[Snort-devel] config pidpath directive no longer valid?

Steven Sturges steve.sturges at ...402...
Mon Mar 17 12:38:13 EDT 2008


Hi Lee--

The only two checks that are made are that the path is a
directory and that directory is writable.

I'm wondering if the stat() command that is used to determine
if the path is a directory is failing (just noticed the error
code for it is not checked).

Per the stat() manpage, each directory in the path must have
execute permission.

I've attached a patch against 2.8.1 RC that prints out the error
info that might help you diagnose the problem.  Should apply to
2.8.0 (or easy to adapt if it does not).

Cheers
-steve

Lee Clemens wrote:
> I have used --pid-path <mypidpath> as a command-line option, where
> <mypidpath> is a directory in which to write the pid file.
> 
> However, I receive the following errors during start():
> 
> Mar 16 13:53:30 myhost snort: Initializing daemon mode
> Mar 16 13:53:30 myhost snort: Parent waiting for child...
> Mar 16 13:53:30 myhost snort: WARNING: /<mypidpath>/snort_eth0.pid is
> invalid, trying /var/run...
> Mar 16 13:53:30 myhost snort: PID path stat checked out ok, PID path set to
> /var/run/
> Mar 16 13:53:30 myhost snort: Writing PID "4609" to file
> "/var/run//snort_eth0.pid"
> Mar 16 13:53:30 myhost snort: Signaling parent 4607 from child 4609
> Mar 16 13:53:30 myhost snort: Daemon initialized, signaled parent pid: 4607
> Mar 16 13:53:30 myhost snort: Received Signal from Child
> Mar 16 13:53:30 myhost snort: Daemon parent exiting
> 
> 
> I have confirmed <mypidpath> is an absolute path, and root has rwx
> permission on the entire tree, so I'm not sure why snort thinks it is
> invalid.
> 
> 
> --Lee
> 
> -----Original Message-----
> From: Steven Sturges [mailto:steve.sturges at ...402...] 
> Sent: Monday, March 10, 2008 9:00 AM
> To: Lee Clemens
> Cc: bugs at ...835...; 'Snort Developers Postings'
> Subject: Re: [Snort-devel] config pidpath directive no longer valid?
> 
> Hi Lee--
> 
> The config directive pidpath has been compiled out of the code for
> some time, at least since 2.6.1.  We'll try to get the docs updated
> to reflect that.
> 
> However, it is supported on the commandline, you can use the
> --pid-path option and specify the path.
> 
> Depending on your other options (for example, if you daemonize,
> messages go to syslog).  To test a configuration without daemonization,
> use -T on the commandline.
> 
> Cheers.
> -steve
> 
> Lee Clemens wrote:
>> Hello all,
>>
>> I am trying to run 2.8.0.2 with the following config directive defined in
> my
>> snort.conf:
>> config pidpath: /applogs/snort/run
>>
>> But when starting Snort, I receive this in my syslogs:
>> FATAL ERROR: Unknown config directive: config pidpath: /applogs/snort/run
>>
>> No errors are printed to STDOUT.
>>
>> I checked the snort_manual (v2.7.0 comes with the VRT rules released on
>> 3-6-2008, by the way) and the config directive, pidpath, <i>is</i>
>> explicitly defined in both the 2.7.0 and 2.8.0 Snort Manuals.
>>
>> Is this a documentation error, or is 2.8.0.2 no longer recognizing "config
>> pidpath"?
>>
>> I can provide any system specific information if it would be useful.
>>
>> As a side note: 
>> 	I think it would be helpful if this fatal error was printed to
>> STDOUT, instead of a FATAL ERROR <i>only</i> being printed to syslog.
> 
> 
> 
> 
> -------------------------------------------------------------------------
> This SF.net email is sponsored by: Microsoft
> Defy all challenges. Microsoft(R) Visual Studio 2008.
> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
> _______________________________________________
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-devel
> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: print_pidpath_errno.diff
Type: text/x-patch
Size: 1074 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20080317/7c6a2cb3/attachment.bin>


More information about the Snort-devel mailing list