[Snort-users] Rules Problem

Turner Ryan S CONT KPWA TurnerRS at ...160...
Fri Mar 29 08:32:02 EST 2002


I remember being in your shoes, theres some things here and there that could
be clarified in the demarc installation guide, I've even thought about
making a few mods and resubmitting it to them. If my memory serves me right
you need to specify the full path to the rules in snort.conf.

include bad-traffic.rules
include C:\snort\bad-traffic.rules

If that doesn't work let me know, I think I'm going to be playing with those
toys today anyways. I've only been testing it here and there, so I'm by no
means a demarc pro.

-----Original Message-----
From: Andrew Blevins [mailto:ABlevins at ...5433...]
Sent: Friday, March 29, 2002 8:02 AM
To: 'Snort Users'
Subject: [Snort-users] Rules Problem


This is so trivial that its almost embarrasing, but hey, this is a mailing
list for a reason, right? :-)
I have gotten done installingon my Windows 2k (don't worry, I'm learning
Linux) Demarc/MySql/Snort (1.8.3), and *almost* everything is working fine.
In my snort.conf file all the preprocessors, and the output plugins (for the
MySql) work great. However, the rules are not working at all, and every time
I add rules to the snort.conf, and restart snort, it says "0 rules read",
and then in the conf file, it rems out all the rules I added! I am lost
after reading manuals, mail lists, forums, and all the rest.

Blevins



_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users





More information about the Snort-users mailing list