[Snort-users] Snort 1.9.1/Spade/Snortcenter

Rogier Gerritse Rogier at ...12273...
Mon Aug 16 07:49:28 EDT 2004

First post on this list so: "Hi all"
I'm running Snort on RH7.3 I've used the document by Steven J. Scott and
the systems been running stable for a while now. I was using Snort 2.1.3
and used the react:block response to block all known worm and virus
traffic which worked fine.

Now I'm running Snort 1.9.1 and Spade 030125.1. When I add the Spade
detector rules the following happens in SnortCenter 0.9.6:

Error in /etc/snort/snort.eth1.conf
Restarted snort with previous configuration!!!

Initializing rule chains...
Initializing Preprocessors!
Initializing Plug-ins!
Spade is enabled
Spade state initialized to what is in /var/log/spade/spade.rcv
Spade will record its state to /var/log/spade/spade.rcv after every
50000 updates
Spade's log is /var/log/spade/spade.log
Spade reports will go to both the alert and log facility
Spade homenet set to:
detector 1 enabled with: type=odd-typecode
detector 2 enabled with: type=odd-typecode to=nothome
785 Snort rules read...
785 Option Chains linked into 162 Chain Headers
0 Dynamic rules

Rule application order: 
--== Initialization Complete ==--

-*> Snort! <*-
Version 1.9.1 (Build 231)
By Martin Roesch (roesch at ...1935..., www.snort.org)

Snort sucessfully loaded all rules and checked all rule chains!
Spade got shutdown signal, cleaning up

Spade doesn't work in this config and the old config is loaded. When I
remove the spade-detect lines everything is ok again.

When I use the same config on the command line: snort -U -o -s -S -d -c
/etc/snort/snort.eth1.conf Everything works as it should.

My guess is it has something to do with the command line options
SnortCenter uses. These are in sensor.php but I think I'm missing
something. Any help would be greatly appreciated.

More information about the Snort-users mailing list