[Snort-users] Snort in daemon mode

Rino Mardo rmardo at ...1751...
Fri Apr 13 03:11:40 EDT 2001


hmm, i never encountered this problems with daemon mode.  could it be
because i'm using a BSD system?


----- Original Message -----
From: "Jyri V." <cruel.space at ...1808...>
To: <snort-users at lists.sourceforge.net>
Sent: Thursday, April 12, 2001 7:38 PM
Subject: Re: [Snort-users] Snort in daemon mode


> Hi,
>
> You can try to start snort without -D option from command line, e.g.
> /usr/sbin/snort -u snort -g snort -s -d -i eth0 -l /var/log/snort -c
> /etc/snort/snort.conf
> (replace eth0 with your real interface)
>
> and watch for snort errors on the console.
>
> However I'm running snort 1.7 (from rpm) also on the RedHat 6.2 box, and
> I have another problem:
> Whenever I have to restart snort, it fails to start again in daemon
> mode, the trick I had explained before shows that the error is:
> "ERROR: unable to open file: exploit.rules". This file exists in default
> location, /etc/snort. If I comment out this file from snort.conf, then
> next described in snort.conf .rules file causes the same error.
> The only thing that helps is to chown *.rules to someone else and then
> to the root.wheel again, snort starts, but, again, until next snort
> restart or stop.  Any ruleset update didn't help. *.rules files are in
> default mode: 644, owner root, group wheel. I tried also root.root,
> snort.snort modes, but it has no effect.
>
> Any suggestions?
>
>
> Jyri V.
>
> Mark Kunzmann wrote:
>
> >Hi there,
> >I would think this has cropped up before, however, a search through the
archives didn't reveal >anything that would solve my problem: I can't seem
to get snort to run in daemon mode. I have a >RedHat 6.2 box sitting between
my home LAN and the internet (libpcap 0.4-19) / Snort 1.7 >installed from
the rpm. The weird thing is, when I boot the machine I get 'Starting snortd
>[OK]' -- I also get a 'success' message in /var/log/messages. When I do a
ps -ax though, >there's no process there. When I shut down the machine it
fails to find /var/lock/subsys/snort. >Also, I don't know why my eth card is
switching modes all the time:
>
> < some lines removed>
>
> >I have also included some stuff from /etc/rc.d/init.d/snortd below. By
the way, I can run snort >as a packet sniffer from the command line, but
trying to start the daemon from there seems to >fail as well.
> >Any help would be truly appreciated. Thank you.
>
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> http://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>





More information about the Snort-users mailing list