OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Deyoung, Richard E. - Raleigh, NC (RDeyoung_at_email.usps.gov)
Date: Thu Jan 30 2003 - 14:57:26 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    G'day all.

    I've been experimenting with migrating all of the command line options
    into the particular snort configuration file I'm using at run-time and
    have found that even if I start snort with the "-c" switch, and have
    specified my logging directory as "/var/log/foo", snort will not pick up
    my config directive but will continue to try and log to
    "/var/log/snort".
    NOTE:
    The other vars, preprocessor, and output plug-ins are being read
    successfully from my main config file; it's only the "config" directives
    that it's failing to pick up.

    [Particulars]
    OSver: Redhat v7.3
    Snortver: 1.9.0, Build 209
    Other configs: All var, preprocessor, and output plug-ins, as well as
                            Config directives have been implemented in a
    single file

    [Specific configs as they exist in the main config file with all of the
    other "stuff"]

    config decode_data_link
    config daemon
    config show_year
    config interface: eth1
    config logdir: /var/log/foo
    config utc
    config dump_payload_verbose

    [Questions]
    1. Will snort v1.9.0 support a single, main configuration file?
    2. If not, which portions of the default config file that comes with the
    source, can be excluded from the main config file and included in an
    alternate file (which could be referenced by the "include"
    directive....)

    Thanks all,
    Richard DeYoung
    Email: RDeYoungemail.usps.gov
    _______________________________________________________________________
    |Notice: This e-mail message, including any attachments, is
    |for the sole use of the intended recipients and may contain sensitive
    |and privileged information. Any unauthorized review, use, disclosure
    |or distribution is prohibited. If you are not the intended recipient,
    |please contact the sender by reply e-mail and destroy all copies of
    |the original message.
    |_______________________________________________________________________

    -------------------------------------------------------
    This SF.NET email is sponsored by:
    SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
    http://www.vasoftware.com
    _______________________________________________
    Snort-users mailing list
    Snort-userslists.sourceforge.net
    Go to this URL to change user options or unsubscribe:
    https://lists.sourceforge.net/lists/listinfo/snort-users
    Snort-users list archive:
    http://www.geocrawler.com/redir-sf.php3?list=snort-users