Re: can't remember why... snot prepends /etc/ to paths resulting in /etc//foo

[waldo kitty <wkitty42 () windstream net>]

On 11/19/2012 12:50, Castle, Shane wrote:
> What's this? ->  var $SNORT_HOME /var/snort

a typo :/

it should have read

var SNORT_HOME /var/snort
var RULE_PATH $SNORT_HOME/rules
var SO_RULE_PATH $SNORT_HOME/so_rules
var PREPROC_PATH $SNORT_HOME/preproc_rules


> You have a "$" there incorrectly, I think, and something goofy is happening.

> FWIW, I don't have that var anywhere in my snort.conf.

most folks won't... it is what we call a "stem"... you'll note how the other 
vars build on it... with this stem, we can place other items in the stem
directory or off of it like the rules directories... we can also build 
additional "stems"...

eg: some enhanced systems may use something like this...

var SNORT_HOME /var/snort
var ET_HOME $SNORT_HOME/ET
var VRT_HOME $SNORT_HOME/VRT
var ET_RULE_PATH $ET_HOME/rules
var VRT_RULE_PATH $VRT_HOME/rules
var SO_RULE_PATH $VRT_HOME/so_rules
var PREPROC_PATH $SNORT_HOME/preproc_rules


> Maybe this var is set in a parent startup shell script and somehow the redef is appending to it?

nah... not in this case... good guess, though!

------------------------------------------------------------------------------
Monitor your physical, virtual and cloud infrastructure from a single
web console. Get in-depth insight into apps, servers, databases, vmware,
SAP, cloud infrastructure, etc. Download 30-day Free Trial.
Pricing starts from $795 for 25 servers or applications!
http://p.sf.net/sfu/zoho_dev2dev_nov
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!