Snort mailing list archives
Re: unable to wash traffic through rules files
From: Erek Adams <erek () snort org>
Date: Mon, 13 Jan 2003 09:20:00 -0500 (EST)
On Sun, 12 Jan 2003, don wrote:
I am using snort 1.9.0 and am unable to get it to work pse see the below noted I would be most grateful for any ideas as to what I am doing wrong. I am fully conversant with tcpdump/ethereal and the such but this is stumping me!!! monkeylabs:/home/don/Documents/snort-1.9.0/src # ./snort -dvr /home/don/ch1.capture -A full -c netbios.rules Initializing Output Plugins! Log directory = /var/log/snort TCPDUMP file reading mode. Reading network traffic from "/home/don/ch1.capture" file. snaplen = 65535 --== Initializing Snort ==-- Initializing Preprocessors! Initializing Plug-ins! Parsing Rules file netbios.rules +++++++++++++++++++++++++++++++++++++++++++++++++++ Initializing rule chains... ERROR: Unable to open rules file: netbios.rules or ./netbios.rules Fatal Error, Quitting..
[...snip...] Ummm.... It can't find the file "netbios.rules" or "./netbios.rules". Put in the full path to the file that you intend to use and that error should be fixed. But... You'll have another error then. Save yourself the time and simply configure the snort.conf that comes with Snort. Simply fill in HOME_NET with the subnet that you want to watch and set EXTERNAL to !$HOME_NET (not HOME_NET). Then for the other plugins, you can configure them, but for testing, you'd be fine to leave them at your defaults. Hope that helps! ----- Erek Adams "When things get weird the wierd turn pro." H.S. Thompson ------------------------------------------------------- This SF.NET email is sponsored by: FREE SSL Guide from Thawte are you planning your Web Server Security? Click here to get a FREE Thawte SSL guide and find the answers to all your SSL security issues. http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0026en _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- unable to wash traffic through rules files don (Jan 13)
- Re: unable to wash traffic through rules files Erek Adams (Jan 13)
- <Possible follow-ups>
- RE: unable to wash traffic through rules files Hicks, John (Jan 13)
- RE: unable to wash traffic through rules files Gonzalez, Albert (Jan 13)