[Snort-users] First time in NIDS mode, and...
Joshua.Scott at ...1955...
Wed May 16 12:41:51 EDT 2001
Make sure that either you run Snort from the directory that has all the
rules files and your snort.conf, or make sure that your snort.conf has the
full path to each of your rules files.
From: Oxenreider, Jeff [mailto:jox at ...963...]
Sent: Wednesday, May 16, 2001 7:56 AM
To: 'John Sage'; Snort Users
Subject: RE: [Snort-users] First time in NIDS mode, and...
I've seen this happen to me on occasion, and if I open up the snort.conf
file, in "vi" and then do a "write quit", thereby updating the timestamp on
the file, and rerun snort, it fires right up. I don't have an explanation
for the action and it hasn't been a burden on me too much and I just chalked
it up to something I was doing wrong so never posted any sort of a bug
report on it.
Bad Jeff, Bad.....
Jeffrey A. Oxenreider
Senior Network/Security Engineer
Safelite Glass Corp
From: John Sage [ mailto:jsage at ...2022... <mailto:jsage at ...2022...>
Sent: Wednesday, May 16, 2001 10:27 AM
To: Snort Users
Subject: [Snort-users] First time in NIDS mode, and...
Just got snort on; works great in packet logging mode; now I'm moving on
to NIDS mode and I'm getting this:
May 16 06:49:42 sparky pppd: Connect: ppp0 <--> /dev/modem
May 16 06:49:45 sparky snort: ERROR: Unable to open rules file: webcgi-lib
May 16 06:49:45 sparky kernel: device ppp0 entered promiscuous mode
May 16 06:49:45 sparky kernel: device ppp0 left promiscuous mode
command line (run from the script that sets up ipchains):
/usr/bin/snort -d -D -l /var/log/snort -h 192.168.1.0/24 -i ppp0 -c
snort.conf is the box-stock one that came with the 1.7 distro.
Why can't it load webcgi-lib? It's there, etc etc..
I'm getting no other messages about anything.
ps ax shows snort running in daemon mode with that command line, and
there is a zero-length file at /var/log/snort/portscan.log
FinchHaven, Vashon Island, WA, USA
mailto:jsage at ...2022... <mailto:jsage at ...2022...>
"The web is so, like, five minutes ago..."
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users