[Snort-users] Running Snort 1.9.0 from shell script

Randy Bey Randy.Bey at ...6683...
Tue Oct 15 07:30:09 EDT 2002


> 
> Actually, I'd have to say Michael is right.  I'd be willing to be that
you
> are
> using an old config file from another version in your script.  What I
> would
> suggest is to download the tarball, not the RPM, and then grab the
.conf
> from
> it.  Config it and then use "-c /wherever/snort.conf"
> 
> We're not saying you're crazy, we're just saying that it doesn't
> match/make
> sense.  :)  It's the 'law of averages'.  So far you're the only person
> with
> this problem, so it seems that what you're seeing is unique to you.

Maybe not if the same conf file is referenced in the script and from the
command line.

I don't think this is a snort issue; it sounds like a shell coding
issue. The reference to "../rules" is what they call a relative path,
and I would replace it with an absolute path myself (starting with a /,
as in /etc/snort/rules). I blather on but I think the var in question is
RULE_PATH, although there's a couple other PATHs in the snort.conf.

When you run your script you may not be in the same working directory as
when you run the command from the command line. Or your script might not
correctly set the current working directory.

That's where I would look, were I you.

Randy Bey
Rivernorth Systems





More information about the Snort-users mailing list