[Snort-devel] [ snort-Bugs-733102 ] 2.0.0-bug: config daemon

SourceForge.net noreply at ...12...
Fri May 16 05:04:14 EDT 2003


Bugs item #733102, was opened at 2003-05-06 08:36
Message generated for change (Comment added) made by elof
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=103357&aid=733102&group_id=3357

Category: None
Group: None
Status: Open
Resolution: None
Priority: 5
Submitted By: Martin Olsson (elof)
Assigned to: Nobody/Anonymous (nobody)
Summary: 2.0.0-bug: config daemon

Initial Comment:
In my snort.conf I have specified:


config daemon




When I run 'snort -c /usr/sentor/etc/snort.conf -l /usr/sentor/log' it runs 
in the foreground, ignoring the "config daemon" directive in snort.conf. 
I have to execute 'snort -c /usr/sentor/etc/snort.conf -l /usr/sentor/log 
-D' in order to daemonize the process.




----------------------------------------------------------------------

>Comment By: Martin Olsson (elof)
Date: 2003-05-16 10:27

Message:
Logged In: YES 
user_id=420942

Also the position of the "config daemon" directive within the 
snort.conf file give different results. If placed before the 
preprocessors and output plugins, you won't get any 
information from frag2, stream4, stream4_reassemble or from 
the database output plugin.
You will, however, get info from http_decode, rpc_decode, 
telnet_decode, conversation and portscan2. This is logged to 
syslog, not stdout.

If "config daemon" is located after the preprocessors and 
output plugins, you get all the configuration on stdout. Now 
you see everything (frag2, stream4, stream4_reassembly ... 
portscan2, database).
However, if you run snort with the -D switch, the info from 
frag2, stream4, stream4_reassemble and database is again 
gone.

----------------------------------------------------------------------

Comment By: Martin Olsson (elof)
Date: 2003-05-16 08:07

Message:
Logged In: YES 
user_id=420942

When "config daemon" is specifyed in snort.conf you loose 
the information about the number of rules and chains, and the 
rule application order (in test-mode) as well as all the 
statistics when snort is exiting. These stats & info is just not 
logged. Everything else is logged as usual, with the only 
difference that it's logged by syslogd and not on stdout.



----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=103357&aid=733102&group_id=3357




More information about the Snort-devel mailing list