[Snort-users] Snort in daemon mode

Mark Kunzmann m25 at ...1171...
Thu Apr 12 06:40:55 EDT 2001

Hi there,
I would think this has cropped up before, however, a search through the archives didn't reveal anything that would solve my problem: I can't seem to get snort to run in daemon mode. I have a RedHat 6.2 box sitting between my home LAN and the internet (libpcap 0.4-19) / Snort 1.7 installed from the rpm. The weird thing is, when I boot the machine I get 'Starting snortd [OK]' -- I also get a 'success' message in /var/log/messages. When I do a ps -ax though, there's no process there. When I shut down the machine it fails to find /var/lock/subsys/snort. Also, I don't know why my eth card is switching modes all the time:

Apr 12 12:09:36 mango snort: Initializing daemon mode
Apr 12 12:09:36 mango snortd: snort startup succeeded
Apr 12 12:09:36 mango kernel: eth1: Promiscuous mode enabled.
Apr 12 12:09:36 mango kernel: device eth1 entered promiscuous mode
Apr 12 12:09:37 mango inet: inetd startup succeeded
Apr 12 12:09:38 mango kernel: device eth1 left promiscuous mode
Apr 12 12:09:38 mango pmfirewall: Starting PMFirewall:
Apr 12 12:09:53 mango pmfirewall: ^I^IDone!
Apr 12 12:09:53 mango pmfirewall:

I have also included some stuff from /etc/rc.d/init.d/snortd below. By the way, I can run snort as a packet sniffer from the command line, but trying to start the daemon from there seems to fail as well.
Any help would be truly appreciated. Thank you.

# Specify your network interface here

# See how we were called.
case "$1" in
        echo -n "Starting snort: "
        daemon /usr/sbin/snort -u snort -g snort -s -D \
                -i $INTERFACE -l /var/log/snort -c /etc/snort/snort.conf
        touch /var/lock/subsys/snort
        echo -n "Stopping snort: "
        killproc snort
        rm -f /var/lock/subsys/snort

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20010412/441722b5/attachment.html>

More information about the Snort-users mailing list