OSX：Snort：错误：/etc/snort/../rules/local.rules(0）无法打开规则文件“ /etc/snort/../rules/local.rules”：没有这样的文件或目录

我正在尝试使用此类教程在Mac上设置并运行Snort IDS：https：//discussions.apple.com/thread/3370709？ start = 0＆ tstart = 0

OSX优胜美地（10.10.2）; PostgreSQL 9.4.1（与Homebrew一起安装）Snort：稳定的2.9.7.0（与Homebrew一起安装）

当我终于尝试像这样盯着它看时：

$ sudo /usr/local/bin/snort -d -e -i en0 -c /etc/snort/snort.conf

得到这个：

Password:

Running in IDS mode

  --== Initializing Snort ==--
Initializing Output Plugins!
Initializing Preprocessors!
Initializing Plug-ins!
Parsing Rules file "/etc/snort/snort.conf"
...
ERROR: /etc/snort/../rules/local.rules(0) Unable to open rules file "/etc/snort/../rules/local.rules": No such file or directory.

Fatal Error, Quitting..

该规则实际上是在 /etc/snort/rules/local.rules

RULE_PATH设置/etc/snort/snort.conf为/etc/snort/rules

所以：

$ echo $RULE_PATH
/etc/snort/rules

试试这个：

$ grep RULE_PATH /etc/snort/snort.conf

var RULE_PATH ../rules
var SO_RULE_PATH ../so_rules
var PREPROC_RULE_PATH ../preproc_rules
...

换完之后

var RULE_PATH ../rules
var SO_RULE_PATH ../so_rules
var PREPROC_RULE_PATH ../preproc_rules

到

var RULE_PATH /etc/snort/rules
var SO_RULE_PATH /etc/snort/so_rules
var PREPROC_RULE_PATH /etc/snort/preproc_rules

获得：

$ sudo /usr/local/bin/snort -d -e -i en0 -c /etc/snort/snort.conf
Running in IDS mode

        --== Initializing Snort ==--
Initializing Output Plugins!
Initializing Preprocessors!
Initializing Plug-ins!
Parsing Rules file "/etc/snort/snort.conf"
...
ERROR: /etc/snort/snort.conf(741) Unknown output plugin: "database"
Fatal Error, Quitting..

741行/etc/snort/snort.conf是：

output database: log, postgresql, user=snort password=password dbname=snort host=localhost

因此，由于snort 2.9.3.0不再支持直接数据库输出。我应该使用snort的统一输出。我可以改用Barnyard2重定向到postgresql。