[Snort-users] snort rules not being read

twig les twigles at ...131...
Wed Sep 4 09:07:05 EDT 2002


1. What did you do to make snort start at boot?  Show
us the script and where you put it.

2. What is the RULE_PATH specified in your snort.conf?

--- Donnie Green <d_greenjr at ...125...> wrote:
> I'm running RH7.3, snort-1.8.7, logging to
> /var/log/snort.
> 
> I have two problems: (1)When I boot Linux, snort
> does not start up and (2) I
> cannot get snort to read in the rules even if I use
> the command "snort -i
> eth0 -c /etc/snort" after booting.  Below is a
> portion of the output of
> preceeding command.  Does anyone have a
> configuration that works??
> 
> 
> hostname#  snort -i eth0 -c /etc/snort
> Log directory = /var/log/snort
> 
> Initializing Network Interface eth0
> 
>         --== Initializing Snort ==--
> Decoding Ethernet on interface eth0
> Initializing Preprocessors!
> Initializing Plug-ins!
> Initializating Output Plugins!
> Parsing Rules file /etc/snort
> 
> +++++++++++++++++++++++++++++++++++++++++++++++++++
> Initializing rule chains...
> 0 Snort rules read...
> 0 Option Chains linked into 0 Chain Headers
> 0 Dynamic rules
> +++++++++++++++++++++++++++++++++++++++++++++++++++
> 
> Rule application order:
> ->activation->dynamic->alert->pass->log
> 
>         --== Initialization Complete ==--
> 
> -*> Snort! <*-
> Version 1.8.7 (Build 128)
> 
>
_________________________________________________________________
> MSN Photos is the easiest way to share and print
> your photos: 
> http://photos.msn.com/support/worldwide.aspx
> 
> 
> 
>
-------------------------------------------------------
> This sf.net email is sponsored by: OSDN - Tired of
> that same old
> cell phone?  Get a new here for FREE!
>
https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or
> unsubscribe:
>
https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
>
http://www.geocrawler.com/redir-sf.php3?list=snort-users


=====
-----------------------------------------------------------
Heavy metal made me do it.                        
-----------------------------------------------------------

__________________________________________________
Do You Yahoo!?
Yahoo! Finance - Get real-time stock quotes
http://finance.yahoo.com




More information about the Snort-users mailing list