6. Getting Help

In the end you might find yourself unable to solve your problems and need help from someone else. The most efficient way is either to ask someone local or in your nearest Linux user group, search the web for the nearest one.

But first of all try a look on http://www.snort.org/ and the snort mailinglists. The people out there helped me very much.

Another possibility is to ask on Usenet News in one of the many, many newsgroups available. The problem is that these have such a high volume and noise (called low signal-to-noise ratio) that your question can easily fall through unanswered.

No matter where you ask it is important to ask well or you will not be taken seriously. Saying just snort does not work is not going to help you and instead the noise level is increased even further and if you are lucky someone will ask you to clarify.

Instead describe your problems in some detail that will enable people to help you. The problem could lie somewhere you did not expect. Therefore you are advised to list the following information about your system:

Software

  • /etc/snort/snort.conf

  • /etc/swatch/swatch.conf if used

  • excerpt of /var/log/messages, but only filter the relevant entries

  • used Linux distribution or operating system and version

  • Software that shows the error (with version number or date)

And you can ask me directly. But please remember: I'm having a live beyond computers and my spare time is rare. I will almost always answer my emails but this can take some times. Also I'm subscribed to the snort-users mailinglist too so you reach me this way too.