Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: More snort problems

From: Erek Adams <erek () theadamsfamily net>
Date: Tue, 9 Jul 2002 08:56:13 -0700 (PDT)
On Mon, 8 Jul 2002, red z wrote:


Yes, I'm an idiot I know what you're thinking.. Ok, in a nutshell I cant do
ANYTHING with snort except snort -v . I want to be able to use the NIDS
damnit!!


heh...  It's Ok.  It's not that big of a deal.  :)

One good thing:  snort -v shows traffic.  That's good!  ;-)


Im running freebsd 4.6. I installed snort by /stand/sysinstall then
packages, security, then snort.

Maybe it's because my IQ is below a dozen I dont know, but I cant get NIDS
running for the life of me.  freebsd installed snort in /usr/local/bin/snort


Ok don't get me wrong, I _love_ the idea of packages.  But I find that with
some things, it's better to build it from the tarball and then packagize the
software yourself.


So far my problems are:

1. I cant find snort.conf (or any snort file for that matter)

2. Permissions?

I made a directory called snort in /var/log to see if it would fix it and
then I did the command snort -h 172.16.0.1/10 -c snort.conf -l/snort/ -dev

still an error message!


First, lets see if we can find snort.conf in one of it's default locations.
If you look in snort.c at around line 3238 you see snort looking for
"/etc/snort.conf", and "./snort.conf".  Down around 3275, you see it also
check for a "<home_dir>/.snortrc".  Check to see if there is a snort.conf file
_anywhere_ with:

        cd /
        find . -name snort.conf -type f -print

If you find one, note where it is, and be sure to use the full path to it when
starting snort.

        snort <options> -c /full/path/to/snort.conf

If not, check for .snortrc on the box with:

        cd /
        find . -name .snortrc -type f -print

Not to harp on it, but this is one of the main reasons I'd rather build by
own--I know where I put things!  :)


Secondly, you're not specifying the path to the log dir in the correct format.
The command line above shows you using /snort/ as your log directory.  That
means "the snort directory right off of the root directory", and not "the
snort directory under the current directory."  Just to be safe, lets's specify
full paths all the way around:

/usr/local/bin/snort -dev -l /var/log/snort -h 172.16.0.1/10 -c /etc/snort.conf

Check and see if any of that will help.


If someone has the time/patience and kindness to email me step by step idiot
proof directions I would be forever in your debt. I am totally lost


heh...  "It might be idiot-proof, but it's not _damned_ idiot
proof"--Anonymous  :)

Hope that helps some!

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Stuff, things, and much much more.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: