[Snort-users] Rules Problem

Michael Steele michaels at ...155...
Fri Mar 29 09:32:03 EST 2002


Andrew,

Why would you think Linux is any better then Windows for running Snort?
This list may be a majority of *nix users but there are a few windows
users that troll this list, so don't be ashamed ;) I could go on more :)
but back to your question....

By default all your rules, snort.conf, classification.config, and Snort
must reside in the same folder and you MUST run Snort from that folder.
If you want to run Snort from any other place you MUST provide a
complete path in the Snort.conf for the location of your Rules files,
and your classification.config.

IE: include c:\snort\rules\porn.rules
IE: include c:\snort\rules\classification.config

This works only if you have the Rules and Classification.config located
in that folder.

-Michael Steele - michaels at ...155...

-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Andrew
Blevins
Sent: Friday, March 29, 2002 8:02 AM
To: 'Snort Users'
Subject: [Snort-users] Rules Problem

This is so trivial that its almost embarrasing, but hey, this is a
mailing list for a reason, right? :-) I have gotten done installingon my
Windows 2k (don't worry, I'm learning
Linux) Demarc/MySql/Snort (1.8.3), and *almost* everything is working
fine. In my snort.conf file all the preprocessors, and the output
plugins (for the
MySql) work great. However, the rules are not working at all, and every
time I add rules to the snort.conf, and restart snort, it says "0 rules
read", and then in the conf file, it rems out all the rules I added! I
am lost after reading manuals, mail lists, forums, and all the rest.

Blevins



_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users







More information about the Snort-users mailing list