Also sprach Jeffrey L. Taylor (Wed 11 Jun 02003 at 11:18:10AM -0500): > Quoting Michael D. Schleif <mds@helices.org>: > [snip] > > However, I *cannot* start snort! It is not running and I do not know > > how to debug this one. > > > > What do you think? > > > > First check the syslogs for any errors. Some will get logged, some > will just quietly kill Snort. If that doesn't help, start Snort > directly in IDS mode and without detaching into the background. You > will have to RTFM for the options, I have to leave for a meeting now, > and the last time I did this is not in root's .history any more. > > HTH, > Jeffrey Yes, daemon.log led me to this: FATAL ERROR: /etc/snort/snort.conf(177) => Unknown argument \ to http_decode preprocessor: "-unicode" After much googling, I found that /etc/snort/snort.conf was *not* at version 2.x. I re-installed both snort and snort-common, and the CONF is now updated, and snort works, again! I am still not clear as to why this happened? It seems as though updating snort does not automatically update snort-common, which contains the CONF. -- Best Regards, mds mds resource 877.596.8237 - Dare to fix things before they break . . . - Our capacity for understanding is inversely proportional to how much we think we know. The more I know, the more I know I don't know . . . --
Attachment:
pgpsypgfRBFRS.pgp
Description: PGP signature