No matter what I do with the snort.conf in 2.8.1 I can't get it to read my rule chians. I always get the following when running snort.
Code:
+++++++++++++++++++++++++++++++++++++++++++++++++++
Initializing rule chains...
0 Snort rules read
0 detection rules
0 decoder rules
0 preprocessor rules
0 Option Chains linked into 0 Chain Headers
0 Dynamic rules
+++++++++++++++++++++++++++++++++++++++++++++++++++
I have the rule path defined in the snort.conf file to /etc/snort/rules (which is the path that contains the extracted rule set from snortrules-snapshot-2.8.tar.gz which was downloaded right from the snort.org rules page.
I've verified permissions on the directory and even launched it using the flag to specify the rule path
Code:
./snort -c /etc/snort/rules -i eth1
I've verified that the port is running correctly in promisc mode.
I'm stumped.
Bookmarks