[Snort-users] New rule file format and lost path info
agent33 at ...187...
Wed Mar 14 14:22:32 EST 2001
Ok, maybe I didn't explain myself too well.
Lets say my current dir is /home/stinky, lets say I a logged in as root. I
snorty:/home/stinky# /usr/local/snort/snort -dev -c
snort barfs with:
ERROR: unable to open rules file: local.rules
Fatal Error, quitting.
snort.conf has the the line:
snort is looking for the local.rules file in my current directory, not in
the directory that snort.conf is in. Now I could change snort.conf to read:
but shouldn't snort look for the included rules files in the path called out
in the -c switch instead of looking just in the current dir and then dieing?
That a better explanation of it?
> -----Original Message-----
> From: Fyodor [mailto:fygrave at ...121...]
> Sent: Wednesday, March 14, 2001 1:11 PM
> To: Steve Halligan
> Subject: Re: [Snort-users] New rule file format and lost path info
> hmm.. and what would be expected behaviour? :) I think it
> could be fixed :)
> On Wed, Mar 14, 2001 at 11:11:24AM -0600, Steve Halligan wrote:
> > I start snort with the following Commandline:
> > #/usr/local/snort/snort -D -dev -c /usr/local/snort/snort.conf
> > if I am not in the /usr/local/snort dir, snort can't find
> the included rule
> > files. If the full path to the rule files is not included
> in the conf file,
> > snort looks for the includes relative to the dir you are
> currently in rather
> > than relative to the specified location of snort.conf.
> This of course also
> > screws up any hope of HUPing it.
> > -Steve
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > Go to this URL to change user options or unsubscribe:
> > http://lists.sourceforge.net/lists/listinfo/snort-users
> PGP fingerprint = 56DD 1511 DDDA 56D7 99C7 B288 5CE5 A713 0969 A4D1
More information about the Snort-users