[Snort-users] Snort in daemon mode

Joe McAlerney joey at ...47...
Thu Apr 12 12:34:33 EDT 2001


You will have to specify absolute paths to each included rules file in
your configuration file.  Alternatively, you can call snort from the
directory that those rules files are in.  This has been fixed in the CVS
version.

-Joe M.

-- 
|   Joe McAlerney     joey at ...155...   |
| Silicon Defense - Technical Support for Snort |
|       http://www.silicondefense.com/          |
+--                                           --+

"Jyri V." wrote:

> However I'm running snort 1.7 (from rpm) also on the RedHat 6.2 box, and
> I have another problem:
> Whenever I have to restart snort, it fails to start again in daemon
> mode, the trick I had explained before shows that the error is:
> "ERROR: unable to open file: exploit.rules". This file exists in default
> location, /etc/snort. If I comment out this file from snort.conf, then
> next described in snort.conf .rules file causes the same error.
> The only thing that helps is to chown *.rules to someone else and then
> to the root.wheel again, snort starts, but, again, until next snort
> restart or stop.  Any ruleset update didn't help. *.rules files are in
> default mode: 644, owner root, group wheel. I tried also root.root,
> snort.snort modes, but it has no effect.




More information about the Snort-users mailing list