Paul Howarth wrote:
On Wed, 2005-03-30 at 15:50 +0900, Mark Sargent wrote:
Hi All,
I have snort set to start up at boot, but, get an error and it fails. I have checked messages and boot.log, but nothing showing what the actual problem is. It was due to a file not being found, but I wasn't quick enuff to write it down. Where else would I find this info other than the 2 logs I mentioned.? Cheers.
Try running the snort initscript again like it would be run at boot time.
# service snort start
Paul.
Hi All,
thanx, Paul. This is a source install as it's required to have snort work with mysql. I followed the tutorial by Patrick Harper, found at his site,
http://www.whitefrog.com/
and get the following with the service snort start,
[root@localhost ~]# service snort start
snort: unrecognized service
I rebooted and was quick enuff to record the error message,
It gives an error related to this line in the /etc/snort/snort.conf file,
preprocessor http_inspect: global \ iis_unicode_map unicode.map 1252
something about not finding unicode.map. Here is what I get if I run snort from the cli,
[root@localhost ~]# snort -cv -i eth0 Running in IDS mode
Initializing Network Interface eth0
--== Initializing Snort ==-- Initializing Output Plugins! Decoding Ethernet on interface eth0 Initializing Preprocessors! Initializing Plug-ins! Parsing Rules file v
+++++++++++++++++++++++++++++++++++++++++++++++++++ Initializing rule chains... ERROR: Unable to open rules file: v or ./v Fatal Error, Quitting.. Cheers.
Mark Sargent.
