Package: snort
Version: 2.8.5.2-1
Severity: important
The debcnof question about Pass|Alert|Log supplies a -o flag in
/etc/snort/snort.debian.conf (via DEBIAN_SNORT_OPTIONS).
Snort no longer supports this flag, and will not start if it is provided
on the command line.
This in turn results in a failure to configure, leading to a broken
package install that can't be fixed without by dpkg-reconfigure unless
you supply the "--force" option and guess the right question.
(Just editing the offending option out of /etc/snort/snort.debian.conf
doesn't work, as it's immediately overwritten.)
All very annoying.
(AFAICT, Pass first is now the default; use the --alert-before-pass
option to get the old default.)
While you're at it, the not-starting error message
ERROR: failed (check /var/log/syslog and /var/log/snort)
doesn't mention the most useful place, /var/log/daemon.log
Thanks!
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
