[Snort-users] (Snort-users) swatch/snort config

sandro.poppi at ...3316... sandro.poppi at ...3316...
Wed Jan 23 02:58:10 EST 2002


Edwin
>
> Hi Sandro,
>
>   i have installed the swatch rpm package and other perl
> dependent packages
> with no error. i've made some changes in the
> /etc/swatch/swatch.conf based
> on your guideline.
>
>   but i got an error mesg when i tried to run /usr/bin/swatch.
>
>        swatch: cannot read /root/.swatchrc
>        swatch: using default configuration of:
>                   watchfor = /.*/
>                   echo = random
>
you should use the command line option --config-file /etc/swatch/swatch.conf.
Take a look on the snortd script I wrote.

>   btw, what is the purpose of swatch_old2newrc? is this the
> program that
> runs the swatch.conf?

No swatch.conf is read within swatch. From the swatch_old2newrc perl script:

"This program will convert an swatch version 2 configuration file
into a new style configuration file. I highly reccomend that you
examine the new file before using it."

Ciao,
Sandro





More information about the Snort-users mailing list