULE_PATH\ftp.rules # include $RULE_PATH\icmp.rules # include $RULE_PATH\imap.rules # include $RULE_PATH\indicator-compromise.rules # include $RULE_PATH\indicator-obfuscation.rules # include $RULE_PATH\indicator-scan.rules # include $RULE_PATH\indicator-shellcode.rules # include $RULE_PATH\info.rules # include $RULE_PATH\malware-backdoor.rules # include $RULE_PATH\malware-cnc.rules # include $RULE_PATH\malware-other.rules # include $RULE_PATH\malware-tools.rules # include $RULE_PATH\misc.rules # include $RULE_PATH\multimedia.rules # include $RULE_PATH\mysql.rules # include $RULE_PATH\netbios.rules # include $RULE_PATH\nntp.rules # include $RULE_PATH\oracle.rules # include $RULE_PATH\os-linux.rules # include $RULE_PATH\os-mobile.rules # include $RULE_PATH\os-other.rules # include $RULE_PATH\os-solaris.rules # include $RULE_PATH\os-windows.rules # include $RULE_PATH\other-ids.rules # include $RULE_PATH\p2p.rules # include $RULE_PATH\phishing-spam.rules # include $RULE_PATH\policy-multimedia.rules # include $RULE_PATH\policy-other.rules # include $RULE_PATH\policy.rules # include $RULE_PATH\policy-social.rules # include $RULE_PATH\policy-spam.rules # include $RULE_PATH\pop2.rules # include $RULE_PATH\pop3.rules # include $RULE_PATH\protocol-dns.rules # include $RULE_PATH\protocol-finger.rules # include $RULE_PATH\protocol-ftp.rules # include $RULE_PATH\protocol-icmp.rules # include $RULE_PATH\protocol-imap.rules # include $RULE_PATH\protocol-nntp.rules # include $RULE_PATH\protocol-pop.rules # include $RULE_PATH\protocol-rpc.rules # include $RULE_PATH\protocol-scada.rules # include $RULE_PATH\protocol-services.rules # include $RULE_PATH\protocol-snmp.rules # include $RULE_PATH\protocol-telnet.rules # include $RULE_PATH\protocol-tftp.rules # include $RULE_PATH\protocol-voip.rules # include $RULE_PATH\pua-adware.rules # include $RULE_PATH\pua-other.rules # include $RULE_PATH\pua-p2p.rules # include $RULE_PATH\pua-toolbars.rules # include $RULE_PATH\rpc.rules # include $RULE_PATH\rservices.rules # include $RULE_PATH\scada.rules # include $RULE_PATH\scan.rules # include $RULE_PATH\server-apache.rules # include $RULE_PATH\server-iis.rules # include $RULE_PATH\server-mail.rules # include $RULE_PATH\server-mssql.rules # include $RULE_PATH\server-mysql.rules # include $RULE_PATH\server-oracle.rules # include $RULE_PATH\server-other.rules # include $RULE_PATH\server-samba.rules # include $RULE_PATH\server-webapp.rules # include $RULE_PATH\shellcode.rules # include $RULE_PATH\smtp.rules # include $RULE_PATH\snmp.rules # include $RULE_PATH\specific-threats.rules # include $RULE_PATH\spyware-put.rules # include $RULE_PATH\sql.rules # include $RULE_PATH\telnet.rules # include $RULE_PATH\tftp.rules # include $RULE_PATH\virus.rules # include $RULE_PATH\voip.rules # include $RULE_PATH\web-activex.rules # include $RULE_PATH\web-attacks.rules # include $RULE_PATH\web-cgi.rules # include $RULE_PATH\web-client.rules # include $RULE_PATH\web-coldfusion.rules # include $RULE_PATH\web-frontpage.rules # include $RULE_PATH\web-iis.rules # include $RULE_PATH\web-misc.rules # include $RULE_PATH\web-php.rules # include $RULE_PATH\x11.rules # dynamic library rules # include $SO_RULE_PATH/bad-traffic.rules # include $SO_RULE_PATH/browser-ie.rules # include $SO_RULE_PATH/chat.rules # include $SO_RULE_PATH/dos.rules # include $SO_RULE_PATH/exploit.rules # include $SO_RULE_PATH/file-flash.rules # include $SO_RULE_PATH/icmp.rules # include $SO_RULE_PATH/imap.rules # include $SO_RULE_PATH/misc.rules # include $SO_RULE_PATH/multimedia.rules # include $SO_RULE_PATH/netbios.rules # include $SO_RULE_PATH/nntp.rules # include $SO_RULE_PATH/p2p.rules # include $SO_RULE_PATH/smtp.rules # include $SO_RULE_PATH/snmp.rules # include $SO_RULE_PATH/specific-threats.rules # include $SO_RULE_PATH/web-activex.rules # include $SO_RULE_PATH/web-client.rules # include $SO_RULE_PATH/web-iis.rules # include $SO_RULE_PATH/web-misc.rules With all of these commented I could run Snort with a simple rule just to test the functionality of running the software with the snort.conf file and it worked! On Fri, Jul 25, 2014 at 4:04 PM, waldo kitty <wkitty42 () windstream net> wrote:
On 7/24/2014 3:35 PM, Trevor Thompson wrote:I believe the classification.conf file is in the proper directory hereare thelines in the snort.conf file that reference it: include C:\snort\etc\classification.config include C:\snort\etc\reference.config I also searched the entire contents of the Snort directory installed onthe Cdrive and could only find the classification file within the etcdirectory atthe exact path that the snort.conf file says that I should look for.ok... and there's not one in your rules directory? if there is it should not be being read according to your snort.conf... the only other thing i can think of right now is file permissions and ownership... do they allow snort to read that file as the user it is running as? -- NOTE: No off-list assistance is given without prior approval. Please *keep mailing list traffic on the list* unless private contact is specifically requested and granted. ------------------------------------------------------------------------------ Want fast and easy access to all the code in your enterprise? Index and search up to 200,000 lines of code with a free copy of Black Duck Code Sight - the same software that powers the world's largest code search on Ohloh, the Black Duck Open Hub! Try it now. http://p.sf.net/sfu/bds _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Want fast and easy access to all the code in your enterprise? Index and search up to 200,000 lines of code with a free copy of Black Duck Code Sight - the same software that powers the world's largest code search on Ohloh, the Black Duck Open Hub! Try it now. http://p.sf.net/sfu/bds
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Having trouble editing the configuration file for Windows Trevor Thompson (Jul 23)
- Re: Having trouble editing the configuration file for Windows Michael Steele (Jul 23)
- Re: Having trouble editing the configuration file for Windows waldo kitty (Jul 23)
- Re: Having trouble editing the configuration file for Windows Trevor Thompson (Jul 24)
- Re: Having trouble editing the configuration file for Windows waldo kitty (Jul 24)
- Re: Having trouble editing the configuration file for Windows Trevor Thompson (Jul 24)
- Re: Having trouble editing the configuration file for Windows waldo kitty (Jul 25)
- Re: Having trouble editing the configuration file for Windows Trevor Thompson (Jul 25)
- Re: Having trouble editing the configuration file for Windows Trevor Thompson (Jul 24)