[Snort-users] Snort not running

Erik Nyman eny at ...10442...
Mon Nov 10 11:54:10 EST 2003


Hi!

I thought that I had installed them, and when we searched a little more in
the archives we found out that it probably went wrong when installing PHP.

We tried to reinstall it, but it didn't work out well. My colleage and I are
newbies to Linux, so we did a complete reinstall.

And when we came to the part were to install PHP, we got the same error
again... It turned out that we had missed one space that shouldn't be there
(copy paste) and a missing dash.

Probably it should have worked in the first installation.

-------

Another question, we get a false positive on http on port 8080, that we run
our proxy on. But we also run http on port 80 on local machines. How should
we configure Snort to not make an alert on that? In the snort.conf there is
one line that looks like this:

var HTTP_PORTS 80

I found this when I Googled,

----8<----
There are no port lists support right now other than
var HTTP_PORTS 80:8080 to cover the whole range.

The kludge is

var HTTP_PORTS 80
include web-iis.rules
var HTTP_PORTS 8080
include web-iis.rules
----8<----

As I understand this is that I can have more than one line with "variables",
right? And if I still want a rulefile to test on that sort of traffic I can
add this include thing, right?

Or how should it be done properly?

And another another thing, must I restart Snort if I add or change
rules-files, and in that case, how do I restart it?

A lot of questions from a newbee.

Best regards,

Erik Nyman

> -----Original Message-----
> From: snort-users-admin at lists.sourceforge.net
> [mailto:snort-users-admin at lists.sourceforge.net]On Behalf Of
> Josh Berry
> Sent: Monday, November 10, 2003 3:51 PM
> To: Nyman Erik-IT-Enheten
> Cc: 'snort-users at lists.sourceforge.net'
> Subject: Re: [Snort-users] Snort not running
>
>
> You must be using the mysql output plugin.  Do you have the
> correct MySQL
> libraries installed, or have you installed them at all?
>
> > Hi!
> >
> > I have installed Snort on a RH following the installation
> document written
> > by Patrick Harper. But Snort won't run for us, and we can't
> understand
> > why.
> >
> > If we run the command snort -c /etc/snort/snort.conf, we
> get the following
> > message:
> >
> > snort: error while loading shared libraries:
> libmysqlclient.so.12: cannot
> > open shared object file: No such file or directory
> >
> > What shall we do? What went wrong?
> >
> > ----------
> > Erik Nyman
> >
> >
> > -------------------------------------------------------
> > This SF.Net email sponsored by: ApacheCon 2003,
> > 16-19 November in Las Vegas. Learn firsthand the latest
> > developments in Apache, PHP, Perl, XML, Java, MySQL,
> > WebDAV, and more! http://www.apachecon.com/
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> >
>
>
> Thanks,
> Josh Berry, CTO
> LinkNet-Solutions
> 469-831-8543
> josh.berry at ...10268...
>
>
>
> -------------------------------------------------------
> This SF.Net email sponsored by: ApacheCon 2003,
> 16-19 November in Las Vegas. Learn firsthand the latest
> developments in Apache, PHP, Perl, XML, Java, MySQL,
> WebDAV, and more! http://www.apachecon.com/
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users





More information about the Snort-users mailing list