RE: Request for help with ppp0 configuration of sno rt -- NEWBIE --

[Dave.Hartley () uk delarue com]

Can anyone help at all??
 
If not is anyone able to point me off in the direction of more resources
other than snorts page?
 
Thanks

-----Original Message-----
From: Dave.Hartley () uk delarue com [mailto:Dave.Hartley () uk delarue com]
Sent: 11 September 2003 09:13
To: snort-users () lists sourceforge net
Subject: [Snort-users] Request for help with ppp0 configuration of snort --
NEWBIE --



Hello,
        A while ago I posed a question regarding a home deployment of Snort.
I received a very helpful answer from the following two list members:
 
Erek Adams & John Sage
 
My situation was and is that I am running a dial up connection at home using
KPPP.  I have the latest version of snort, ACID, APACHE, PHP, and Snort GUI.
 
I have configured all of these per the set up guides available from
<http://www.snort.org/docs/snort_acid_rh9.pdf>
http://www.snort.org/docs/snort_acid_rh9.pdf and
<http://users.pandora.be/larc/documentation/>
http://users.pandora.be/larc/documentation/
 
The additional information I was given from this list was to configure my
sensor as follows:
 
var HOME_NET $ppp0_ADDRESS
 
Sensor Name: Snort_1
Sensor IP: 127.0.0.1 
Port: 2525
Username:
Password:
Agent Type: 
Interface to sniff: ppp0
Snort Command Line: snort -b -i ppp0 -o -c /etc/snort/snort.conf
 
However I have only just found time to work on this machine, and I have an
additional problem.  Maybe someone can help??
 
I can download the Rules (Import from Web).  When I try to push or start the
sensor, I receive the following error, and the status informs me that snort
has not started:

Error in /snortcenter/sensor/rules//snort.ppp0.conf
Started snort with previous configuration!!!
Current config file error:
Running in IDS mode
Log directory = /var/log/snort
 
Initializing Network Interface ppp0
ERROR: OpenPcap() FSM compilation failed:
PCAP command: %s
 
Fatal Error, Quitting..
 
I have checked the /var/log/snort directory and no files are present?
 
Can anyone assist??

Thanks


This message is strictly private and contains confidential information
intended only for the use of the person named above. If you have received
this e-mail in error and are not the intended recipient you must not
disclose, copy or distribute it to anyone else. Please immediately advise
the sender and delete this email and all attachments.