Snort mailing list archives

First time in NIDS mode, and...

From: John Sage <jsage () finchhaven com>
Date: Wed, 16 May 2001 07:26:46 -0700

Just got snort on; works great in packet logging mode; now I'm moving onto NIDS mode and I'm getting this:


from logcheck:
May 16 06:49:42 sparky pppd[10996]: Connect: ppp0 <--> /dev/modem
:
May 16 06:49:45 sparky snort: ERROR: Unable to open rules file: webcgi-lib
:
May 16 06:49:45 sparky kernel: device ppp0 entered promiscuous mode
May 16 06:49:45 sparky kernel: device ppp0 left promiscuous mode

command line (run from the script that sets up ipchains):

/usr/bin/snort -d -D -l /var/log/snort -h 192.168.1.0/24 -i ppp0 -c/usr/local/snort-1.7/snort.conf


snort.conf is the box-stock one that came with the 1.7 distro.

Question:

Why can't it load webcgi-lib? It's there, etc etc..

I'm getting no other messages about anything.

ps ax shows snort running in daemon mode with that command line, andthere is a zero-length file at /var/log/snort/portscan.log


Thnx..

- John

--
John Sage
FinchHaven, Vashon Island, WA, USA
http://www.finchhaven.com/
mailto:jsage () finchhaven com
"The web is so, like, five minutes ago..."


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

First time in NIDS mode, and... John Sage (May 16)
- Re: First time in NIDS mode, and... John Sage (May 16)
- <Possible follow-ups>
- RE: First time in NIDS mode, and... Oxenreider, Jeff (May 16)
- RE: First time in NIDS mode, and... Scott, Joshua (May 16)
  - RE: First time in NIDS mode, and... John Berkers (May 16)