You Are Here : Forums Sunday, September 07, 2008
     
Activeworx.org Forums
 
  Forum  IDS Policy Mana...  IDS Policy Mana...  Setting up first policy copies rules to C:\ Root
Previous Previous
 
Next Next
New Post 11/9/2007 6:08 PM
  StephenField
3 posts
www.ahbank.com
No Ranking


Setting up first policy copies rules to C:\ Root 

I have a single snort box running, I have installed IDS Policy Manager on the same PC.

 

I am running IDS Policy Manager 2.2.0.20

 

Snort is installed to: C:\Win-IDS\Snort\ Version 2.8      

 

When I initialized my policy I pointed to C:\Win-IDS\Snort\etc where the snort.conf is located.

 

The Policy Creates just fine.   I can edit variables etc.

 

I then created a sensorand pointed the sensor to C:\Win-IDS\Snort \etc and said the config file is named snort.conf in the sensor setup.

 

When I make changes to the policy and then upload them to the sensor it changes the snort.conf file rulepath setting from

include $RULE_PATH/* on all of the rules to include C:\rulename and copies all of the rules to the root of C:\

 

Any Ideas on what I might be doing wrong?

 

I didn't know if when I created the policy that I should have created a new copy of the snort directory for the master and point to running directory for the sensor?

 

Any help is appreciated.
 
New Post 11/9/2007 6:44 PM
  Jeff Dell
233 posts
www.activeworx.com
1st Level Poster


Re: Setting up first policy copies rules to C:\ Root 

What is the value for $RULE_PATH? it should be something like "C:\Win-IDS\Snort\rules" or "..\rules". I remember there was a problem before with virtual directories.. so if you are using a virtual, try using an absolute directory instead.

 

Cheers,

Jeff
 
New Post 11/9/2007 6:47 PM
  StephenField
3 posts
www.ahbank.com
No Ranking


Re: Setting up first policy copies rules to C:\ Root 
I have set it for both c:\win-ids\snort\rules and ..\rules both result in the rules being copied to the root fo the C:\Drive and IDS changes the path in the snort.conf file to C:\RULE
 
New Post 11/9/2007 6:56 PM
  Jeff Dell
233 posts
www.activeworx.com
1st Level Poster


Re: Setting up first policy copies rules to C:\ Root 

 StephenField wrote
I have set it for both c:\win-ids\snort\rules and ..\rules both result in the rules being copied to the root fo the C:\Drive and IDS changes the path in the snort.conf file to C:\RULE

 

So is it like the path is value is removed completely? If so, can you click on Snort Policies\<policy name>\Rule Groups and see if the directories are set to $RULE_PATH for all groups. if it is not, open one up and set it and check the box to set for all groups. If it was already set, let me know and I will fix it.

 

Cheers,

Jeff
 
New Post 11/9/2007 7:01 PM
  StephenField
3 posts
www.ahbank.com
No Ranking


Re: Setting up first policy copies rules to C:\ Root 

That was it.  The $RULE_PATH in the rule groups was set to C:\

 

Thanks for the help
 
 Page 1 of 1
Previous Previous
 
Next Next
  Forum  IDS Policy Mana...  IDS Policy Mana...  Setting up first policy copies rules to C:\ Root
 
 
Copyright 2000-2007 by Activeworx, Inc.
All trademarks and copyrights on this page are owned by their respective owners.