[Snort-users] New Ruleset not working with Snort 1.7

Joe Magee lists at ...297...
Thu Apr 12 15:24:49 EDT 2001

Joe.. I'm a little lost... what do you mean by absolute paths? which ones? are you saying that I should just copy the new rule files in the same directory as my snort.conf file and just call them in snort.conf like

include webcgi.rules
include ddos.rules

?? I've actually tried this too and it I get the same errors..



---------- Original Message ----------------------------------
From: Joe McAlerney <joey at ...47...>
Date: Thu, 12 Apr 2001 12:09:58 -0700

>Hi Joe,
>By popular demand, the path where included files are searched for was
>changed from absolute to relative to the directory that your
>configuration file is in (specified with -c).  This was done to avoid
>having to add absolute paths to each include, and is a feature in the
>CVS version of Snort - At least that's how I understand the history of
>So, remove those absolute paths and you should be good to go.
>-Joe M.
>|   Joe McAlerney     joey at ...155...   |
>| Silicon Defense - Technical Support for Snort |
>|       http://www.silicondefense.com/          |
>+--                                           --+
>Joe Magee wrote:
>> Snort works fine... However I downloaded the newest rules put them in /usr/jmagee/snort*7/rules/ and then added the appropriate lines in snort.conf to reflect the new rules. I get the following error:
>> intruder# snort -d -e -l /usr/snortlogs -v -c /usr/jmagee/snort*7/snort.conf -D -i xl0
>> Initializing daemon mode
>> intruder# Apr 12 01:27:48 intruder snort: ERROR: Unable to open rules file: /usr/jmagee/snort*7/rules/webcgi.rules
>> Apr 12 01:27:48 intruder snort: ERROR: Unable to open rules file: /usr/jmagee/snort*7/rules/webcgi.rules

More information about the Snort-users mailing list