[Snort-users] Snort 1.9.1/Spade/Snortcenter

Rogier Gerritse Rogier at ...12273...
Mon Aug 16 07:49:28 EDT 2004


First post on this list so: "Hi all"
 
I'm running Snort on RH7.3 I've used the document by Steven J. Scott and
the systems been running stable for a while now. I was using Snort 2.1.3
and used the react:block response to block all known worm and virus
traffic which worked fine.

Now I'm running Snort 1.9.1 and Spade 030125.1. When I add the Spade
detector rules the following happens in SnortCenter 0.9.6:

[log]
Error in /etc/snort/snort.eth1.conf
Restarted snort with previous configuration!!!

...snip...
Initializing rule chains...
Initializing Preprocessors!
Initializing Plug-ins!
Spade is enabled
Spade state initialized to what is in /var/log/spade/spade.rcv
Spade will record its state to /var/log/spade/spade.rcv after every
50000 updates
Spade's log is /var/log/spade/spade.log
Spade reports will go to both the alert and log facility
Spade homenet set to: 172.16.0.0/16
detector 1 enabled with: type=odd-typecode
detector 2 enabled with: type=odd-typecode to=nothome
...snip...
785 Snort rules read...
785 Option Chains linked into 162 Chain Headers
0 Dynamic rules
+++++++++++++++++++++++++++++++++++++++++++++++++++

Rule application order: 
--== Initialization Complete ==--

-*> Snort! <*-
Version 1.9.1 (Build 231)
By Martin Roesch (roesch at ...1935..., www.snort.org)

Snort sucessfully loaded all rules and checked all rule chains!
Spade got shutdown signal, cleaning up
[/log]

Spade doesn't work in this config and the old config is loaded. When I
remove the spade-detect lines everything is ok again.

When I use the same config on the command line: snort -U -o -s -S -d -c
/etc/snort/snort.eth1.conf Everything works as it should.

My guess is it has something to do with the command line options
SnortCenter uses. These are in sensor.php but I think I'm missing
something. Any help would be greatly appreciated.




More information about the Snort-users mailing list