[Snort-users] script file

Erek Adams erek at ...950...
Fri Jan 10 22:50:02 EST 2003


On Fri, 10 Jan 2003, [iso-8859-1] Saúl Bósquez wrote:

> Ok, I fixed my script file, it seemed to have some characters that were
> causing errors I managed to delete them
> but im still having problems...
>
> there is a new version of the script file on
> http://www.superhac.com/snort/snortd i got redirected there when i tried to
> access http://home.earthlink.net/~sjscott007/snortd
>
> This new script adds this two lines to the snort start command:
>                 sleep 3
>     	rm /var/log/snort/alert
>
> With this new lines when I type '/etc/rc.d/init.d/snortd start' I get the
> following message:
>     rm: cannot remove '/var/log/snort/alert': No such file or directory
>
> So i commented out those lines and I got this when I typed
> '/etc/rc.d/init.d/snortd start':
>     Starting snort:
> [OK]     (in green letters)
> I thought it was up and running so I typed '/etc/rc.d/init.d/snortd status'
> and got the following message:
>     snort dead but subsys locked
> And when tried to stop it got:
>     Stopping snort:
> [FAILED]    (in red letters)
>
> Is this normal? any idea?

Yes, I have thoughts on this.  They aren't what most folks want to hear,
so I won't voice them in a public forum.  :)

But I will offer two suggestions:

#1  Check the archives [0].  This "issue" has been resolved more than
once.  :)  It's amazing what you can find if you do a _tiny_ bit of
research.

#2  Learn the benfits of "sh -x" (sh -x /path/to/snortd start).   It's
amazing what that can tell you.

If you write your own startup scripts instead of using someone elses....
Things tend to go a lot better when you write your own.  That way you
understand _exactly_ what they (the scripts) do.

Knowledge is power.  ;-)

-----
Erek Adams

   "When things get wierd, the wierd turn pro."   H.S. Thompson


[0]	http://marc.theaimsgroup.com/?l=snort-users&m=103419280419585&w=2





More information about the Snort-users mailing list