FW: [Snort-users] New rule file format and lost path info

Chris Green cmg at ...671...
Wed Mar 14 15:00:33 EST 2001


"Ginnetty, James" <JGinnetty at ...1561...> writes:

> And while we're talking about it..... I've seen the same behavior with
> processing snort rules within snortsnarf. It seems to want an explicit path
> on the include statement or have everything in the default directory.

./snortsnarf.pl -d $HTMLDIR -homenet 192.168.0.0/16 \
               -rulesdir /var/snort/etc/snort \
               -rulesfile /var/snort/etc/snort/snort.conf \
                $SNORTBASEDIR/$DIR/alert* \
                $SNORTBASEDIR/$DIR/portscan* 

The rulesdir is the argument that is the key.   Of course, assuming
"file.rules" is really $snortconfdir/file.rules would be helpful if
well documented.  getting paths and working directories straight made
it a PITA to debug a chroot setup ( sure it all makes sense now... )
-- 
Chris Green <cmg at ...671...>
"Yeah, but you're taking the universe out of context."




More information about the Snort-users mailing list