RE: Running Snort 1.9.0 from shell script

["Randy Bey" <Randy.Bey () rivernorthsys com>]

> Actually, I'd have to say Michael is right.  I'd be willing to be that
you
> are
> using an old config file from another version in your script.  What I
> would
> suggest is to download the tarball, not the RPM, and then grab the
.conf
> from
> it.  Config it and then use "-c /wherever/snort.conf"
>
> We're not saying you're crazy, we're just saying that it doesn't
> match/make
> sense.  :)  It's the 'law of averages'.  So far you're the only person
> with
> this problem, so it seems that what you're seeing is unique to you.

Maybe not if the same conf file is referenced in the script and from the
command line.

I don't think this is a snort issue; it sounds like a shell coding
issue. The reference to "../rules" is what they call a relative path,
and I would replace it with an absolute path myself (starting with a /,
as in /etc/snort/rules). I blather on but I think the var in question is
RULE_PATH, although there's a couple other PATHs in the snort.conf.

When you run your script you may not be in the same working directory as
when you run the command from the command line. Or your script might not
correctly set the current working directory.

That's where I would look, were I you.

Randy Bey
Rivernorth Systems



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users