On Sat, 12 Jun 2004 11:21 pm, Charles Grellois wrote: > James Sinnamon wrote: > > Dear Debian firewallers,
> > I am running snort: > > > > greenhouse:/etc/snort# ps axww | grep snort > > 1723 ? Ss 0:01 /usr/sbin/snort -m 027 -D -c > > /etc/snort/snort.conf > > > -l /var/log/snort -d -u snort -g snort -O -S HOME_NET=[192.168.0.0/24] -i > > eth0, > > > > .... but the log files are empty: > > > > greenhouse:/etc/snort# ls -l /var/log/snort/ > > total 0 > > -rw-r----- 1 snort adm 0 2004-06-12 15:50 alert > > -rw-r----- 1 root adm 0 2004-06-12 16:53 > > snort.log.1087023225 > > > > Can anyone spot the problem? > > > > TIA > > > > James Sinnamon > > I had the same problem because Snort didn't recognize my rules > directory. I fixed it by using snort -C /path/to/rules & . It's working > now. > > I hope it'll help you, Firstly, thanks for your very prompt reply. I still had problems though. This is the command I used: /usr/sbin/snort -m 027 -D -c /etc/snort/snort.conf -l /var/log/snort -\ -C /etc/snort/rules/ -d -u snort -g snort -O -S HOME_NET=[192.168.0.0/24] \ -i eth0 ... and this is the output in /var/log/daemon.log : greenhouse:/var/log# tail -1f daemon.log Jun 12 23:49:44 greenhouse snort: FATAL ERROR: OpenPcap() FSM compilation failed: ^Isyntax error PCAP command: /etc/snort/rules Any ideas? Thanks again. regards, James -- James Sinnamon jps at westnet com auStralia ph +61 412 319669, +61 2 95692123, +61 2 95726357
