Snort mailing list archives
Command line overrides?
From: "J. Craig Woods" <drjung () sprynet com>
Date: Wed, 01 May 2002 00:52:24 -0500
I am getting, as of yet, unexplainable output to syslog when I start snort. The message in syslog reads "WARNING: command line overrides rules file alert plugin!" This is a new install of the snort rpm made for Mandrake Linux, snort-1.8.5-1mdk. I suspect I should have went with the newer tar ball but I wanted to keep my rpm database current. The command I am using to start snort is "/usr/sbin/snort -u snort -g snort -s -d -D \ -i ${INTERFACE} -l /var/log/snort -c /etc/snort/snort.conf". I have used this command before with no warning being posted to syslog. All snort config files have been edited, and look to be in good shape. Snort does start up successfully on the right interface (eth1), and is running. As you can see, I am just logging to default /var/log/snort, and using the "output alert_syslog: LOG_AUTH LOG_ALERT" param in "snort.conf" I do not see any logging occurring. What in hell am I doing wrong. I have been doing my RTFM and STFW dutifully but to no avail. Any help or hints will be most appreciated -- J. Craig Woods UNIX/NT Network/System Administration -Art is the illusion of spontaneity-
Current thread:
- Command line overrides? J. Craig Woods (Apr 30)