No matter what I do with the snort.conf in 2.8.1 I can't get it to read my rule chians. I always get the following when running snort.
I have the rule path defined in the snort.conf file to /etc/snort/rules (which is the path that contains the extracted rule set from snortrules-snapshot-2.8.tar.gz which was downloaded right from the snort.org rules page.
Initializing rule chains...
0 Snort rules read
0 detection rules
0 decoder rules
0 preprocessor rules
0 Option Chains linked into 0 Chain Headers
0 Dynamic rules
I've verified permissions on the directory and even launched it using the flag to specify the rule path
I've verified that the port is running correctly in promisc mode.
./snort -c /etc/snort/rules -i eth1