Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: new install rules question - solaris

From: "Andrew R. Baker" <andrewb () snort org>
Date: Tue, 05 Nov 2002 17:07:03 -0500
Dan Gahlinger wrote:

-D still doesnt do anything, no matter where i put it
unless I put it at the end of the command line, like:
snort -h 192.168.1.0/24 -s blame_cmg net 192.168.1 -D
then I get:
ERROR: OpenPcap() FSM compilation failed:
        parse error
PCAP command: net 192.168.1 -D
Fatal Error, Quitting..
The problem is that you have 2 non-option arguments after the "-s blame_cmg" on your command line. Presuming that you want to use "net 192.168.1" and a bpf filter, then your command line should look like: 

snort -h 192.168.1.0/24 -s blame_cmg -D net 192.168.1
The bpf filter specified on the command line *must* be after *all* command line options. 



I don't want -d or -v on... I just want alerts and the basic stuff,
no packet captures...
Well, for this, you will want to add a "-c /path/to/config/snort.conf" to your command line to tell Snort to read rules and go into IDS mode. 

-A




-------------------------------------------------------
This sf.net email is sponsored by: See the NEW Palm Tungsten T handheld. Power & Color in a compact size! 
http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0001en
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: