RE: [Snort-users] Snort not running
This is a discussion on RE: [Snort-users] Snort not running within the Snort forums, part of the System Security and Security Related category; Hi! I thought that I had installed them, and when we searched a little more in the archives we found ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
11-10-2003
|
|||
|
|||
RE: [Snort-users] Snort not running
Hi!
I thought that I had installed them, and when we searched a little more in the archives we found out that it probably went wrong when installing PHP. We tried to reinstall it, but it didn't work out well. My colleage and I are newbies to Linux, so we did a complete reinstall. And when we came to the part were to install PHP, we got the same error again... It turned out that we had missed one space that shouldn't be there (copy paste) and a missing dash. Probably it should have worked in the first installation. ------- Another question, we get a false positive on http on port 8080, that we run our proxy on. But we also run http on port 80 on local machines. How should we configure Snort to not make an alert on that? In the snort.conf there is one line that looks like this: var HTTP_PORTS 80 I found this when I Googled, ----8<---- There are no port lists support right now other than var HTTP_PORTS 80:8080 to cover the whole range. The kludge is var HTTP_PORTS 80 include web-iis.rules var HTTP_PORTS 8080 include web-iis.rules ----8<---- As I understand this is that I can have more than one line with "variables", right? And if I still want a rulefile to test on that sort of traffic I can add this include thing, right? Or how should it be done properly? And another another thing, must I restart Snort if I add or change rules-files, and in that case, how do I restart it? A lot of questions from a newbee. Best regards, Erik Nyman > -----Original Message----- > From: snort-users-admin@lists.sourceforge.net > [mailto:snort-users-admin@lists.sourceforge.net]On Behalf Of > Josh Berry > Sent: Monday, November 10, 2003 3:51 PM > To: Nyman Erik-IT-Enheten > Cc: 'snort-users@lists.sourceforge.net' > Subject: Re: [Snort-users] Snort not running > > > You must be using the mysql output plugin. Do you have the > correct MySQL > libraries installed, or have you installed them at all? > > > Hi! > > > > I have installed Snort on a RH following the installation > document written > > by Patrick Harper. But Snort won't run for us, and we can't > understand > > why. > > > > If we run the command snort -c /etc/snort/snort.conf, we > get the following > > message: > > > > snort: error while loading shared libraries: > libmysqlclient.so.12: cannot > > open shared object file: No such file or directory > > > > What shall we do? What went wrong? > > > > ---------- > > Erik Nyman > > > > > > ------------------------------------------------------- > > This SF.Net email sponsored by: ApacheCon 2003, > > 16-19 November in Las Vegas. Learn firsthand the latest > > developments in Apache, PHP, Perl, XML, Java, MySQL, > > WebDAV, and more! http://www.apachecon.com/ > > _______________________________________________ > > Snort-users mailing list > > Snort-users@lists.sourceforge.net > > Go to this URL to change user options or unsubscribe: > > https://lists.sourceforge.net/lists/...fo/snort-users > > Snort-users list archive: > > http://www.geocrawler.com/redir-sf.p...st=snort-users > > > > > Thanks, > Josh Berry, CTO > LinkNet-Solutions > 469-831-8543 > josh.berry@linknet-solutions.com > > > > ------------------------------------------------------- > This SF.Net email sponsored by: ApacheCon 2003, > 16-19 November in Las Vegas. Learn firsthand the latest > developments in Apache, PHP, Perl, XML, Java, MySQL, > WebDAV, and more! http://www.apachecon.com/ > _______________________________________________ > Snort-users mailing list > Snort-users@lists.sourceforge.net > Go to this URL to change user options or unsubscribe: > https://lists.sourceforge.net/lists/...fo/snort-users > Snort-users list archive: > http://www.geocrawler.com/redir-sf.p...st=snort-users ------------------------------------------------------- This SF.Net email sponsored by: ApacheCon 2003, 16-19 November in Las Vegas. Learn firsthand the latest developments in Apache, PHP, Perl, XML, Java, MySQL, WebDAV, and more! http://www.apachecon.com/ _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
