Snort mailing list archives

Previous By Date Next
Previous By Thread Next

[ Snort-users]

From: "Deyoung, Richard E. - Raleigh, NC" <RDeyoung () email usps gov>
Date: Thu, 30 Jan 2003 15:57:26 -0500
G'day all.

I've been experimenting with migrating all of the command line options
into the particular snort configuration file I'm using at run-time and
have found that even if I start snort with the "-c" switch, and have
specified my logging directory as "/var/log/foo", snort will not pick up
my config directive but will continue to try and log to
"/var/log/snort".
NOTE:
The other vars, preprocessor, and output plug-ins are being read
successfully from my main config file; it's only the "config" directives
that it's failing to pick up.

[Particulars]
OSver:          Redhat v7.3
Snortver:               1.9.0, Build 209
Other configs:  All var, preprocessor, and output plug-ins, as well as 
                        Config directives have been implemented in a
single file

[Specific configs as they exist in the main config file with all of the
other "stuff"]

config decode_data_link
config daemon
config show_year
config interface: eth1
config logdir: /var/log/foo
config utc
config dump_payload_verbose

[Questions]
1. Will snort v1.9.0 support a single, main configuration file?
2. If not, which portions of the default config file that comes with the
source, can be excluded from the main config file and included in an
alternate file (which could be referenced by the "include"
directive....)


Thanks all,
Richard DeYoung
Email:   RDeYoung () email usps gov
_______________________________________________________________________
|Notice: This e-mail message, including any attachments, is 
|for the sole use of the intended recipients and may contain sensitive 
|and privileged information. Any unauthorized review, use, disclosure 
|or distribution is prohibited. If you are not the intended recipient, 
|please contact the sender by reply e-mail and destroy all copies of 
|the original message.
|_______________________________________________________________________




-------------------------------------------------------
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: