Error Unable To Open Rules File /etc/snort/rules/local.rules
Start here for a quick overview of the site Help Center Detailed answers to any questions you might have Meta Discuss the workings and policies of this site About Us Learn more about Stack Overflow the company Business Learn more about hiring developers or posting ads with us Server Fault Questions Tags Users Badges Unanswered Ask Question _ Server Fault is a question and answer site for system and network administrators. Join them; it only takes a minute: Sign up Here's how it works: Anybody can ask a question Anybody can answer The best answers are voted up and rise to the top Snort: Unable to open rules file up vote 1 down vote favorite 1 This is my first with snort. And I can't get it to run. I followed this tutorial exactly. And I have fedora 21. Here's the output from snort -c /etc/snort/snort.conf -v -i enp0s3: Running in IDS mode --== Initializing Snort ==-- Initializing Output Plugins! Initializing Preprocessors! Initializing Plug-ins! Parsing Rules file "/etc/snort/snort.conf" PortVar 'HTTP_PORTS' defined : [ 80:81 311 383 591 593 901 1220 1414 1741 1830 2301 2381 2809 3037 3128 3702 4343 4848 5250 6988 7000:7001 7144:7145 7510 7777 7779 8000 8008 8014 8028 8080 8085 8088 8090 8118 8123 8180:8181 8243 8280 8300 8800 8888 8899 9000 9060 9080 9090:9091 9443 9999 11371 34443:34444 41080 50002 55555 ] PortVar 'SHELLCODE_PORTS' defined : [ 0:79 81:65535 ] PortVar 'ORACLE_PORTS' defined : [ 1024:65535 ] PortVar 'SSH_PORTS' defined : [ 22 ] PortVar 'FTP_PORTS' defined : [ 21 2100 3535 ] PortVar 'SIP_PORTS' defined : [ 5060:5061 5600 ] PortVar 'FILE_DATA_PORTS' defined : [ 80:81 110 143 311 383 591 593 901 1220 1414 1741 1830 2301 2381 2809 3037 3128 3702 4343 4848 5250 6988 7000:7001 7144:7145 7510 7777 7779 8000 8008 8014 8028 8080 8085 8088 8090 8118 8123 8180:8181 8243 8280 8300 8800 8888 8899 9000 9060 9080 9090:9091 9443 9999 11371 34443:34444 41080 50002 55555 ] PortVar 'GTP_PORTS'
SCAP-on-Apple SmartCard Services WebKit XQuartz Contact Terms of Use Privacy Policy All user-submitted text and content on this website is licensed under a Creative Commons Attribution 2.5 License unless otherwise noted. Copyright © 2011 Apple Inc. All rights reserved. New Ticket Tickets Wiki Browse Source Timeline Roadmap Ticket Reports Search Search: Context Navigation ← Previous TicketNext Ticket → Ticket #46320 (closed defect: fixed) Opened 22 http://serverfault.com/questions/660273/snort-unable-to-open-rules-file months ago Last modified 8 weeks ago net/snort: missing rules files from default snort.conf Reported by: pixilla@… Owned by: jul_bsd@… Priority: Normal Milestone: Component: ports Version: 2.3.3 Keywords: Cc: Port: snort Description $ snort -T -c /opt/local/etc/snort/snort.conf 2>&1 | tail -n3 ERROR: /opt/local/etc/snort//rules/local.rules(0) Unable to open rules file "/opt/local/etc/snort//rules/local.rules": No such file or directory. Fatal Error, Quitting.. https://trac.macports.org/ticket/46320 Attachments patch-snort-Portfile.diff (1.9 KB) - added by jul_bsd@… 22 months ago. Change History comment:1 Changed 22 months ago by jul_bsd@… Hello Pixilla, in the 'port notes' is said: "Please download rules from https://www.snort.org/snort-rules/#rules either manually or with oinkmaster." oinkmaster has not been commited for now (Ticket #42859) so need to download it manually or do that with the rules. Maybe the above line need more highlight. Also the link changed. it is https://www.snort.org/downloads/#rule-downloads now Problem is snort has 3 sets unregistered user/community rules registered user paid user the first one is pretty outdated but is still kept by debian package for the sake of usability. But as it's a security software, in a same way than an AV, it's pretty useless with outdated rules. I would prefer to leave user make its choice and if possible use registered set. In Oinkmaster port, I pinpoint on other sets like EmergingThreats or BleedingSnort Also for this rules file, an alternative would be just touching file in post-activate, but need also whit
previous next » Print Pages: [1] Go Down Author Topic: snort unable to open rules file (Read 3372 times) 0 Members and 2 Guests are viewing this topic. Sifter Full Member Posts: 153 Karma: +0/-0 snort unable to open rules https://forum.pfsense.org/index.php?topic=62138.0 file « on: May 09, 2013, 07:07:37 am » 2.0.3-RELEASE (i386) built on https://github.com/shirkdog/pulledpork/issues/91 Fri Apr 12 10:22:21 EDT 2013 FreeBSD 8.1-RELEASE-p13snort 2.9.4.1 pkg v. 2.5.7I put in my oink code, downloaded the new rules files, and then tried to start the service. Below is what I found in the system log.snort[46274]: FATAL ERROR: /usr/local/etc/snort/snort_50252_em1//usr/local/etc/snort/snort_50252_em1/rules/snort.rules(0) Unable to open rules file "/usr/local/etc/snort/snort_50252_em1//usr/local/etc/snort/snort_50252_em1/rules/snort.rules": No such file or directory. « Last error unable Edit: May 09, 2013, 01:30:36 pm by jimp » Logged jimp Administrator Hero Member Posts: 18957 Karma: +924/-7 Re: snort unable to open rules file « Reply #1 on: May 09, 2013, 01:31:38 pm » I edited your post because it said "squid" when you meant "snort".Not sure about the missing rules, but the usual thing that fixes snort is to uninstall it completely, then reinstall it, and error unable to then download the rules files again. Logged Need help fast? Commercial Support!Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.Do not PM for help! bmeeks Hero Member Posts: 2736 Karma: +621/-0 Re: snort unable to open rules file « Reply #2 on: May 10, 2013, 11:20:36 am » Quote from: Sifter on May 09, 2013, 07:07:37 am2.0.3-RELEASE (i386) built on Fri Apr 12 10:22:21 EDT 2013 FreeBSD 8.1-RELEASE-p13snort 2.9.4.1 pkg v. 2.5.7I put in my oink code, downloaded the new rules files, and then tried to start the service. Below is what I found in the system log.snort[46274]: FATAL ERROR: /usr/local/etc/snort/snort_50252_em1//usr/local/etc/snort/snort_50252_em1/rules/snort.rules(0) Unable to open rules file "/usr/local/etc/snort/snort_50252_em1//usr/local/etc/snort/snort_50252_em1/rules/snort.rules": No such file or directory.jimp is correct, a delete and reinstall is a good first fix. If this is a totally new install for you on this firewall, there are some prerequisite steps that must happen as well to properly generate the configuration file before attempting a start. Following the steps in this post might help if that is the case: http://forum.pfsense.org/index.php/topic,61018.msg328717.html#msg328717Bill Logged Supermule Hero Member Posts: 2542 Karma: +77/-100 Re: snort unable to open rules file « Reply #3 on: May 25, 2013, 01:49:39 pm » I get this
Sign in Pricing Blog Support Search GitHub This repository Watch 27 Star 87 Fork 35 shirkdog/pulledpork Code Issues 42 Pull requests 0 Projects 0 Pulse Graphs New issue Error is generated if snort.rules does not exist #91 Open GoogleCodeExporter opened this Issue Apr 23, 2015 · 2 comments Projects None yet Labels auto-migrated Priority-Medium Type-Defect Milestone No milestone Assignees No one assigned 2 participants GoogleCodeExporter commented Apr 23, 2015 What steps will reproduce the problem? 1. Run pulledpork in new environment that does not have an existin snort.rules file What is the expected output? What do you see instead? Extracted: /tha_rules/Custom-pop2.rules Extracted: /tha_rules/Custom-bad-traffic.rules Extracted: /tha_rules/Custom-web-cgi.rules Reading rules... Generating Stub Rules.... Generating shared object stubs via:/usr/local/bin/snort -c /etc/snort/snort.conf --dump-dynamic-rules=/tmp/tha_rules/so_rules/ An error occurred: ERROR: Unable to open rules file "/etc/snort//etc/snort/rules/snort.rules": No such file or directory. An error occurred: Fatal Error, Quitting.. What version of the product are you using? On what operating system? PulledPork 0.6.2/CentOS5.5 Please provide any additional information below. Original issue reported on code.google.com by digitalu...@gmail.com on 26 Aug 2011 at 7:29 GoogleCodeExporter commented Apr 23, 2015 I'm getting this too MacBook Pro Mac OS X 10.6.8 - Snow Leopard PP 0.6.1 Original comment by leole...@gmail.com on 4 Nov 2011 at 12:00 GoogleCodeExporter added Type-Defect auto-migrated Priority-Medium labels Apr 23, 2015 airforceboricua commented May 22, 2015 I got the same thing. Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment Contact GitHub API Training Shop Blog About © 2016 GitHub, Inc. Terms Privacy Security Status Help You can't perform that action at this time. You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.