Also sprach Jeffrey L. Taylor (Wed 11 Jun 02003 at 11:18:10AM -0500): > Quoting Michael D. Schleif <[EMAIL PROTECTED]>: > [snip] > > However, I *cannot* start snort! It is not running and I do not know > > how to debug this one. > > > > What do you think? > > > > First check the syslogs for any errors. Some will get logged, some > will just quietly kill Snort. If that doesn't help, start Snort > directly in IDS mode and without detaching into the background. You > will have to RTFM for the options, I have to leave for a meeting now, > and the last time I did this is not in root's .history any more. > > HTH, > Jeffrey
Yes, daemon.log led me to this:
FATAL ERROR: /etc/snort/snort.conf(177) => Unknown argument \
to http_decode preprocessor: "-unicode"
After much googling, I found that /etc/snort/snort.conf was *not* at
version 2.x.
I re-installed both snort and snort-common, and the CONF is now updated,
and snort works, again!
I am still not clear as to why this happened?
It seems as though updating snort does not automatically update
snort-common, which contains the CONF.
--
Best Regards,
mds
mds resource
877.596.8237
-
Dare to fix things before they break . . .
-
Our capacity for understanding is inversely proportional to how much
we think we know. The more I know, the more I know I don't know . . .
--
pgp00000.pgp
Description: PGP signature
