[Snort-users] restart code error RH 7.1

Madhav Diwan mdiwan at ...200...
Tue Nov 27 11:17:03 EST 2001


Hi Chris  thanks in advance :)

 hmm lets see

i'm running

[root at ...3795... user]# rpm -qa | grep snort
snort-1.8.2-1snort
snort-mysql-1.8.2-1snort


your suggestion about not demonizing with the -D flag works.


but then again :  so does this :


/usr/sbin/snort-plain -A fast -b -l /var/log/snort -d -i eth0 -c
/etc/snort/snort.conf -D

 note i have two binaries snort-plain and snort-mysql in /usr/sbin


Here is the problem !!!


WARNING : if you installed snort 1.8.1-current via tarball it places the
snort binary in /usr/bin/ and the SNORTD file calls only "snort" .. not
"snort-plain" or "snort-WHATEVER" .

 you must manually edit the snortd file to call the particular binary
instlled by the rpm you want to use... Note edit  both the start and
stop cases

for now.. that is :)




Madhav



Chris Green wrote:
> 
> "Madhav Diwan" <mdiwan at ...200...> writes:
> 
> > Help
> >
> > i have the following:
> >
> >
> > RedHat 7.1 up2date with kernel 2.4.9-12
> >
> >
> > [root at ...3795... /root]# /etc/init.d/snortd restart
> > Stopping snort:                                            [FAILED]
> > Starting snort: execvp: No such file or directory
> >                                                            [FAILED]
> 
> What rpm are you using?  What are the contents of your snortd?
> 
> >
> 
> does
> /usr/sbin/snort -A fast -b -l /var/log/snort -d \
>              -i $INTERFACE -c /etc/snort/snort.conf
> 
> work?
> 
> ( same line as snortd but with the -D removed so it won't go
> daemonizing )
> 
> try strace -f snortd start if all else fails
> 
> > ok what do i need to upgrade/change/add ?
> >
> >
> >
> > [user at ...3795... snort-1.8.2]$ grep -r execvp *
> 
> > ChangeLog:        * Added execvp option for SIGHUP restart code
> > snort.c:        execvp(progname, progargs);
> 
> >
> >
> >
> > Thank you
> >
> > Madhav
> >
> > anyone in the USA tired of turkey yet?
> 
> nope.
> --
> Chris Green <cmg at ...671...>
> I've had a perfectly wonderful evening. But this wasn't it.
>      -- Groucho Marx


Note: The information contained in this message may be privileged and confidential and protected from disclosure.  If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer.  Thank you.  Wagner Weber & Williams




More information about the Snort-users mailing list