Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#10470 - Snort does not work.
Attached to Project:
Arch Linux
Opened by Pranay Kanwar (warl0ck) - Thursday, 22 May 2008, 10:12 GMT
Last edited by Andreas Radke (AndyRTR) - Sunday, 15 June 2008, 18:23 GMT
Opened by Pranay Kanwar (warl0ck) - Thursday, 22 May 2008, 10:12 GMT
Last edited by Andreas Radke (AndyRTR) - Sunday, 15 June 2008, 18:23 GMT
|
Details-- Description:
The snort package does not work out of the box. I did the following to get it working 1. Changed 'SNORT_ARGS' in /etc/conf.d/snort to SNORT_ARGS="-A fast -c /etc/snort/snort.conf -p -D" The config file path mainly and added the -A, alert option. 2. In /etc/snort.conf changed the following a. The 'dynamicpreprocessor directory' directive to /usr/lib/snort_dynamicpreprocessor/ b. The 'dynamicengine' directive to /usr/lib/snort_dynamicengine/libsf_engine.so c. Only one of 'stream4' or 'stream5' preprocessors can be enabled, disabled 'stream4'. 3. Could you please build snort with database support (mysql,postgresql etc). -- Additional info: * Tested with snort 2.8.1-1 -- Steps to reproduce: * running snort (#/etc/rc.d/snort start) does not generate alerts. |
This task depends upon
/etc/conf.d/snort should now be well preconfigured following Fedora cvs.