[Snort-sigs] Only an empty Alert file :(

Community Signatures lists at ...3397...
Tue Mar 13 09:46:15 EDT 2012


On 03/13/12 08:30, Dean Farwood wrote:
> I wish I knew why adding the –c argument messes up logging?

The '-c' flag also specifies the path to the configuration/rules file,
perhaps you're using a different/default configuration file/setting than
/etc/snort/snort.conf when dropping the '-c' flag?

Testing here locally, with strace, against Snort I never see
/etc/snort/snort.conf referenced.

Perhaps the crux of the issue is a borked /etc/snort/snort.conf?
Looking at snort.c as well I only see a character array pointed to
"/etc/snort.conf" or "./snort.conf", never "/etc/snort/snort.conf"

In function *ConfigFileSearch(void):
snort.c: char *conf_files[]={"/etc/snort.conf", "./snort.conf", NULL};

Hope this helped,
Nathan











More information about the Snort-sigs mailing list