In the end you might find yourself unable to solve your problems
and need help from someone else. The most efficient way is either
to ask someone local or in your nearest Linux user group, search
the web for the nearest one.
But first of all try a look on http://www.snort.org/ and the snort
mailinglists. The people out there helped me very much.
Another possibility is to ask on Usenet News in one of the many,
many newsgroups available. The problem is that these have such a
high volume and noise (called low signal-to-noise ratio) that your
question can easily fall through unanswered.
No matter where you ask it is important to ask well or you will
not be taken seriously. Saying just snort
does not work is not going to help you and instead the
noise level is increased even further and if you are lucky someone
will ask you to clarify.
Instead describe your problems in some detail that will enable
people to help you. The problem could lie somewhere you did not
expect. Therefore you are advised to list the following information
about your system:
- Software
/etc/snort/snort.conf
/etc/swatch/swatch.conf if used
excerpt of /var/log/messages, but only filter the relevant
entries
used Linux distribution or operating system and version
Software that shows the error (with version number
or date)
And you can ask me directly. But please remember: I'm having a live beyond
computers and my spare time is rare. I will almost always answer my emails
but this can take some times. Also I'm subscribed to the snort-users
mailinglist too so you reach me this way too.
