[Snort-users] Running Snort Daemon Problem
roesch at ...1935...
Thu Jan 31 06:08:02 EST 2002
By the way, using the -v switch in combination with the -c switch is an
extremely inefficient way to run the software, you're going to see
packet loss due to latency from printing to the screen. Check out the
USAGE file for more info.
Chris Green wrote:
> "Bill" <wkuhn at ...4723...> writes:
> > Chris,
> > Thanks for replying.... I read your reply and 2 things I don't understand...
> > You said "There is a missing \ at the end of your '-c' line" and "-v
> > shouldn't be used in daemon mode". Well I have the \ at the end of my -c tag
> > and I can't find a -v in the code... The only problem I saw with my code is
> > that I have an extra space between -c and \. I will try the RPM's you
> > mentioned of.
> Ok let me explain a bit more.
> snort -dev is equivalent to snort -d -e -v
> > --------------------------------
> >> daemon /usr/local/bin/snort -u snort -dev -D \
> >> -i $INTERFACE -l /var/log/snort -u snort -g snort -c
> >> /etc/snort/snort.conf -b
> This snortd script is a bash shell script that says "run the function
> daemon with the arguments
> daemon "/usr/local/bin/snort -u snort -dev -D -i $INTERFACE -l /var/log/snort -u snort -g snort -c"
> That \ ``escapes'' the newline and makes the shell see that as one big
> The next line is
> /etc/snort/snort.conf -b
> which means that it's trying to execute the snort.conf file and since
> it's not executable, the shell ( not snort ) is saying permission
> Of course, if that line break was an artifact of posting to the list,
> that explanation is bogus.
> Perhaps you edited snortd with pico and the word wrapping kicked you
> in the behind ;-)
> Chris Green <cmg at ...671...>
> A watched process never cores.
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> Snort-users list archive:
Martin Roesch - Founder/CEO, Sourcefire Inc. - (410)552-6999
Sourcefire: Professional Snort Sensor and Management Console appliances
roesch at ...1935... - http://www.sourcefire.com
Snort: Open Source Network IDS - http://www.snort.org
More information about the Snort-users