Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Snort 1.9.1/Spade/Snortcenter

From: "Rogier Gerritse" <Rogier () prevent-it nl>
Date: Tue, 10 Aug 2004 16:56:33 +0200
First post on this list so: "Hi all"
 
I'm running Snort on RH7.3 I've used the document by Steven J. Scott and
the systems been running stable for a while now. I was using Snort 2.1.3
and used the react:block response to block all known worm and virus
traffic which worked fine.

Now I'm running Snort 1.9.1 and Spade 030125.1. When I add the Spade
detector rules the following happens in SnortCenter 0.9.6:

[log]
Error in /etc/snort/snort.eth1.conf
Restarted snort with previous configuration!!!

...snip...
Initializing rule chains...
Initializing Preprocessors!
Initializing Plug-ins!
Spade is enabled
Spade state initialized to what is in /var/log/spade/spade.rcv
Spade will record its state to /var/log/spade/spade.rcv after every
50000 updates
Spade's log is /var/log/spade/spade.log
Spade reports will go to both the alert and log facility
Spade homenet set to: 172.16.0.0/16
detector 1 enabled with: type=odd-typecode
detector 2 enabled with: type=odd-typecode to=nothome
...snip...
785 Snort rules read...
785 Option Chains linked into 162 Chain Headers
0 Dynamic rules
+++++++++++++++++++++++++++++++++++++++++++++++++++

Rule application order: 
--== Initialization Complete ==--

-*> Snort! <*-
Version 1.9.1 (Build 231)
By Martin Roesch (roesch () sourcefire com, www.snort.org)

Snort sucessfully loaded all rules and checked all rule chains!
Spade got shutdown signal, cleaning up
[/log]

Spade doesn't work in this config and the old config is loaded. When I
remove the spade-detect lines everything is ok again.

When I use the same config on the command line: snort -U -o -s -S -d -c
/etc/snort/snort.eth1.conf Everything works as it should.

My guess is it has something to do with the command line options
SnortCenter uses. These are in sensor.php but I think I'm missing
something. Any help would be greatly appreciated.


-------------------------------------------------------
SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift.
http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: