SnortCenter

["Jeremy Junginger" <jjunginger () interactcommerce com>]

Hello,

If you have time to help out, I'm a bit stuck.  I have snortcenter
installed on  a RedHat 7.2 Linux Machine that is already running
ACID/MySQL/PHP/Snort/ADODB.  I am able to pull system status, but it
looks like SnortCenter cannot see snort.

Snort lives at:
/usr/local/snort/

Snort logs live at:
/var/snort_log_storage/

When I add the sensor, I enter the following:

Sensor Name: LabSensor
Sensor IP: x.x.x.x
Sensor Username: userx
Sensor Password: ****
Sensor Agent Type: SnortCenter Client v.1 (SSL enabled)
Interface name to sniff: eth0
Snort command line: /usr/local/snort/snort -c
/usr/local/snort/rules/snort.conf -l /var/snort_log_storage

And when I click the "restart" link within snort center, I get the
following on the web page:

Current config file error:
Log directory = /var/log/snort

Initializing Network Interface eth0
using config file /root/.snortrc
Parsing Rules file /root/.snortrc
ERROR: Unable to open rules file: /root/.snortrc or /root//root/.snortrc
Fatal Error, Quitting..
Initializing Preprocessors!
Initializing Plug-ins!
Initializating Output Plugins!

+++++++++++++++++++++++++++++++++++++++++++++++++++
Initializing rule chains.

And on the host, I get:

Cat: /usr/local/snort/rules/snort_cmd_line.eth0: No such file or
directory.

Any assistance you can provide would be helpful.


Jeremy

Attachment: smime.p7s
Description: