Re: snort new ruleset and vision rules

[Michael Boman <michael () ayeka dyndns org>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Saturday 25 August 2001 00:03, Liam burke wrote:
> Whenever I try to load snort using the snort's ruleset and vision.rules it
> won't start.
> <snip of snort.conf>
> include vision.rules
> <snd snip>
>
> messages from syslog -
> Aug 24 16:54:40 engarde snort: Initializing daemon mode
> Aug 24 16:54:41 engarde kernel: eth0: Setting promiscuous mode.
> Aug 24 16:54:41 engarde kernel: device eth0 entered promiscuous mode
> Aug 24 16:54:41 engarde snortd: snort startup succeeded
> Aug 24 16:54:42 engarde kernel: device eth0 left promiscuous mode
>
>
> and that's all.
>
>
> Any ideas?
> LB

What about giving us the output from:

# /path/to/snort -T -c /path/to/snort.conf (any other options you are using)

and

# cat /path/to/snort.conf | grep -v ^# | grep -v ^$

That would make the whole thing easier to track down, with the current 
information we can't do anything.

and please, include your snort version.

Best regards
 Michael Boman

- -- 
There is no such thing as a system that is secure out of the box.
Tim [Timothy M. Mullen, CIO of AnchorIS.Com] claimed earlier this
morning that he had found one at WalMart the other day that was
secure out of the box, but as it turns out that was a Nintendo.

- -- Jesper M Johansson, Ph.D. Assistant Professor of Information
   Systems at Boston University - during a SANS audio broadcast
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE7hoCtjD4u/xp0yJcRAgYOAJ9YmxIVzYEjMNJ1WIzSOQUnrqSeZgCeMjv5
uscHcZVkurlpzAJ5v6szt0c=
=h6Cs
-----END PGP SIGNATURE-----

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users