[Snort-users] Snort problem

dave w capella dave.capella at ...1712...
Mon Apr 2 21:32:17 EDT 2001

On Mon, 2 Apr 2001, James Stanger wrote:

>I have installed the Snort RPM on a default Red Hat 7.0 system. I have
>also updated to libpcap 5.0. I can get snort to work, but I cannot use
>the -c option with the /etc/snort/snort.conf file.
>Snort simply does not start, and leaves a lock file when I use the
>/etc/rc.d/init.d/snortd script. If I remove the -c /etc/snort/snort.conf
>entry, it works fine. However, I want to use the -c option so make snort
>an IDS application.
>I have tried to place the configuration file and all support files into
>an alternative directory owned by the snort user and group, but get the
>same results.

As I recall, either the log file(s) or the pid file were owned by root,
and I had to manually chown/chmod 'em. If memory serves, check:
/var/log/snort/log and /var/log/snort/portscan.log. I figured it out by
running the command from the boot script manually and watching the 
error output when it died.

dave w capella            |  http://capella.ithaca.ny.us/
Systems Administrator     |  mailto:dave.capella at ...1712...  
Department of Biometrics  |  http://www.biom.cornell.edu/
Cornell University        |  (607) 255-9847
PGP Key                   |  http://capella.ithaca.ny.us/pgpkey.txt
        It's kind of fun to do the impossible.- Disney 

More information about the Snort-users mailing list