[Snort-users] snort 2.02 cant start automactically

James Riden j.riden at ...11179...
Mon Aug 30 13:33:07 EDT 2004


"th0ri4.wang" <th0ri4 at ...5635...> writes:

>    hi,
>
>
>
>    i have a debian woody box,  i have copied the file S99snort to
>    /etc/init.d/snort,and create a symbol link at rc3.d. then i
>
>    reboot my box, the following lines traped me:
>
>    ----------------------------------------------------------------------
>    ----------------------------------
>
>    Aug 23 18:15:29 andreas kernel: TCP: Hash tables configured
>    (established 4096 b
>    nd 4096)
>    Aug 23 18:15:29 andreas kernel: NET4: Unix domain sockets 1.0/SMP for
>    Linux NET
>    .0.
>    Aug 23 18:15:29 andreas kernel: ds: no socket drivers loaded!
>    Aug 23 18:15:29 andreas kernel: VFS: Mounted root (ext2 filesystem)
>    readonly.
>    Aug 23 18:15:29 andreas kernel: Freeing unused kernel memory: 188k
>    freed
>    Aug 23 18:15:29 andreas kernel: Adding Swap: 771048k swap-space
>    (priority -1)
>    Aug 23 18:15:32 andreas kernel: eth0: Promiscuous mode enabled.
>    Aug 23 18:15:32 andreas kernel: device eth0 entered promiscuous mode
>    Aug 23 18:15:33 andreas kernel: device eth0 left promiscuous mode
>
>    ----------------------------------------------------------------------
>    -----------------------------------
>
>    when the script get snort start, it immediately down and left
>    promiscuous mode, but  when i use this command:

What does it say in /var/log/messages ? 

eg.  this is part of a successful start up - yours might be 'snort'
instead of 'snort-pgsql':

Aug 31 03:58:03 it023072 snort-pgsql:     alert_large_fragments: ACTIVE
Aug 31 03:58:03 it023072 snort-pgsql:     alert_incomplete: ACTIVE
Aug 31 03:58:03 it023072 snort-pgsql:     alert_multiple_requests: ACTIVE
Aug 31 03:58:03 it023072 snort-pgsql: telnet_decode arguments:
Aug 31 03:58:03 it023072 snort-pgsql:     Ports to decode telnet on: 21 23 25 119
Aug 31 03:58:03 it023072 postgres[5595]: [1] LOG:  connection received: host=130.123.107.157 port=36152
Aug 31 03:58:03 it023072 postgres[5595]: [2] LOG:  connection authorized: user=snort_db_user database=snort
Aug 31 03:58:05 it023072 snort-pgsql: Warning: flowbits key 'realplayer.playlist' is checked but not ever set.
Aug 31 03:58:05 it023072 snort-pgsql: Snort initialization completed successfully

cheers,
 Jamie
-- 
James Riden / j.riden at ...11179... / Systems Security Engineer
Information Technology Services, Massey University, NZ.
GPG public key available at: http://www.massey.ac.nz/~jriden/





More information about the Snort-users mailing list