Fatal Error Unable To Open Rules File
Contents |
Start here for a quick overview of the site Help Center Detailed answers to any questions you might have Meta Discuss the workings and policies of this site About error /etc/snort//etc/snort/rules/app-detect.rules(0) unable to open rules file Us Learn more about Stack Overflow the company Business Learn more about hiring
Snort Local.rules Missing
developers or posting ads with us Server Fault Questions Tags Users Badges Unanswered Ask Question _ Server Fault is a
App-detect.rules Download
question and answer site for system and network administrators. Join them; it only takes a minute: Sign up Here's how it works: Anybody can ask a question Anybody can answer The best answers
Unable To Open Rules File /etc/snort/../rules/local.rules No Such File Or Directory
are voted up and rise to the top Snort: Unable to open rules file up vote 1 down vote favorite 1 This is my first with snort. And I can't get it to run. I followed this tutorial exactly. And I have fedora 21. Here's the output from snort -c /etc/snort/snort.conf -v -i enp0s3: Running in IDS mode --== Initializing Snort ==-- Initializing Output Plugins! Initializing Preprocessors! snort rules download Initializing Plug-ins! Parsing Rules file "/etc/snort/snort.conf" PortVar 'HTTP_PORTS' defined : [ 80:81 311 383 591 593 901 1220 1414 1741 1830 2301 2381 2809 3037 3128 3702 4343 4848 5250 6988 7000:7001 7144:7145 7510 7777 7779 8000 8008 8014 8028 8080 8085 8088 8090 8118 8123 8180:8181 8243 8280 8300 8800 8888 8899 9000 9060 9080 9090:9091 9443 9999 11371 34443:34444 41080 50002 55555 ] PortVar 'SHELLCODE_PORTS' defined : [ 0:79 81:65535 ] PortVar 'ORACLE_PORTS' defined : [ 1024:65535 ] PortVar 'SSH_PORTS' defined : [ 22 ] PortVar 'FTP_PORTS' defined : [ 21 2100 3535 ] PortVar 'SIP_PORTS' defined : [ 5060:5061 5600 ] PortVar 'FILE_DATA_PORTS' defined : [ 80:81 110 143 311 383 591 593 901 1220 1414 1741 1830 2301 2381 2809 3037 3128 3702 4343 4848 5250 6988 7000:7001 7144:7145 7510 7777 7779 8000 8008 8014 8028 8080 8085 8088 8090 8118 8123 8180:8181 8243 8280 8300 8800 8888 8899 9000 9060 9080 9090:9091 9443 9999 11371 34443:34444 41080 50002 55555 ] PortVar 'GTP_PORTS' defined : [ 2123 2152 3386 ] Detection: Search-Method = AC-Full-Q Split Any/Any group = enabled Search-Method-Optimizations = enabled Maximum pattern length = 20 ERROR: /etc/snort//etc/snort/rules/app-detect.rules(0) Unable to open rules file "/etc/snort//etc/snort/rules/ap
« previous next » Print Pages: [1] Go Down Author Topic: snort unable to open rules file (Read 3373 times) 0 Members and 1 Guest are viewing this topic. Sifter Full Member Posts: 153 Karma: +0/-0 snort unable to what are snort rules open rules file « on: May 09, 2013, 07:07:37 am » 2.0.3-RELEASE (i386) no preprocessors configured for policy 0. built on Fri Apr 12 10:22:21 EDT 2013 FreeBSD 8.1-RELEASE-p13snort 2.9.4.1 pkg v. 2.5.7I put in my oink code, downloaded snort community rules the new rules files, and then tried to start the service. Below is what I found in the system log.snort[46274]: FATAL ERROR: /usr/local/etc/snort/snort_50252_em1//usr/local/etc/snort/snort_50252_em1/rules/snort.rules(0) Unable to open rules file "/usr/local/etc/snort/snort_50252_em1//usr/local/etc/snort/snort_50252_em1/rules/snort.rules": No such file or http://serverfault.com/questions/660273/snort-unable-to-open-rules-file directory. « Last Edit: May 09, 2013, 01:30:36 pm by jimp » Logged jimp Administrator Hero Member Posts: 18958 Karma: +924/-7 Re: snort unable to open rules file « Reply #1 on: May 09, 2013, 01:31:38 pm » I edited your post because it said "squid" when you meant "snort".Not sure about the missing rules, but the usual thing that fixes snort is to uninstall it completely, https://forum.pfsense.org/index.php?topic=62138.0 then reinstall it, and then download the rules files again. Logged Need help fast? Commercial Support!Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.Do not PM for help! bmeeks Hero Member Posts: 2736 Karma: +621/-0 Re: snort unable to open rules file « Reply #2 on: May 10, 2013, 11:20:36 am » Quote from: Sifter on May 09, 2013, 07:07:37 am2.0.3-RELEASE (i386) built on Fri Apr 12 10:22:21 EDT 2013 FreeBSD 8.1-RELEASE-p13snort 2.9.4.1 pkg v. 2.5.7I put in my oink code, downloaded the new rules files, and then tried to start the service. Below is what I found in the system log.snort[46274]: FATAL ERROR: /usr/local/etc/snort/snort_50252_em1//usr/local/etc/snort/snort_50252_em1/rules/snort.rules(0) Unable to open rules file "/usr/local/etc/snort/snort_50252_em1//usr/local/etc/snort/snort_50252_em1/rules/snort.rules": No such file or directory.jimp is correct, a delete and reinstall is a good first fix. If this is a totally new install for you on this firewall, there are some prerequisite steps that must happen as well to properly generate the configuration file before attempting a start. Following the steps in this post might help if that is the case: http://forum.pfsense.org/index.php/topic,61018.msg328717.html#msg328717Bill Logged Supermule Hero Member Posts: 2542 Karma: +77/-100 Re: snort unable to open rules file « Reply #3 on: May 25,
SCAP-on-Apple SmartCard Services WebKit XQuartz Contact Terms of Use Privacy Policy All user-submitted text and content on this website is licensed under a Creative Commons Attribution 2.5 License unless otherwise noted. Copyright © 2011 Apple https://trac.macports.org/ticket/46320 Inc. All rights reserved. New Ticket Tickets Wiki Browse Source Timeline Roadmap Ticket Reports Search Search: Context Navigation ← Previous https://sourceforge.net/p/snort/mailman/message/32257835/ TicketNext Ticket → Ticket #46320 (closed defect: fixed) Opened 22 months ago Last modified 2 months ago net/snort: missing rules files from default snort.conf Reported by: pixilla@… Owned by: jul_bsd@… Priority: Normal Milestone: Component: ports unable to Version: 2.3.3 Keywords: Cc: Port: snort Description $ snort -T -c /opt/local/etc/snort/snort.conf 2>&1 | tail -n3 ERROR: /opt/local/etc/snort//rules/local.rules(0) Unable to open rules file "/opt/local/etc/snort//rules/local.rules": No such file or directory. Fatal Error, Quitting.. Attachments patch-snort-Portfile.diff (1.9 KB) - added by jul_bsd@… 22 months ago. Change History comment:1 Changed 22 months ago by jul_bsd@… Hello Pixilla, in the 'port notes' is said: "Please download rules from https://www.snort.org/snort-rules/#rules either manually or with unable to open oinkmaster." oinkmaster has not been commited for now (Ticket #42859) so need to download it manually or do that with the rules. Maybe the above line need more highlight. Also the link changed. it is https://www.snort.org/downloads/#rule-downloads now Problem is snort has 3 sets unregistered user/community rules registered user paid user the first one is pretty outdated but is still kept by debian package for the sake of usability. But as it's a security software, in a same way than an AV, it's pretty useless with outdated rules. I would prefer to leave user make its choice and if possible use registered set. In Oinkmaster port, I pinpoint on other sets like EmergingThreats or BleedingSnort Also for this rules file, an alternative would be just touching file in post-activate, but need also white and black_list.rules and change path. tentative patch joined comment:2 Changed 22 months ago by pixilla@… In general it would be good if this port could install snort with a working configuration file. Would it be a terrible idea to remove or comment the lines in the example conf that point to non-existent files? comment:3 Changed 22 months ago by jul_bsd@… touching file or commenting lines is our choice. Those are not part of
instructions: Windows Mac Red Hat Linux Ubuntu Click URL instructions: Right-click on ad, choose "Copy Link", then paste here → (This may not be possible with some types of ads) More information about our ad policies X You seem to have CSS turned off. Please don't fill out this field. You seem to have CSS turned off. Please don't fill out this field. Briefly describe the problem (required): Upload screenshot of ad (required): Select a file, or drag & drop file here. ✔ ✘ Please provide the ad click URL, if possible: Home Browse Snort Mailing Lists Snort Brought to you by: andrewbaker, joelesler, roesch Summary Files Reviews Support Wiki Mailing Lists snort-devel snort-openappid snort-sigs snort-users Re: [Snort-users] FATAL ERROR: /etc/snort/snort.conf(0) Unable to open rules file "/etc/snort/snort.conf": Permission denied.#012 Re: [Snort-users] FATAL ERROR: /etc/snort/snort.conf(0) Unable to open rules file "/etc/snort/snort.conf": Permission denied.#012 From: Jeremy Hoel