[Snort-users] First time in NIDS mode, and...

John Sage jsage at ...2022...
Wed May 16 10:26:46 EDT 2001

Just got snort on; works great in packet logging mode; now I'm moving on 
to NIDS mode and I'm getting this:

from logcheck:
May 16 06:49:42 sparky pppd[10996]: Connect: ppp0 <--> /dev/modem
May 16 06:49:45 sparky snort: ERROR: Unable to open rules file: webcgi-lib
May 16 06:49:45 sparky kernel: device ppp0 entered promiscuous mode
May 16 06:49:45 sparky kernel: device ppp0 left promiscuous mode

command line (run from the script that sets up ipchains):

/usr/bin/snort -d -D -l /var/log/snort -h -i ppp0 -c 

snort.conf is the box-stock one that came with the 1.7 distro.


Why can't it load webcgi-lib? It's there, etc etc..

I'm getting no other messages about anything.

ps ax shows snort running in daemon mode with that command line, and 
there is a zero-length file at  /var/log/snort/portscan.log


- John

John Sage
FinchHaven, Vashon Island, WA, USA
mailto:jsage at ...2022...
"The web is so, like, five minutes ago..."

More information about the Snort-users mailing list