You Are Here : Forums Sunday, July 06, 2008
     
Activeworx.org Forums
 
  Forum  IDS Policy Mana...  IDS Policy Mana...  Problem updating snort.conf
Previous Previous
 
Next Next
New Post 7/2/2007 2:59 PM
  ABond
2 posts
No Ranking


Problem updating snort.conf 
Hello all! I have the following problem. When i set parameters for the new sensor i put "/etc/snort/snort.conf" in "Configuration File" field at "Upload Settings" and after that i can't upload my policy to this sensor. If i set "snort.conf" as a configuration file than all goes good but i after that the new snort.conf is under "Upload Directory" which for me is /etc/snort/rules. But snort looks for it's config under /etc/snort/. Sure i can change init-script for snort and point it to "/etc/snort/rules/snort.conf" but is it the only way ? Why is uploading failed when i change the path to configuration file ?
 
New Post 7/2/2007 4:16 PM
  Jeff Dell
219 posts
www.activeworx.com
1st Level Poster


Re: Problem updating snort.conf 
IDSPM uploaded the files based on the way it is configured. If you want snort.conf to be in /etc/snort, then make that the upload directory. all of the other files are uploaded based on this path. This is how snort loads the files too.

also, you want to make sure your variable for RULE_PATH is 'rules' and not the default '../rules'. to upload the rules to /etc/snort/rules when your snort.conf is uploaded to /etc/snort.

I hope this clears things up...

Cheers,
Jeff
 
New Post 7/3/2007 3:24 AM
  Craig C.
15 posts
10th Level Poster


Re: Problem updating snort.conf 

If you have a restart script that restarts the sensor after it uploads the new files you could add a line to it that moves the snort.conf file to where you want it.  I agree that there should be better options in IDSPM for it....but until then, try to do it in the restart script.  Hope that helps!

 

Craig
 
New Post 7/3/2007 3:30 AM
  Jeff Dell
219 posts
www.activeworx.com
1st Level Poster


Re: Problem updating snort.conf 
>I agree that there should be better options in IDSPM for it

If you read my post above you will see you can do exactly what he wants to do already. However, if you think there should a better way, please let us know. We are always open to suggestions.

Cheers,
Jeff
 
New Post 7/3/2007 3:39 AM
  Craig C.
15 posts
10th Level Poster


Re: Problem updating snort.conf 

I guess the issue is that if you don't want to keep your snort.conf file in the same directory that all the rules files are in, there doesn't seem to be a direct way to do that in IDSPM.  For instance: 

 

/etc/snort/snort.conf

/etc/snort/rules/<all rules files>

 

If there is a way to do it in IDSPM, can you show us?  Maybe I'm overlooking something.

 

Thanks,

 

Craig
 
New Post 7/3/2007 3:40 AM
  Craig C.
15 posts
10th Level Poster


Re: Problem updating snort.conf 

Oh, wait.  I get it now.  Sorry for the misunderstanding.

 

THanks,

 

Craig
 
New Post 7/3/2007 7:42 AM
  ABond
2 posts
No Ranking


Re: Problem updating snort.conf 
Thanks !! It works. :)
 
 Page 1 of 1
Previous Previous
 
Next Next
  Forum  IDS Policy Mana...  IDS Policy Mana...  Problem updating snort.conf
 
 
Copyright 2000-2007 by Activeworx, Inc.
All trademarks and copyrights on this page are owned by their respective owners.