[Snort-devel] Re: snort 1.8: [reading from a file]

Andrea Barisani lcars at ...360...
Tue Jul 10 10:22:19 EDT 2001


Ok, I've made a mistake ;)

The flags are -d -r file -c rulesfile, so [reading from a file] in the
sensor entry is correct (snort 1.7 reporting is different), however the
modprobe attempt is still odd.

Bye


On Tue, 10 Jul 2001, Andrea Barisani wrote:

> Hi to all!
> 
> I've just updated my IDS with snort 1.8 but with the same flags used by
> snort 1.7 (-A full -c rulefile -D -b -d -i eth0 -l /var/log/snort -s) and
> the same rules files I see this message in syslog before the startup,
> 
> modprobe: modprobe: Can't locate module [reading from a
> 
> !!
> 
> And in the mysql database there is a new sensor, instead of ip:eth0 now I
> have ids.domainname.it:[reading from a file]
> 
> I assure you that snort is NOT reading from a tpcdump file, is sniffing
> correctly ;)
> 
> The ethernet is an Intel eepro100
> 
> Any ideas?
> 
> Bye
> 
> P.S.
> 
> What is the [1:0:0] in the alerts? 
> 
> ------------------------------------------------------------
> INFIS Network Administrator & Security Officer
> Department of Physics       - University of Trieste
> lcars at ...360... - PGP Key 0x8E21FE82
> ------------------------------------------------------------
> "How would you know I'm mad?" said Alice.
> "You must be,'said the Cat,'or you wouldn't have come here."
> ------------------------------------------------------------
> 
> 





More information about the Snort-devel mailing list