[Snort-users] SNORT (Linux) / MySQL (Win32)

JP Vossen vossenjp at ...8683...
Thu Feb 12 23:04:04 EST 2004


On Wed, 11 Feb 2004, M. Salman Farisi wrote:

> I've tried the rpms of snort but there were problems :
>
> when i tried to restart snortd /etc/init.d/snortd restart [FAILED]
> when i test snort : snort -T -c /etc/snort/snort.conf it said :
>
> ERROR : /etc/snort/snort.conf(285) =>invalid file name for IIS Unicode Map
> file, Fatal Error, Quitting..

That's a known issue.  What RPMs are you using and where did you get them
from?

Try the more recent RPMs at: http://www.starken.com/snort

OR, grab the Snort.org tarball, extract unicode.map and copy it to your
/etc/snort directory.


> Do the rpms packages create database automatically?

No, you must do that yourself when you install ACID.  ACID is NOT included in
any of the RPMs.


> what should i do then?
> I have checked mysql database for user snort but no database created after
> the installation

Read any of the Snort/ACID config guides mentioned in the list archives [1]
for details.  I'd love to have an ACID RPM but don't have the time to build
one...

HTH,
JP

[1] http://www.snort.org/lists.html
------------------------------|:::======|--------------------------------
JP Vossen, CISSP              |:::======|         jp{at}jpsdomain{dot}org
My Account, My Opinions       |=========|       http://www.jpsdomain.org/
------------------------------|=========|--------------------------------
You used to have to reboot the Windows 9.x series every couple of days
because it would crash.  Now you have to reboot Windows 200x or XP every
couple of days because of a patch.  How is that better or more stable?





More information about the Snort-users mailing list