Security Basics mailing list archives
Re: snort updates and changes to snort.conf
From: newsecurityguy <JBASKEW () uncg edu>
Date: Thu, 10 Jul 2008 16:05:41 -0700 (PDT)
Maybe I am not understanding the syntax correctly. I stopped snort, copied my current snort.conf file into the /usr/local/snort/etc directory I created. There I edited the snort.conf file to suppress the events and then attempted to restart snort using the command /usr/sbin/snort -d -D -Q -u snort -g snort -c /usr/local/snort/etc/snort.conf -l /var/log/snort -o -m 022 Snort outputs Initializing Inline mode and then quits with no indication of errors. Running the original command used to start snort /usr/sbin/snort -d -D -Q -u snort -g snort -c /etc/snort/snort.conf -l /var/log/snort -o -m 022 initializes snort and it outputs loaded rules, counts, etc. What am I missing here? I checked the snort.conf file again to make sure the absolute path was used to the rules folder but am not sure what else to look for. Thanks, Blake ------Original Message------ From: Joe Beasley Sender: listbounce () securityfocus com To: newsecurityguy Cc: security-basics () securityfocus com Sent: Jul 1, 2008 8:21 PM Subject: Re: snort updates and changes to snort.conf You don't have to put your snort.conf file in the same directory your *.rules files are in. I keep my snort.conf in /usr/local/snort-version/etc, and keep all the rules in /usr/local/snort-version/rules. All rule updates will have a new snort.conf (which is overwritten each time) in the rules directory, but I start snort with the conf file in the etc directory. -- View this message in context: http://www.nabble.com/snort--updates-and-changes-to-snort.conf-tp18187204p18393779.html Sent from the Security Basics mailing list archive at Nabble.com.
Current thread:
- Re: snort updates and changes to snort.conf David J. Bianco (Jul 02)
- <Possible follow-ups>
- Re: snort updates and changes to snort.conf Joe Beasley (Jul 02)
- Re: snort updates and changes to snort.conf infolookup (Jul 02)
- Re: snort updates and changes to snort.conf newsecurityguy (Jul 11)