Hi,

I have installed snort successfully so far (i think )

I have got to the stage where I am adding the sensor -

the information I am typing in is as follows:

enable sensor - ticked yes
sensor name - snort
sensor ip - 192.168.0.2
sensor port - 2525
username - admin
password - ******
Sensor Agent Type - snort centre agent v1 (ssl enabled)
Interface name to sniff - eth1
Snort command line - -U -o

Now, when I go to view sensor it says this:

snort ->eth1 Can't Connect to 192.168.0.2:2525 Retry Connecting

Sensor Message sh: line 1: curl: command not found

I have tried a few variations on the sensor - such as using 192.168.0.2, eth0, different name, etc

now, when i go to https://localhost:2525/

i find this error:

Current config file error:
sh: line 1: /usr/sbinsnort: No such file or directory

so it looks like when i went through the setup.sh script i should have entered "/usr/sbin/snort" rather than "/usr/sbin" how can i edit this now to be the right path?

Can you run setup.sh again and make the corrections?

That or find where the paths are defined in snort and make the modifications manually.

If i run setup.sh again it lets me start but as soon as i have entered the first value it runs and says its all okay kind of thing -

so i cant get to the bit that where i enter the correct path.

and i cant find where the paths are defined in snort :confused:

someone must know? :confused:

Originally posted by dijit
Current config file error:
sh: line 1: /usr/sbinsnort: No such file or directory

so it looks like when i went through the setup.sh script i should have entered "/usr/sbin/snort" rather than "/usr/sbin" how can i edit this now to be the right path?

:confused: /usr/sbinsnort or /usr/sbin/snort ??

Why not just create a symlink from where it is actually installed to where snort expects to find the file?

ln -s /where/it's/installed/snort /where/it/wants/snort/snort

What about 'curl' not found?

if i type that

[root@dijit /]# ln -s /usr/sbinsnort /usr/sbin/snort

it says

ln: `/usr/sbin/snort': File exists

:confused:

i reinstalled curl - the last stable version, i think its just because its looking for the path wrong but i just cant work out how to change it

was i supposed to have typed ln -s /usr/sbinsnort /usr/sbin/snort from anywhere in particular ? :confused: :(

ps

forgive my name swapping

rastanewt/dijit

i forgot my password etc once and so resigned up

sorry to confuse you :)

Originally posted by dijit
Current config file error:
sh: line 1: /usr/sbinsnort: No such file or directory


Can you not just reinstall since it seems you forgot to include the '/' in /usr/sbinsnort as it obviously needs to be /usr/sbin/snort.

Else you can try

ln -s /usr/sbin/snort /usr/sbinsnort

since /usr/sbin/snort exists and /usr/sbinsnort does not.

none of that works and it doesnt let me reinstall -

I run the setup.sh script and it asks me the first question (the path to the config file directory) I type the correct path in and it finishes the script saying it is all installed fine and so I cant get to the bit where it asks where snort is and I can change it :(

someone has suggested that I make sure that the curl binary is installed on your mamagement console and is in your path.

but I am not sure how I do this?
I installed the latest version of curl but I dont know how to make sure its installed on the management console and is in my path?

also someone has suggested I edit the config file in the conf directory of the sensor agent, however, when I enter the conf directory, there is no config file showing up when I type ls ?!

noone seems to be able to help me with this, and i have been trying to sort it for weeks now :(