[Snort-users] snorting as a daemon ?

Dragos Ruiu dr at ...381...
Wed Aug 30 01:54:35 EDT 2000


On Tue, 29 Aug 2000, Jim Smart wrote:
> I am sure I am missing something here, but not sure what.
> #snort -c /var/log/snort/rules.conf -A full -d  
> works fine, but if I try and daemon it with the command
> #snort -c /var/log/snort/rules.conf -A full -D
> from which it does initialise as a daemon, but I see no output 
> in the alert file, nor are packets captured. 

It's not necessarily intuitive, but -d dumps packet data to the screen
while in daemon mode logging is controlled by the rules file so there is
no default capture.

As far as alerts...have you looked in /var/log/snort ?

cheers,
--dr

-- 
dursec.com ltd. / kyx.net - we're from the future
pgp fingerprint: 18C7 E37C 2F94 E251 F18E  B7DC 2B71 A73E D2E8 A56D 
pgp key: http://www.dursec.com/drkey.asc



More information about the Snort-users mailing list