[Snort-users] New Ruleset not working with Snort 1.7

Joe Magee lists at ...297...
Thu Apr 12 14:39:05 EDT 2001


Hello all here is the deal... I'm running Snort 1.7 When I launch snort using the following command line:

snort -d -e -l /usr/snortlogs -v -c /usr/jmagee/snort*7/snort.conf -D -i xl0

Snort works fine... However I downloaded the newest rules put them in /usr/jmagee/snort*7/rules/ and then added the appropriate lines in snort.conf to reflect the new rules. I get the following error:

intruder# snort -d -e -l /usr/snortlogs -v -c /usr/jmagee/snort*7/snort.conf -D -i xl0
Initializing daemon mode
intruder# Apr 12 01:27:48 intruder snort: ERROR: Unable to open rules file: /usr/jmagee/snort*7/rules/webcgi.rules
Apr 12 01:27:48 intruder snort: ERROR: Unable to open rules file: /usr/jmagee/snort*7/rules/webcgi.rules

I've double checked my snort.conf file and made sure that it was pointing to the rules file... even "cat" the file using hte patch to insure it was right...

Here are two snipits from my snort.conf file: (ignore the XX's) 

var HOME_NET [XX.180.97.165/32,XX.180.97.145/32,10.129.1.0/24]

# Set up the external network addresses as well.  A good start may be
# "any"...

var EXTERNAL_NET !$HOME_NET

# Define the addresses of DNS servers and other hosts if you want to ignore
# portscan false alarms from them...

var DNS_SERVERS [XX.3.196.33/32,XX.3.196.34/32,XX.3.196.35/32]

---end of file--

Any ideas??? I have the latest version of snort and the new rules just will not work... Any help would be appreciated!

Thanks

Joe




More information about the Snort-users mailing list