Board index Freebsd

snort - box snort: ERROR: Unable to open rules file: webcgi-lib

snort - box snort: ERROR: Unable to open rules file: webcgi-lib

Post by alexu » Tue, 20 Mar 2001 17:25:28



I'm trying to run snort and i'm geting this error

box snort: ERROR: Unable to open rules file: webcgi-lib

anybody?

 
 
 
Top

snort - box snort: ERROR: Unable to open rules file: webcgi-lib

Post by Rob Hughe » Wed, 21 Mar 2001 07:42:20


do you have a webcgi-lib.rules file anywhere on your system? They've change
the format that rules are in and modularized the whole thing.


I'm trying to run snort and i'm geting this error

box snort: ERROR: Unable to open rules file: webcgi-lib

anybody?

 
 
 
Top

snort - box snort: ERROR: Unable to open rules file: webcgi-lib

Post by alexu » Thu, 22 Mar 2001 03:02:51


i don't think so.. i dont even know what it is;) i used snort.conf the one
came with distro.. i dont really understand how does snort works..


> do you have a webcgi-lib.rules file anywhere on your system? They've
change
> the format that rules are in and modularized the whole thing.



> I'm trying to run snort and i'm geting this error

> box snort: ERROR: Unable to open rules file: webcgi-lib

> anybody?

 
 
 
Top

snort - box snort: ERROR: Unable to open rules file: webcgi-lib

Post by Fred Horma » Fri, 27 Apr 2001 02:07:19


Snort reads it's config file from /usr/local/share/snort and should be
snort.conf

Within this file at the bottom is a list of rule files, webcgi-lib.rule
should be a file the same directory. I found that snort also needs the
path to these file, so my mine looks like this:

include /usr/local/share/snort/telnet.rules
include /usr/local/share/snort/virus.rules
include /usr/local/share/snort/web-cgi.rules

Hope this helps
Fredh

PS
Don't use the binary dist. get the newest ports tarball from freebsd.org
it has the new snort 1.7
If you need anymore help email me.


> [-- text/plain, encoding quoted-printable, 7 lines --]

> I'm trying to run snort and i'm geting this error

> box snort: ERROR: Unable to open rules file: webcgi-lib

> anybody?

 
 
 
Top

1. Snort is running, i scanned my computer, but nothing appears in the snort logs

i have snort running
1992 ?        S      0:19 /usr/sbin/snort -u snort -g snort -s -d -D -i
eth0 -l

i then portscanned my computer using nmap, but nothing is in /var/log/snort
but this:




when i view these files, nothing is in alert, portscan.log, and

nothing is in /var/log/messages either. I thought that when my computer gets
portscanned something would appear in portscan.log, but it is empty. Am i
doing something wrong, or are the snort logs stored somewhere else???

thanks,
jp

2. Export Command

3. snort logging - snort.conf

4. Date/Time library functions

5. Snort rules?

6. Problem with "login -f"

7. Snort Rules

8. The New Guy, making a FreeBSD Box

9. Snort problem with squid.rules

10. QUESTION: firewall with snort creating dynamic rules.

11. Are Snort/Squid heavy on resources for 486DX box ?

12. SNORT....alert file

13. I need an init.d (automated startup script) file for SNORT


All times are UTC
Board index