<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">


<META content="MSHTML 6.00.2719.2200" name=GENERATOR><!--IncrdiXMLRemarkStart>
<IncrdiX-Info>
<X-FID>821ABA67-8734-4E3C-9DCD-98169293092F</X-FID>
<X-FVER>2.0</X-FVER>
<X-FIT>Letter</X-FIT>
<X-FCOL>Art</X-FCOL>
<X-FCAT>Art & Crafts</X-FCAT>
<X-FDIS>Bayeu</X-FDIS>
<X-Extensions>SU1CTDEsNDEsgUmBScGRhSQwJJmdTcGdlYlNiSyVNE3FKDQoTcXBhZnFkcWVgcWROEksSU1CTDIsMCwsSU1CTDMsMCwsVHlwZVZlcnNpb24sMywxLjAs</X-Extensions>
<X-BG>B0DC206C-3A66-4389-A2FC-504DCC187DB2</X-BG>
<X-BGT>repeat</X-BGT>
<X-BGC>#9c3f37</X-BGC>
<X-BGPX>0px</X-BGPX>
<X-BGPY>0px</X-BGPY>
<X-ASN>035964E0-3EFA-11D4-BA3D-0050DAC68030</X-ASN>
<X-ASNF>0</X-ASNF>
<X-ASH>035964E0-3EFA-11D4-BA3D-0050DAC68030</X-ASH>
<X-ASHF>1</X-ASHF>
<X-AN>6486DDE0-3EFD-11D4-BA3D-0050DAC68030</X-AN>
<X-ANF>0</X-ANF>
<X-AP>6486DDE0-3EFD-11D4-BA3D-0050DAC68030</X-AP>
<X-APF>1</X-APF>
<X-AD>7E485C40-4138-11D4-BA3D-0050DAC68030</X-AD>
<X-ADF>0</X-ADF>
<X-AUTO>X-ASN,X-ASH,X-AN,X-AP,X-AD</X-AUTO>
<X-CNT>;</X-CNT>
</IncrdiX-Info>
<IncrdiXMLRemarkEnd--></HEAD>
<BODY 
style="BACKGROUND-POSITION: 0px 0px; FONT-SIZE: 12pt; MARGIN: 3px 10px 10px 90px; BACKGROUND-REPEAT: repeat; FONT-FAMILY: Times New Roman" 
text=#ffffe6 vLink=#80ff80 aLink=#80ff80 link=#80ff80 bgColor=#9c3f37 
background=cid:B0DC206C-3A66-4389-A2FC-504DCC187DB2 scroll=yes ORGYPOS="0" 
SIGCOLOR="65535" X-ADF="0" X-AD="7E485C40-4138-11D4-BA3D-0050DAC68030" X-APF="1" 
X-AP="6486DDE0-3EFD-11D4-BA3D-0050DAC68030" X-ANF="0" 
X-AN="6486DDE0-3EFD-11D4-BA3D-0050DAC68030" X-ASHF="1" 
X-ASH="035964E0-3EFA-11D4-BA3D-0050DAC68030" X-ASNF="0" 
X-ASN="035964E0-3EFA-11D4-BA3D-0050DAC68030" X-FVER="2.0" 
X-FID="821ABA67-8734-4E3C-9DCD-98169293092F" X-FIT="Letter" X-FCAT="Art" 
X-FCOL="Art" X-FDIS="Bayeu">
<DIV><SPAN class=601074222-03012003><FONT face=Arial size=2>Maybe I'm mistaken, 
but I believe I read somehwere that there was a problem with the RULE_PATH 
variable, and you have to just put the full path to each rules file.  At 
least that's what I did, and it works great.</FONT></SPAN></DIV>
<DIV><SPAN class=601074222-03012003><FONT face=Arial 
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=601074222-03012003><FONT face=Arial 
size=2>Cheers,<BR><BR>lance</FONT></SPAN></DIV>
<BLOCKQUOTE>
  <DIV class=OutlookMessageHeader dir=ltr align=left><FONT face=Tahoma 
  size=2>-----Original Message-----<BR><B>From:</B> lee 
  [mailto:lee@...7896...]<BR><B>Sent:</B> Friday, January 03, 2003 1:24 
  PM<BR><B>To:</B> snort-users@lists.sourceforge.net<BR><B>Subject:</B> 
  [Snort-users] new user<BR><BR></FONT></DIV><IMG id=INCREDISETASATTACH 
  src="cid:CA0C559E-5CF8-412D-B3FD-AC90B5E5C925" align=right> 
  <TABLE id=INCREDIMAINTABLE cellSpacing=0 cellPadding=2 width="100%" 
    border=0><TBODY>
    <TR>
      <TD id=INCREDITEXTREGION 
      style="CURSOR: auto; FONT-FAMILY: Times New Roman" vAlign=top 
width="100%">
        <DIV> </DIV>
        <DIV> </DIV>
        <DIV>Help please getting the following</DIV>
        <DIV> </DIV>
        <DIV> </DIV>
        <DIV> </DIV>
        <DIV> </DIV>
        <DIV>C:\SNORT>snort.exe -v -i2 -c c:\snort\snort.conf -l 
        c:\snort\logs<BR>Initializing Output Plugins!<BR>Running in IDS 
        mode<BR>Log directory = c:\snort\logs</DIV>
        <DIV> </DIV>
        <DIV>Initializing Network Interface \<BR>OpenPcap() device 
        \Device\Packet_NdisWanIp network 
        lookup:<BR>        The operation 
        completed successfully.</DIV>
        <DIV> </DIV>
        <DIV><BR>        --== Initializing 
        Snort ==--<BR>Decoding Ethernet on interface 
        \Device\Packet_NdisWanIp<BR>Initializing Preprocessors!<BR>Initializing 
        Plug-ins!<BR>Parsing Rules file c:\snort\snort.conf</DIV>
        <DIV> </DIV>
        <DIV>+++++++++++++++++++++++++++++++++++++++++++++++++++<BR>Initializing 
        rule chains...<BR>ERROR: Unable to open rules file: c:\snort\snort.conf 
        or ./c:\snort\snort.conf<BR>Fatal Error, Quitting..</DIV>
        <DIV> </DIV>
        <DIV>The following are my entries in the config file</DIV>
        <DIV> </DIV>
        <DIV>var RULE_PATH c:/snort/rules</DIV>
        <DIV> </DIV>
        <DIV>My rules are in the above folder, I am running w2k</DIV>
        <DIV> </DIV>
        <DIV>Thanks in advance.</DIV>
        <DIV> </DIV>
        <DIV> </DIV>
        <DIV> </DIV>
        <DIV> </DIV>
        <DIV> </DIV>
        <DIV><BR> </DIV></TD></TR>
    <TR>
      <TD id=INCREDIFOOTER width="100%">
        <TABLE cellSpacing=0 cellPadding=0 width="100%">
          <TBODY>
          <TR>
            <TD width="100%"></TD>
            <TD id=INCREDISOUND vAlign=bottom align=middle></TD>
            <TD id=INCREDIANIM vAlign=bottom 
      align=middle></TD></TR></TBODY></TABLE></TD></TR></TBODY></TABLE><SPAN 
  id=IncrediStamp><SPAN dir=ltr><FONT face="Arial, Helvetica, sans-serif" 
  size=2>____________________________________________________<BR><FONT 
  face="Comic Sans MS" size=2><A 
  href="http://www.incredimail.com/redir.asp?ad_id=309&lang=9"><IMG alt="" 
  hspace=0 src="cid:FC37161B-7AE6-43EE-A028-5FE23321E5AC" align=baseline 
  border=0></A>  <I>IncrediMail</I> - <B>Email has finally evolved</B> - 
  </FONT><A 
  href="http://www.incredimail.com/redir.asp?ad_id=309&lang=9"><FONT 
  face="Times New Roman" size=3><B><U>Click 
  Here</U></B></FONT></A></SPAN></SPAN></FONT></BLOCKQUOTE></BODY></HTML>