[Snort-users] Progress..New Ruleset not working with Snort 1.7
lists at ...297...
Thu Apr 12 15:35:13 EDT 2001
Ok here is what I did I copied all of the rules in the same directory as snort.conf and in snort.conf I defined:
It seems as though my first problem is solved, however now I'm getting:
intruder# snort -d -e -l /usr/snortlogs -v -c /usr/jmagee/snort*7/snort.conf -D -i xl0
Initializing daemon mode
intruder# Apr 12 02:31:42 intruder snort: [!] ERROR smtp.rules(7) => Bad port number: "(msg:"SMTP"
Apr 12 02:31:42 intruder snort: [!] ERROR smtp.rules(7) => Bad port number: "(msg:"SMTP"
Do I have to define SMTP somewhere?
---------- Original Message ----------------------------------
From: Joe McAlerney <joey at ...47...>
Date: Thu, 12 Apr 2001 12:09:58 -0700
>By popular demand, the path where included files are searched for was
>changed from absolute to relative to the directory that your
>configuration file is in (specified with -c). This was done to avoid
>having to add absolute paths to each include, and is a feature in the
>CVS version of Snort - At least that's how I understand the history of
>So, remove those absolute paths and you should be good to go.
>| Joe McAlerney joey at ...155... |
>| Silicon Defense - Technical Support for Snort |
>| http://www.silicondefense.com/ |
>Joe Magee wrote:
>> Snort works fine... However I downloaded the newest rules put them in /usr/jmagee/snort*7/rules/ and then added the appropriate lines in snort.conf to reflect the new rules. I get the following error:
>> intruder# snort -d -e -l /usr/snortlogs -v -c /usr/jmagee/snort*7/snort.conf -D -i xl0
>> Initializing daemon mode
>> intruder# Apr 12 01:27:48 intruder snort: ERROR: Unable to open rules file: /usr/jmagee/snort*7/rules/webcgi.rules
>> Apr 12 01:27:48 intruder snort: ERROR: Unable to open rules file: /usr/jmagee/snort*7/rules/webcgi.rules
More information about the Snort-users