[Fwd: [Snort-users] Error: unable to open local.rules]

Michael Steele michaels at ...155...
Wed Jun 13 13:51:42 EDT 2001


Colin,

If you run snort from the actual directory it's located in you do not
need to add the full path for the rules. Anytime you run Snort out of
it's folder you will need to specify the complete path. This is fixed in
the 1.8 version that will be released ion the near future.

-Mike

        Commercial Snort Support
             1.866.41.SNORT
Silicon Defense - www.silicondefense.com
Michael Steele - Snort Support Technician


-----Original Message-----
From: Colin Wu [mailto:wucolin at ...2181...] 
Sent: Wednesday, June 13, 2001 10:34 AM
To: Michael Steele
Subject: Re: [Fwd: [Snort-users] Error: unable to open local.rules]

I actually have a local.rules file.  What I didn't have was the full
path to
each rules file in snort.conf.  The strange thing is it only failed
sometimes, not all the time; however, since I added the full path to all
the
include lines things have been more stable.

Michael Steele wrote:

> Make sure you actually have a local.rules. If not then # out that line
> in the snort.conf.
>
> -Mike
>
>         Commercial Snort Support
>              1.866.41.SNORT
> Silicon Defense - www.silicondefense.com
> Michael Steele - Snort Support Technician
>
> -----Original Message-----
> From: snort-users-admin at lists.sourceforge.net
> [mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Colin Wu
> Sent: Friday, June 08, 2001 10:54 AM
> To: Snort Users
> Subject: [Fwd: [Snort-users] Error: unable to open local.rules]
>
> Colin Wu wrote:
>
> > It's running on an Ultra 10, Solaris 2.7 (or maybe 8, I'm not sure
at
> the
> > moment).  The entire message was (after the usual time-stamp, host
id,
> process
> > id stuff) "ERROR: Unable to open rules file: local.rules"
> >
> > In answer to Aaron M: It doesn't seem to complain about any of the
> other rules
> > and it doesn't crash everytime.
> >
> > Fyodor wrote:
> >
> > > On Fri, Jun 08, 2001 at 12:32:26PM -0400, Colin Wu wrote:
> > > > I periodically HUP my snort (v1.7) to checkpoint the binary dump
> log,
> > > > but occasionally snort will die with the message: " ERROR:
Unable
> to
> > > > open rules file: local.rules" in syslog.  At this point I have
to
> rename
> > > > the local.rules file and make a new copy (mv local.rules local;
cp
> local
> > > > local.rules).
> > > >
> > > > Any ideas?
> > > >
> > >
> > > Hmm.. sounds strange. Which platform is that?  Could you quote the
> whole
> > > error message too (so we could see what errno's been set).
> > >
> > > thanks
> > > -F
> >
> > --
> >
> >    __     _             _            Network Analyst
> >   /  )   //            ' )   /       Computing & Information
Services
> >  /    __|/  o ____      / / / . .    McMaster University
> > (__/ (_) \_<_/ / <_    (_(_/ (_/_    (905)525-9140 ext 24050
> >                                      http://netman.McMaster.CA
>
> --
>
>    __     _             _            Network Analyst
>   /  )   //            ' )   /       Computing & Information Services
>  /    __|/  o ____      / / / . .    McMaster University
> (__/ (_) \_<_/ / <_    (_(_/ (_/_    (905)525-9140 ext 24050
>                                      http://netman.McMaster.CA
>
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> http://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

--

   __     _             _            Network Analyst
  /  )   //            ' )   /       Computing & Information Services
 /    __|/  o ____      / / / . .    McMaster University
(__/ (_) \_<_/ / <_    (_(_/ (_/_    (905)525-9140 ext 24050
                                     http://netman.McMaster.CA







More information about the Snort-users mailing list