Snort mailing list archives

Re: help

From: Dorian ROSSE via Snort-users <snort-users () lists snort org>
Date: Fri, 17 May 2019 06:13:36 +0000

For snort as a deamon follow this link :

http://<http://manual-snort-org.s3-website-us-east-1.amazonaws.com/node11.html#SECTION00291000000000000000>manual<http://manual-snort-org.s3-website-us-east-1.amazonaws.com/node11.html#SECTION00291000000000000000>-<http://manual-snort-org.s3-website-us-east-1.amazonaws.com/node11.html#SECTION00291000000000000000>snort<http://manual-snort-org.s3-website-us-east-1.amazonaws.com/node11.html#SECTION00291000000000000000>-org.s3-website-us-<http://manual-snort-org.s3-website-us-east-1.amazonaws.com/node11.html#SECTION00291000000000000000>east<http://manual-snort-org.s3-website-us-east-1.amazonaws.com/node11.html#SECTION00291000000000000000>-1.amazonaws.com/<http://manual-snort-org.s3-website-us-east-1.amazonaws.com/node11.html#SECTION00291000000000000000>node11<http://manual-snort-org.s3-website-us-east-1.amazonaws.com/node11.html#SECTION00291000000000000000>.<http://manual-snort-org.s3-website-us-east-1.amazonaws.com/node11.html#SECTION00291000000000000000>html<http://manual-snort-org.s3-website-us-east-1.amazonaws.com/node11.html#SECTION00291000000000000000>#SECTION00291000000000000000<http://manual-snort-org.s3-website-us-east-1.amazonaws.com/node11.html#SECTION00291000000000000000>

I Hope It will help you,

Regards.


Dorian Rosse.

Télécharger Outlook pour Android<https://aka.ms/ghei36>

________________________________
From: Snort-users <snort-users-bounces () lists snort org> on behalf of pierre telfort via Snort-users <snort-users () 
lists snort org>
Sent: Thursday, May 16, 2019 1:08:10 AM
To: wkitty42 () windstream net
Cc: snort-users () lists snort org
Subject: Re: [Snort-users] help

i fixed this thanks. now I'm trying to start snort as daemon service. i found some examples on how to do it. i followed 
those examples and tried to start the snort.service, i got an error message.

Le lun. 13 mai 2019 à 09:40, wkitty42--- via Snort-users <snort-users () lists snort org<mailto:snort-users () lists 
snort org>> a écrit :


please keep snort issues on the snort mailing list and do not take them private
unless specifically requested... this way others with the same or similar
problem can find the solution, too... i've added the list back to my reply...


the problem is that you have spaces in all of those *_PATH lines you posted for
my query...

#104 var RULE_PATH ../rules /etc/snort/rules
here ----------------------^

either remove those spaces or fix those paths to point to the proper directories
for all of those *_PATH lines on lines 104, 105, 106, 113, and 114... check any
other paths, too...

perhaps you meant to have the following instead of the default "../rules"??

#104 var RULE_PATH /etc/snort/rules



On 5/7/19 9:36 PM, Telfort P wrote:

#100
# 101 Path to your rules files (this can be a relative path)
# 102 Note for Windows users:  You are advised to make this an absolute path,
# 103 such as:  c:\snort\rules
#104 var RULE_PATH ../rules /etc/snort/rules
#105 var SO_RULE_PATH ../so_rules /etc/snort/so_rules
#106 var PREPROC_RULE_PATH ../preproc_rules etc/snort/preproc_rules
#107 #108 If you are using reputation preprocessor set these
#109 Currently there is a bug with relative paths, they are relative to where
snort is
#110 not relative to snort.conf like the above variables
#111 This is completely inconsistent with how other vars work, BUG 89986
#112 Set the absolute path appropriately
#113 var WHITE_LIST_PATH ../rules /etc/snort/rules
#114 var BLACK_LIST_PATH ../rules /etc/snort/rules
#115


*I labeled them the same way it is in my config file.*

On 5/7/19 3:04 AM, wkitty42--- via Snort-users wrote:

On 5/3/19 10:04 PM, Telfort P via Snort-users wrote:

How do i fix this error in my rules. ""ERROR: /etc/snort/snort.conf(104)
Missing argument to RULE_PATH
Fatal Error, Quitting.""


please post lines 100 thru 110 of your /etc/snort/snort.conf file...



--
  NOTE: No off-list assistance is given without prior approval.
        *Please keep mailing list traffic on the list unless*
        *a signed and pre-paid contract is in effect with us.*
_______________________________________________
Snort-users mailing list
Snort-users () lists snort org<mailto:Snort-users () lists snort org>
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

        To unsubscribe, send an email to:
        snort-users-leave () lists snort org<mailto:snort-users-leave () lists snort org>

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

_______________________________________________
Snort-users mailing list
Snort-users () lists snort org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

        To unsubscribe, send an email to:
        snort-users-leave () lists snort org

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Current thread:

help Telfort P via Snort-users (May 06)
- Re: help Joel Esler (jesler) via Snort-users (May 07)
- Re: help wkitty42--- via Snort-users (May 07)
- Re: help Dorian ROSSE via Snort-users (May 10)
  - Re: help Telfort P via Snort-users (May 10)
    - Re: help Dorian ROSSE via Snort-users (May 10)
- <Possible follow-ups>
- Re: help wkitty42--- via Snort-users (May 13)
  - Re: help pierre telfort via Snort-users (May 16)
    - Re: help Dorian ROSSE via Snort-users (May 17)
    - Re: help Telfort P via Snort-users (May 19)