[Snort-users] Snort problem
dave w capella
dave.capella at ...1712...
Mon Apr 2 21:32:17 EDT 2001
On Mon, 2 Apr 2001, James Stanger wrote:
>I have installed the Snort RPM on a default Red Hat 7.0 system. I have
>also updated to libpcap 5.0. I can get snort to work, but I cannot use
>the -c option with the /etc/snort/snort.conf file.
>Snort simply does not start, and leaves a lock file when I use the
>/etc/rc.d/init.d/snortd script. If I remove the -c /etc/snort/snort.conf
>entry, it works fine. However, I want to use the -c option so make snort
>an IDS application.
>I have tried to place the configuration file and all support files into
>an alternative directory owned by the snort user and group, but get the
As I recall, either the log file(s) or the pid file were owned by root,
and I had to manually chown/chmod 'em. If memory serves, check:
/var/log/snort/log and /var/log/snort/portscan.log. I figured it out by
running the command from the boot script manually and watching the
error output when it died.
dave w capella | http://capella.ithaca.ny.us/
Systems Administrator | mailto:dave.capella at ...1712...
Department of Biometrics | http://www.biom.cornell.edu/
Cornell University | (607) 255-9847
PGP Key | http://capella.ithaca.ny.us/pgpkey.txt
It's kind of fun to do the impossible.- Disney
More information about the Snort-users