Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: config within snort.conf

From: John Sage <jsage () finchhaven com>
Date: Wed, 19 Mar 2003 05:44:33 -0800
Alberto:

I've recently had much the same experience with

config interface: ppp0

even after I moved all the config's up to the very top of snort.conf

Now I'm back to -i ppp0 in the command line as well.

(Same snort ver: 1.9.1 build 231)

What say ye, Erek?


- John
-- 
"You must define an operating system environment,
 or the configuration file build will puke."

    PGP key: http://www.finchhaven.com/pages/gpg_pubkey.html
Fingerprint: C493 9F26 05A9 6497 9800  4EF6 5FC8 F23D 35A4 F705


On or about Wed, Mar 19, 2003 at 01:00:43AM -0500, Alberto Gonzalez posited:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Erek,

In an earlier e-mail thread you stated that 'config' worked for you within 
your configuration file... here goes..

(root@cerebro)(/etc/snort) uname -a
OpenBSD cerebro.wwjh.net 3.2 GENERIC#25 i386

{ yea yea.... generic.... }

/etc/snort/snort.conf (config section)

##################################################
# Config Parameters
##################################################
config daemon
config dump_payload
config set_uid: snort
config set_gid: snort
config interface: fxp0

{ Im using default /var/log/snort logging btw } 

(root@cerebro)(/etc/snort) snort -T -c /etc/snort/snort.conf
Log directory = /var/log/snort

Initializing Network Interface rl0

[...snip...]

Mar 19 00:49:44 cerebro snort:  Snort sucessfully loaded all rules and 
checked all rule chains!

As you can see, even though I specified fxp0, it still uses rl0. An 
attempt to run snort, it will run fine, but with interface rl0 and run as 
user root and not in daemon mode. Im just having snort drops privs, its 
funky though that

(root@cerebro)(~) snort -d -c /etc/snort/snort.conf -i fxp0 -g snort -u snort -D 

works to perfection. I attempted to try it again since I just moved to 
1.9.1 and last time I checked I couldnt get this to work in 1.9.0. 

{ yea i had rpc_decode off }

(root@cerebro)(/etc/snort) snort -V

- -*> Snort! <*-
Version 1.9.1 (Build 231)
By Martin Roesch (roesch () sourcefire com, www.snort.org)

Anything else you need, though I do run it from the command line with all 
the arguments, buts it all cluttered its purdier to snort -c 
/etc/snort/snort.conf :)

If you need anything I will take the penalty drinks (just an excuse to 
drink really). 

 Cheers,
 Alberto Gonzalez



-------------------------------------------------------
This SF.net email is sponsored by: Does your code think in ink? 
You could win a Tablet PC. Get a free Tablet PC hat just for playing. 
What are you waiting for?
http://ads.sourceforge.net/cgi-bin/redirect.pl?micr5043en
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: