snort

zwlww

1、snort-lib 默认的安装位置？

2、下面问题不解？
[root@RedHalt root]# snort -vn 3
Initializing Output Plugins!
Log directory = /var/log/snort

Initializing Network Interface eth0

        --== Initializing Snort ==--
Decoding Ethernet on interface eth0

        --== Initialization Complete ==--

-*> Snort! <*-
Version 1.9.0 (Build 209)
By Martin Roesch (roesch@sourcefire.com, www.snort.org)
03/02-09:58:45.136896 192.168.0.6:1082 -> 211.49.58.179:12000
TCP TTL:128 TOS:0x0 ID:22136 IpLen:20 DgmLen:53 DF
***AP*** Seq: 0x573B34  Ack: 0xA90DCDB  Win: 0x2211  TcpLen: 20
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

03/02-09:58:45.138770 61.183.29.47:27015 -> 192.168.0.12:27005
UDP TTL:126 TOS:0x0 ID:59113 IpLen:20 DgmLen:205
Len: 185
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

03/02-09:58:45.147043 192.168.0.14:1030 -> 61.184.66.76:7200
TCP TTL:64 TOS:0x0 ID:9484 IpLen:20 DgmLen:59
***AP*** Seq: 0x1BD6E  Ack: 0xDEC6E972  Win: 0x20A5  TcpLen: 20
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

Run time for packet processing was 0.27770 seconds


===============================================================================
Snort analyzed 3 out of 3 packets, dropping 0(0.000%) packets

Breakdown by protocol:                Action Stats:
    TCP: 2          (66.667%)         ALERTS: 0
    UDP: 1          (33.333%)         LOGGED: 0
   ICMP: 0          (0.000%)          PASSED: 0
    ARP: 0          (0.000%)
  EAPOL: 0          (0.000%)
   IPv6: 0          (0.000%)
    IPX: 0          (0.000%)
  OTHER: 0          (0.000%)
DISCARD: 0          (0.000%)
===============================================================================
Wireless Stats:
Breakdown by type:
    Management Packets: 0          (0.000%)
    Control Packets:    0          (0.000%)
    Data Packets:       0          (0.000%)
===============================================================================
Fragmentation Stats:
Fragmented IP Packets: 0          (0.000%)
    Fragment Trackers: 0
   Rebuilt IP Packets: 0
   Frag elements used: 0
Discarded(incomplete): 0
   Discarded(timeout): 0
  Frag2 memory faults: 0
===============================================================================
TCP Stream Reassembly Stats:
        TCP Packets Used: 0          (0.000%)
         Stream Trackers: 0
          Stream flushes: 0
           Segments used: 0
   Stream4 Memory Faults: 0
===============================================================================
Snort received signal 3, exiting
[root@RedHalt root]# snort -d
Initializing Output Plugins!
Log directory = /var/log/snort

Initializing Network Interface eth0
using config file /root/.snortrc
Initializing Preprocessors!
Initializing Plug-ins!
Parsing Rules file /root/.snortrc

+++++++++++++++++++++++++++++++++++++++++++++++++++
Initializing rule chains...
ERROR: Unable to open rules file: /root/.snortrc or /root//root/.snortrc
Fatal Error, Quitting..
[root@RedHalt root]#

单独用-d选项和其它几个选项都出现如下问题!!

zwlww

帮高手们踢一下!