Re: First run of snort

[James Riden <j.riden () massey ac nz>]

Jiju Menon <security4rrm () gmail com> writes:

> 1/14
>
> Hello,
>
> Thank you for the help in locating the snort.conf file. The snort.conf
> file was in the /etc directory of the source code.
>
> This is what I did.....
>
> 1) In the snort.conf file I changed the following parameters for the first run.
>
> var HOME_NET <Internal IP/mask>
>
> var RULE_PATH /root/snortDir/snort-2.3.ORC2/rules
>
> 2) The snort was run as root with the command
>
> snort -c /etc/short/snort.conf
>
> Problem:
>
> ERROR: Unable to open rules file:
> /root/snortDir/snort-2.3.ORC2/rules/local.rules 

Really dumb question: does the above file exist and is it readable?
Try commenting the include[1] out and see what happens. (I think
local.rules is empty by default - I believe it's for rules you write
yourself.)

cheers,
 Jamie

[1] that is, the line 'include $RULE_PATH/local.rules' in snort.conf
-- 
James Riden / j.riden () massey ac nz / Systems Security Engineer
Information Technology Services, Massey University, NZ.
GPG public key available at: http://www.massey.ac.nz/~jriden/



-------------------------------------------------------
The SF.Net email is sponsored by: Beat the post-holiday blues
Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek.
It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users