Request for help with ppp0 configuration of snort -- NEWBIE --

[Dave.Hartley () uk delarue com]

Hello,
        A while ago I posed a question regarding a home deployment of Snort.
I received a very helpful answer from the following two list members:
 
Erek Adams & John Sage
 
My situation was and is that I am running a dial up connection at home using
KPPP.  I have the latest version of snort, ACID, APACHE, PHP, and Snort GUI.
 
I have configured all of these per the set up guides available from
<http://www.snort.org/docs/snort_acid_rh9.pdf>
http://www.snort.org/docs/snort_acid_rh9.pdf and
<http://users.pandora.be/larc/documentation/>
http://users.pandora.be/larc/documentation/
 
The additional information I was given from this list was to configure my
sensor as follows:
 
var HOME_NET $ppp0_ADDRESS
 
Sensor Name: Snort_1
Sensor IP: 127.0.0.1 
Port: 2525
Username:
Password:
Agent Type: 
Interface to sniff: ppp0
Snort Command Line: snort -b -i ppp0 -o -c /etc/snort/snort.conf
 
However I have only just found time to work on this machine, and I have an
additional problem.  Maybe someone can help??
 
I can download the Rules (Import from Web).  When I try to push or start the
sensor, I receive the following error, and the status informs me that snort
has not started:

Error in /snortcenter/sensor/rules//snort.ppp0.conf
Started snort with previous configuration!!!
Current config file error:
Running in IDS mode
Log directory = /var/log/snort
 
Initializing Network Interface ppp0
ERROR: OpenPcap() FSM compilation failed:
PCAP command: %s
 
Fatal Error, Quitting..
 
I have checked the /var/log/snort directory and no files are present?
 
Can anyone assist??

Thanks


This message is strictly private and contains confidential information intended only for the use of the person named 
above. If you have received this e-mail in error and are not the intended recipient you must not disclose, copy or 
distribute it to anyone else. Please immediately advise the sender and delete this email and all attachments.