[Snort-users] kill -HUP doesn't work

Florin Andrei florin at ...3506...
Mon Sep 22 14:51:14 EDT 2003


Using:
- snort-2.0.2
- MySQL-3.23.56-1.9 (patched for latest security stuff)
- gcc-3.2.2-5
- glibc-2.3.2-27.9
- Linux Red Hat 9 fully updated
- dual PIII

Snort was compiled like this:

+ LANG=C
+ export LANG
+ export 'CFLAGS=-O2 -g -pipe -march=i386 -mcpu=i686'
+ CFLAGS=-O2 -g -pipe -march=i386 -mcpu=i686
+ export 'CXXFLAGS=-O2 -g -pipe -march=i386 -mcpu=i686'
+ CXXFLAGS=-O2 -g -pipe -march=i386 -mcpu=i686
+ ./configure --prefix=/usr --with-mysql --mandir=/usr/share/man
--sysconfdir=/etc

It looks like kill -HUP $snort_pid does not work. If i run it, snort
dies.

Here are the system logs at the moment when a system script attempted to
rotate the snort logs:

Sep 21 04:02:02 tart kernel: device eth0 left promiscuous mode
Sep 21 04:02:02 tart snort: Restarting Snort
Sep 21 04:02:02 tart snort: snort -HUP succeeded
Sep 21 04:02:02 tart kernel: snort uses obsolete (PF_INET,SOCK_PACKET)
Sep 21 04:02:02 tart syslogd 1.4.1: restart.
Sep 21 04:02:02 tart snort: FATAL ERROR: OpenPcap() device eth0 open: 
^Isocket: Operation not permitted
Sep 22 04:02:02 tart snort: snort shutdown failed

If i do a kill -HUP by hand, snort dies and this is what syslog reveals:

Sep 22 14:38:21 tart kernel: device eth0 left promiscuous mode
Sep 22 14:38:21 tart snort: Restarting Snort
Sep 22 14:38:21 tart snort: FATAL ERROR: OpenPcap() device eth0 open: 
^Isocket: Operation not permitted

-- 
Florin Andrei

http://florin.myip.org/





More information about the Snort-users mailing list