Snort failing at Boot
Mark Sargent
powderkeg at snow.email.ne.jp
Wed Mar 30 08:18:37 UTC 2005
Paul Howarth wrote:
>On Wed, 2005-03-30 at 15:50 +0900, Mark Sargent wrote:
>
>
>>Hi All,
>>
>>I have snort set to start up at boot, but, get an error and it fails. I
>>have checked messages and boot.log, but nothing showing what the actual
>>problem is. It was due to a file not being found, but I wasn't quick
>>enuff to write it down. Where else would I find this info other than the
>>2 logs I mentioned.? Cheers.
>>
>>
>
>Try running the snort initscript again like it would be run at boot
>time.
>
># service snort start
>
>Paul.
>
>
Hi All,
thanx, Paul. This is a source install as it's required to have snort
work with mysql. I followed the tutorial by Patrick Harper, found at his
site,
http://www.whitefrog.com/
and get the following with the service snort start,
[root at localhost ~]# service snort start
snort: unrecognized service
I rebooted and was quick enuff to record the error message,
It gives an error related to this line in the /etc/snort/snort.conf file,
preprocessor http_inspect: global \
iis_unicode_map unicode.map 1252
something about not finding unicode.map. Here is what I get if I run
snort from the cli,
[root at localhost ~]# snort -cv -i eth0
Running in IDS mode
Initializing Network Interface eth0
--== Initializing Snort ==--
Initializing Output Plugins!
Decoding Ethernet on interface eth0
Initializing Preprocessors!
Initializing Plug-ins!
Parsing Rules file v
+++++++++++++++++++++++++++++++++++++++++++++++++++
Initializing rule chains...
ERROR: Unable to open rules file: v or ./v
Fatal Error, Quitting..
Cheers.
Mark Sargent.
More information about the fedora-list
mailing list