[Snort-users] SnortCenter

larc larc at ...1187...
Wed Aug 7 18:24:03 EDT 2002


Hi,

The problem is, that you specify the snort path in your management console.
The sensor normal knows already where where to find it, so just leave it of.
And also the -c for the snort.conf file is not needed, anly if you work in a chroot environment and then it would be snort.eth0.conf
Just enter the command line like:

Snort command line: -l /var/snort_log_storage

if you want to log to a different file or directory.

You can also leave the snort command line empty, then snortcenter will make:
-D -i ethx -c /dir/to/snort.ethx.conf

I hope this helps
Stefan Dens

------------------------
 "Jeremy Junginger" <jjunginger at ...6548...> wrote:
------------------------
Hello,
>
>If you have time to help out, I'm a bit stuck.  I have snortcenter
>installed on  a RedHat 7.2 Linux Machine that is already running
>ACID/MySQL/PHP/Snort/ADODB.  I am able to pull system status, but it
>looks like SnortCenter cannot see snort.
>
>Snort lives at:
>/usr/local/snort/
>
>Snort logs live at:
>/var/snort_log_storage/
>
>When I add the sensor, I enter the following:
>
>Sensor Name: LabSensor
>Sensor IP: x.x.x.x
>Sensor Username: userx
>Sensor Password: ****
>Sensor Agent Type: SnortCenter Client v.1 (SSL enabled)
>Interface name to sniff: eth0
>Snort command line: /usr/local/snort/snort -c
>/usr/local/snort/rules/snort.conf -l /var/snort_log_storage
>
>And when I click the "restart" link within snort center, I get the
>following on the web page:
>
>Current config file error:
>Log directory = /var/log/snort
>
>Initializing Network Interface eth0
>using config file /root/.snortrc
>Parsing Rules file /root/.snortrc
>ERROR: Unable to open rules file: /root/.snortrc or /root//root/.snortrc
>Fatal Error, Quitting..
>Initializing Preprocessors!
>Initializing Plug-ins!
>Initializating Output Plugins!
>
>+++++++++++++++++++++++++++++++++++++++++++++++++++
>Initializing rule chains.
>
>And on the host, I get:
>
>Cat: /usr/local/snort/rules/snort_cmd_line.eth0: No such file or
>directory.
>
>Any assistance you can provide would be helpful.
>
>
>Jeremy
>
>
>
>
>
>
>SnortCenter
>
>
>
>
>Hello,
>
>
>If you have time to help out, I'm a bit 
>stuck. I have snortcenter installed on a RedHat 7.2 Linux 
>Machine that is already running ACID/MySQL/PHP/Snort/ADODB. I am 
>able to pull system status, but it looks like SnortCenter cannot see 
>snort.
>
>Snort lives at:
>
>/usr/local/snort/
>
>
>Snort logs live at:
>
>/var/snort_log_storage/
>
>
>When I add the sensor, I enter the 
>following:
>
>
>Sensor Name: LabSensor
>
>Sensor IP: x.x.x.x
>
>Sensor Username: userx
>
>Sensor Password: ****
>
>Sensor Agent Type: SnortCenter Client 
>v.1 (SSL enabled)
>
>Interface name to sniff: eth0
>
>Snort command line: 
>/usr/local/snort/snort -c /usr/local/snort/rules/snort.conf -l 
>/var/snort_log_storage
>
>
>And when I click the 
>"restart" link within snort center, I get the following on the 
>web page:
>
>
>Current config file error:
>
>Log directory = 
>/var/log/snort
>
>
>Initializing Network Interface 
>eth0
>
>using config file 
>/root/.snortrc
>
>Parsing Rules file 
>/root/.snortrc
>
>ERROR: Unable to open rules file: 
>/root/.snortrc or /root//root/.snortrc
>
>Fatal Error, Quitting..
>
>Initializing Preprocessors!
>
>Initializing Plug-ins!
>
>Initializating Output Plugins!
>
>
>+++++++++++++++++++++++++++++++++++++++++++++++++++
>
>
>Initializing rule chains…
>
>
>And on the host, I get:
>
>
>Cat: 
>/usr/local/snort/rules/snort_cmd_line.eth0: No such file or 
>directory.
>
>
>Any assistance you can provide would be 
>helpful.
>
>
>
>Jeremy






More information about the Snort-users mailing list