Re: snort updates and changes to snort.conf

Maybe I am not understanding the syntax correctly. I stopped snort, copied my
current snort.conf file into the /usr/local/snort/etc directory I created.
There I edited the snort.conf file to suppress the events and then attempted
to restart snort using the command

/usr/sbin/snort -d -D -Q -u snort -g snort -c
/usr/local/snort/etc/snort.conf -l /var/log/snort -o -m 022

Snort outputs Initializing Inline mode and then quits with no indication of
errors. Running the original command used to start snort
/usr/sbin/snort -d -D -Q -u snort -g snort -c /etc/snort/snort.conf -l
/var/log/snort -o -m 022
initializes snort and it outputs loaded rules, counts, etc. What am I
missing here? I checked the snort.conf file again to make sure the absolute
path was used to the rules folder but am not sure what else to look for.

Thanks,
Blake

------Original Message------
From: Joe Beasley
Sender: listbounce_at_securityfocus.com
To: newsecurityguy
Cc: security-basics_at_securityfocus.com
Sent: Jul 1, 2008 8:21 PM
Subject: Re: snort updates and changes to snort.conf

You don't have to put your snort.conf file in the same directory your
*.rules files are in. I keep my snort.conf
in /usr/local/snort-version/etc, and keep all the rules
in /usr/local/snort-version/rules.

All rule updates will have a new snort.conf (which is overwritten each
time) in the rules directory, but I start snort with the conf file in
the etc directory.

-- 
View this message in context: http://www.nabble.com/snort--updates-and-changes-to-snort.conf-tp18187204p18393779.html
Sent from the Security Basics mailing list archive at Nabble.com.