Snort mailing list archives
RE: [Fwd: Error: unable to open local.rules]
From: "Michael Steele" <michaels () silicondefense com>
Date: Wed, 13 Jun 2001 10:51:42 -0700
Colin,
If you run snort from the actual directory it's located in you do not
need to add the full path for the rules. Anytime you run Snort out of
it's folder you will need to specify the complete path. This is fixed in
the 1.8 version that will be released ion the near future.
-Mike
Commercial Snort Support
1.866.41.SNORT
Silicon Defense - www.silicondefense.com
Michael Steele - Snort Support Technician
-----Original Message-----
From: Colin Wu [mailto:wucolin () mcmaster ca]
Sent: Wednesday, June 13, 2001 10:34 AM
To: Michael Steele
Subject: Re: [Fwd: [Snort-users] Error: unable to open local.rules]
I actually have a local.rules file. What I didn't have was the full
path to
each rules file in snort.conf. The strange thing is it only failed
sometimes, not all the time; however, since I added the full path to all
the
include lines things have been more stable.
Michael Steele wrote:
Make sure you actually have a local.rules. If not then # out that line in the snort.conf. -Mike Commercial Snort Support 1.866.41.SNORT Silicon Defense - www.silicondefense.com Michael Steele - Snort Support Technician -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of Colin Wu Sent: Friday, June 08, 2001 10:54 AM To: Snort Users Subject: [Fwd: [Snort-users] Error: unable to open local.rules] Colin Wu wrote:It's running on an Ultra 10, Solaris 2.7 (or maybe 8, I'm not sure
at
themoment). The entire message was (after the usual time-stamp, host
id,
processid stuff) "ERROR: Unable to open rules file: local.rules" In answer to Aaron M: It doesn't seem to complain about any of theother rulesand it doesn't crash everytime. Fyodor wrote:On Fri, Jun 08, 2001 at 12:32:26PM -0400, Colin Wu wrote:I periodically HUP my snort (v1.7) to checkpoint the binary dumplog,but occasionally snort will die with the message: " ERROR:
Unable
toopen rules file: local.rules" in syslog. At this point I have
to
renamethe local.rules file and make a new copy (mv local.rules local;
cp
locallocal.rules). Any ideas?Hmm.. sounds strange. Which platform is that? Could you quote thewholeerror message too (so we could see what errno's been set). thanks -F-- __ _ _ Network Analyst / ) // ' ) / Computing & Information
Services
/ __|/ o ____ / / / . . McMaster University (__/ (_) \_<_/ / <_ (_(_/ (_/_ (905)525-9140 ext 24050 http://netman.McMaster.CA-- __ _ _ Network Analyst / ) // ' ) / Computing & Information Services / __|/ o ____ / / / . . McMaster University (__/ (_) \_<_/ / <_ (_(_/ (_/_ (905)525-9140 ext 24050 http://netman.McMaster.CA _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
--
__ _ _ Network Analyst
/ ) // ' ) / Computing & Information Services
/ __|/ o ____ / / / . . McMaster University
(__/ (_) \_<_/ / <_ (_(_/ (_/_ (905)525-9140 ext 24050
http://netman.McMaster.CA
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- [Fwd: Error: unable to open local.rules] Colin Wu (Jun 08)
- RE: [Fwd: Error: unable to open local.rules] Michael Steele (Jun 13)
- <Possible follow-ups>
- RE: [Fwd: Error: unable to open local.rules] Michael Steele (Jun 13)