[Snort-users] Snort in daemon mode
Rich.Smith at ...1809...
Thu Apr 12 12:34:24 EDT 2001
I had a similiar issue.
In snort.conf try setting the full path for the .rule files. e.g.
> -----Original Message-----
> From: Jyri V. [mailto:cruel.space at ...1808...]
> Sent: Thursday, April 12, 2001 11:38 AM
> To: snort-users at lists.sourceforge.net
> Subject: Re: [Snort-users] Snort in daemon mode
> You can try to start snort without -D option from command line, e.g.
> /usr/sbin/snort -u snort -g snort -s -d -i eth0 -l /var/log/snort -c
> (replace eth0 with your real interface)
> and watch for snort errors on the console.
> However I'm running snort 1.7 (from rpm) also on the RedHat
> 6.2 box, and
> I have another problem:
> Whenever I have to restart snort, it fails to start again in daemon
> mode, the trick I had explained before shows that the error is:
> "ERROR: unable to open file: exploit.rules". This file exists
> in default
> location, /etc/snort. If I comment out this file from snort.conf, then
> next described in snort.conf .rules file causes the same error.
> The only thing that helps is to chown *.rules to someone else and then
> to the root.wheel again, snort starts, but, again, until next snort
> restart or stop. Any ruleset update didn't help. *.rules files are in
> default mode: 644, owner root, group wheel. I tried also root.root,
> snort.snort modes, but it has no effect.
> Any suggestions?
> Jyri V.
> Mark Kunzmann wrote:
> >Hi there,
> >I would think this has cropped up before, however, a search
> through the archives didn't reveal >anything that would solve
> my problem: I can't seem to get snort to run in daemon mode.
> I have a >RedHat 6.2 box sitting between my home LAN and the
> internet (libpcap 0.4-19) / Snort 1.7 >installed from the
> rpm. The weird thing is, when I boot the machine I get
> 'Starting snortd >[OK]' -- I also get a 'success' message in
> /var/log/messages. When I do a ps -ax though, >there's no
> process there. When I shut down the machine it fails to find
> /var/lock/subsys/snort. >Also, I don't know why my eth card
> is switching modes all the time:
> < some lines removed>
> >I have also included some stuff from /etc/rc.d/init.d/snortd
> below. By the way, I can run snort >as a packet sniffer from
> the command line, but trying to start the daemon from there
> seems to >fail as well.
> >Any help would be truly appreciated. Thank you.
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> Snort-users list archive:
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 2241 bytes
Desc: not available
More information about the Snort-users