Snort mailing list archives

Re: unable to wash traffic through rules files

From: Erek Adams <erek () snort org>
Date: Mon, 13 Jan 2003 09:20:00 -0500 (EST)

On Sun, 12 Jan 2003, don wrote:

I am using snort 1.9.0 and am unable to get it to work pse see the below
noted I would be most grateful for any ideas as
to what I am doing wrong. I am fully conversant with tcpdump/ethereal
and the such but this is stumping me!!!

monkeylabs:/home/don/Documents/snort-1.9.0/src # ./snort -dvr
/home/don/ch1.capture -A full -c netbios.rules
Initializing Output Plugins!
Log directory = /var/log/snort
TCPDUMP file reading mode.
Reading network traffic from "/home/don/ch1.capture" file.
snaplen = 65535

        --== Initializing Snort ==--
Initializing Preprocessors!
Initializing Plug-ins!
Parsing Rules file netbios.rules

+++++++++++++++++++++++++++++++++++++++++++++++++++
Initializing rule chains...
ERROR: Unable to open rules file: netbios.rules or ./netbios.rules
Fatal Error, Quitting..


[...snip...]

Ummm....  It can't find the file "netbios.rules" or "./netbios.rules".
Put in the full path to the file that you intend to use and that error
should be fixed.

But...  You'll have another error then.  Save yourself the time and simply
configure the snort.conf that comes with Snort.  Simply fill in HOME_NET
with the subnet that you want to watch and set EXTERNAL to !$HOME_NET (not
HOME_NET).  Then for the other plugins, you can configure them, but for
testing, you'd be fine to leave them at your defaults.

Hope that helps!

-----
Erek Adams

   "When things get weird the wierd turn pro."   H.S. Thompson


-------------------------------------------------------
This SF.NET email is sponsored by: FREE  SSL Guide from Thawte
are you planning your Web Server Security? Click here to get a FREE
Thawte SSL guide and find the answers to all your  SSL security issues.
http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0026en
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

unable to wash traffic through rules files don (Jan 13)
- Re: unable to wash traffic through rules files Erek Adams (Jan 13)
- <Possible follow-ups>
- RE: unable to wash traffic through rules files Hicks, John (Jan 13)
- RE: unable to wash traffic through rules files Gonzalez, Albert (Jan 13)