[Snort-users] PID file
Andrew R. Baker
andrewb at ...950...
Wed Oct 30 08:14:03 EST 2002
Nick Kraal wrote:
> Thanks for your reply.
> I am using the following command to run the process as daemon:
> /usr/local/bin/snort -di eth1 -h 192.168.100.0/24 -l /var/log/snort -c
> /etc/snort/snort.conf -s -D
> But it looks like Snort runs but does not seem to be running as daemon in
> the background. I can see the process run from the "ps -ef" output and get
> the following output and just sits there and no pid file is created.
IIRC, Snort 1.9.0 for UNIX has a known bug regarding the "-s" option.
Basically, you need to add a fake argument after it. In the above
commandline, the "-D" option that would be used to indicate daemon mode
is getting taken as the argument to "-s". Either upgrade to latest
Snort from the 1.9 branch in CVS or change you command to:
/usr/local/bin/snort -di eth1 -h 192.168.100.0/24 -l /var/log/snort -c
/etc/snort/snort.conf -s foo -D
More information about the Snort-users