[Snort-users] More snort problems
erek at ...577...
Tue Jul 9 08:57:04 EDT 2002
On Mon, 8 Jul 2002, red z wrote:
> Yes, I'm an idiot I know what you're thinking.. Ok, in a nutshell I cant do
> ANYTHING with snort except snort -v . I want to be able to use the NIDS
heh... It's Ok. It's not that big of a deal. :)
One good thing: snort -v shows traffic. That's good! ;-)
> Im running freebsd 4.6. I installed snort by /stand/sysinstall then
> packages, security, then snort.
> Maybe it's because my IQ is below a dozen I dont know, but I cant get NIDS
> running for the life of me. freebsd installed snort in /usr/local/bin/snort
Ok don't get me wrong, I _love_ the idea of packages. But I find that with
some things, it's better to build it from the tarball and then packagize the
> So far my problems are:
> 1. I cant find snort.conf (or any snort file for that matter)
> 2. Permissions?
> I made a directory called snort in /var/log to see if it would fix it and
> then I did the command snort -h 172.16.0.1/10 -c snort.conf -l/snort/ -dev
> still an error message!
First, lets see if we can find snort.conf in one of it's default locations.
If you look in snort.c at around line 3238 you see snort looking for
"/etc/snort.conf", and "./snort.conf". Down around 3275, you see it also
check for a "<home_dir>/.snortrc". Check to see if there is a snort.conf file
find . -name snort.conf -type f -print
If you find one, note where it is, and be sure to use the full path to it when
snort <options> -c /full/path/to/snort.conf
If not, check for .snortrc on the box with:
find . -name .snortrc -type f -print
Not to harp on it, but this is one of the main reasons I'd rather build by
own--I know where I put things! :)
Secondly, you're not specifying the path to the log dir in the correct format.
The command line above shows you using /snort/ as your log directory. That
means "the snort directory right off of the root directory", and not "the
snort directory under the current directory." Just to be safe, lets's specify
full paths all the way around:
/usr/local/bin/snort -dev -l /var/log/snort -h 172.16.0.1/10 -c /etc/snort.conf
Check and see if any of that will help.
> If someone has the time/patience and kindness to email me step by step idiot
> proof directions I would be forever in your debt. I am totally lost
heh... "It might be idiot-proof, but it's not _damned_ idiot
Hope that helps some!
More information about the Snort-users