Pantek Library
Hosting Provided By
CybrHost
High Speed Hosting
Mailing Lists: snort.org > snort-users > 03 > 031243.html (Request Expert snort.org Support)

[Snort-users] config within snort.conf

From: Alberto Gonzalez <albertg(at)wwjh.net>
Date: Wed Mar 19 2003 - 01:00:43 EST


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Erek,

In an earlier e-mail thread you stated that 'config' worked for you within your configuration file... here goes..

(root@cerebro)(/etc/snort) uname -a
OpenBSD cerebro.wwjh.net 3.2 GENERIC#25 i386

{ yea yea.... generic.... }

/etc/snort/snort.conf (config section) 

##################################################
# Config Parameters 
##################################################
config daemon
config dump_payload
config set_uid: snort
config set_gid: snort
config interface: fxp0

{ Im using default /var/log/snort logging btw }

(root@cerebro)(/etc/snort) snort -T -c /etc/snort/snort.conf Log directory = /var/log/snort

Do you need help?X

Initializing Network Interface rl0

[...snip...]

Mar 19 00:49:44 cerebro snort: Snort sucessfully loaded all rules and checked all rule chains!

As you can see, even though I specified fxp0, it still uses rl0. An attempt to run snort, it will run fine, but with interface rl0 and run as user root and not in daemon mode. Im just having snort drops privs, its funky though that

(root@cerebro)(~) snort -d -c /etc/snort/snort.conf -i fxp0 -g snort -u snort -D

works to perfection. I attempted to try it again since I just moved to 1.9.1 and last time I checked I couldnt get this to work in 1.9.0.

{ yea i had rpc_decode off }

(root@cerebro)(/etc/snort) snort -V

  • -*> Snort! <*- Version 1.9.1 (Build 231) By Martin Roesch (roesch@sourcefire.com, www.snort.org)
Do you need more help?X

Anything else you need, though I do run it from the command line with all the arguments, buts it all cluttered its purdier to snort -c /etc/snort/snort.conf :)

If you need anything I will take the penalty drinks (just an excuse to drink really).

 Cheers,
 Alberto Gonzalez

  • -- "Success comes to the person who does today, what you are thinking of doing tomorrow."

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE+eAeOa3vAB/3yp/IRAgOqAJ9X2r2DL9zEovk+492otJJDF3lkvACePHiv 0W8bYfPm0Y5Kk7f5j2tCkX8=
=/MK3
-----END PGP SIGNATURE-----


This SF.net email is sponsored by: Does your code think in ink? You could win a Tablet PC. Get a free Tablet PC hat just for playing. What are you waiting for?
http://ads.sourceforge.net/cgi-bin/redirect.pl?micr5043en

Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users Received on Wed Mar 19 01:05:34 2003

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:11:49 EDT

Contact Us  Legal Notices  Order Services Online 
Pantek Home  Privacy Policy  IT news  Site Map  Pantek Library