Snort mailing list archives
Re: More snort problems
From: Erek Adams <erek () theadamsfamily net>
Date: Tue, 9 Jul 2002 08:56:13 -0700 (PDT)
On Mon, 8 Jul 2002, red z wrote:
Yes, I'm an idiot I know what you're thinking.. Ok, in a nutshell I cant do ANYTHING with snort except snort -v . I want to be able to use the NIDS damnit!!
heh... It's Ok. It's not that big of a deal. :) One good thing: snort -v shows traffic. That's good! ;-)
Im running freebsd 4.6. I installed snort by /stand/sysinstall then packages, security, then snort. Maybe it's because my IQ is below a dozen I dont know, but I cant get NIDS running for the life of me. freebsd installed snort in /usr/local/bin/snort
Ok don't get me wrong, I _love_ the idea of packages. But I find that with some things, it's better to build it from the tarball and then packagize the software yourself.
So far my problems are: 1. I cant find snort.conf (or any snort file for that matter) 2. Permissions? I made a directory called snort in /var/log to see if it would fix it and then I did the command snort -h 172.16.0.1/10 -c snort.conf -l/snort/ -dev still an error message!
First, lets see if we can find snort.conf in one of it's default locations. If you look in snort.c at around line 3238 you see snort looking for "/etc/snort.conf", and "./snort.conf". Down around 3275, you see it also check for a "<home_dir>/.snortrc". Check to see if there is a snort.conf file _anywhere_ with: cd / find . -name snort.conf -type f -print If you find one, note where it is, and be sure to use the full path to it when starting snort. snort <options> -c /full/path/to/snort.conf If not, check for .snortrc on the box with: cd / find . -name .snortrc -type f -print Not to harp on it, but this is one of the main reasons I'd rather build by own--I know where I put things! :) Secondly, you're not specifying the path to the log dir in the correct format. The command line above shows you using /snort/ as your log directory. That means "the snort directory right off of the root directory", and not "the snort directory under the current directory." Just to be safe, lets's specify full paths all the way around: /usr/local/bin/snort -dev -l /var/log/snort -h 172.16.0.1/10 -c /etc/snort.conf Check and see if any of that will help.
If someone has the time/patience and kindness to email me step by step idiot proof directions I would be forever in your debt. I am totally lost
heh... "It might be idiot-proof, but it's not _damned_ idiot proof"--Anonymous :) Hope that helps some! ----- Erek Adams Nifty-Type-Guy TheAdamsFamily.Net ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Stuff, things, and much much more. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- More snort problems red z (Jul 08)
- RE: More snort problems Ashley Thomas (Jul 08)
- RE: More snort problems Ashley Thomas (Jul 08)
- Snort and time stamps steveg (Jul 08)
- Re: Snort and time stamps Andrew R. Baker (Jul 09)
- RE: More snort problems Ashley Thomas (Jul 08)
- RE: More snort problems Ashley Thomas (Jul 08)
- Re: More snort problems Terry Dunlap (Jul 09)
- Re: More snort problems Erek Adams (Jul 09)
- <Possible follow-ups>
- RE: More snort problems McCammon, Keith (Jul 09)
- RE: More snort problems - I cant find snort.conf Francesca Milanini (Jul 09)