FW: [Snort-users] New rule file format and lost path info

Chris Green cmg at ...671...
Fri Mar 16 15:09:35 EST 2001


Fyodor <fygrave at ...121...> writes:

> All right, since there are so many people wanting this change I think it makes sense to switch to
> such behaviour:
> 
> 1. if file isn't given with full path in snort rules file, the path of snort.conf ('./' if no path was given in command line)
> will be used.
> 2. if file is given with the full path name (i.g. starts with '/' character), this full path will be used.
> 
> hope it helps. (I am commiting cvs fixes shortly).

This I think causes some weirdness with my setup

sbin/snort -A fast -b -u snort -g snort \
  -t /var/snort -l ./log -d -i $INTERFACE \
  -c etc/snort/snort.conf  

B/C then snort tries to probe
/var/snort/etc/snort/etc/snort/snort.conf for the config file.

If you specify the path as an entire path, things work fine.
Perhaps the heuristic code should only apply to includes and not the
command line include?
-- 
Chris Green <cmg at ...671...>
Logic, my dear Zoe, merely enables one to be wrong with authority.
                - Doctor Who, "The Wheel in Space"




More information about the Snort-users mailing list