[Snort-users] PID file

Andrew R. Baker andrewb at ...950...
Wed Oct 30 08:14:03 EST 2002


Nick Kraal wrote:
> Thanks for your reply.
> 
> I am using the following command to run the process as daemon:
> /usr/local/bin/snort -di eth1 -h 192.168.100.0/24 -l /var/log/snort -c
> /etc/snort/snort.conf -s -D
> 
> But it looks like Snort runs but does not seem to be running as daemon in
> the background. I can see the process run from the "ps -ef" output and get
> the following output and just sits there and no pid file is created.

IIRC, Snort 1.9.0 for UNIX has a known bug regarding the "-s" option. 
Basically, you need to add a fake argument after it.  In the above 
commandline, the "-D" option that would be used to indicate daemon mode 
is getting taken as the argument to "-s".  Either upgrade to latest 
Snort from the 1.9 branch in CVS or change you command to:

/usr/local/bin/snort -di eth1 -h 192.168.100.0/24 -l /var/log/snort -c 
/etc/snort/snort.conf -s foo -D


-A





More information about the Snort-users mailing list