[Snort-users] -T option error

Erek Adams erek at ...950...
Fri Feb 13 02:52:01 EST 2004


On Thu, 12 Feb 2004, crazy wrote:

> I have installed snort-2.1.1-RC1 by myself.

Yep, same here.

> The first question is how to compile
> snort-snapshot-CURRENT.tar.gz    Thu Feb 12 10:15:17 2004 GMT
> there is no configure file

	sh ./autojunk

(requires automake and friends)

> The second one:
>
> /usr/local/bin/snort -T -i eth0 -o -d -c /etc/snort/snort.eth0.conf
> outputs the following:

You don't need to use -d, but I will just as a comparision:

[erek at ...3978...]/local/build/cvs/snort#src/snort -T -i hme0 -o -d -c
/etc/snort.conf

Running in IDS mode
Log directory = /var/log/snort

Initializing Network Interface hme0

        --== Initializing Snort ==--
Rule application order changed to Pass->Alert->Log
Initializing Output Plugins!
Decoding Ethernet on interface hme0
Initializing Preprocessors!
Initializing Plug-ins!
Parsing Rules file /etc/snort.conf

[...lotsa stuff snipped...]

        --== Initialization Complete ==--

-*> Snort! <*-
Version 2.1.1-RC1 (Build 21)
By Martin Roesch (roesch at ...1935..., www.snort.org)

Snort sucessfully loaded all rules and checked all rule chains!
Final Flow Statistics

[...flow stats snipped...]

,-----[SERVER STATS]------------
   Memcap: 0  Overhead Bytes: 0
   Finds: 0 (Sucessful: 0(%0.000000) Unsucessful: 0(%0.000000))
   Nodes: 0
   Recovered Nodes: 0
`-------------------------------
Snort exiting

[erek at ...3978...]/local/build/cvs/snort#


Ok, so it worked, checked the rules and exited.  Just exactly like it's
supposed to.

I'm guessing your problem is right here:

[...snip...]

> database: compiled support for ( mysql )
> database: configured to use mysql
> database:          user = snort
> database: password is set
> database: database name = snort
> database:          host = 192.168.0.1
> database:          port = 3306
> database:   sensor name = notebook

If your notebook isn't running the DB, Snort can't make the test
connection to it.  It's not actually writing to the DB, it's just making a
connection and waiting on a connection back.  Since you don't have
anything else after that, I'm guessing that's where it's getting hung.

> There is no difference if "-T" option exists or not.
>
> /usr/local/bin/snort -T -D -i eth0 -o -d -c /etc/snort/snort.eth0.conf
> start snort siletly like
> /usr/local/bin/snort -D -i eth0 -o -d -c /etc/snort/snort.eth0.conf
>
> Also, is there any way to indicate the process of starting in daemon
> mode?

	ps -ef |grep snort
or
	ps -auxww|grep snort

> If there an errors in /etc/snort/snort.eth0.conf, and I try to statr
> snort with -D option then I receive nothing at output, is there any
> way to make snort to show errors when it starts in -T or -D mode?

When you start Snort with -D all output to STDOUT is silently discarded.
Start it without the -D until you get it working.

Cheers!

-----
Erek Adams

 "It looks just like a Telefunken U-47.  You'll love it..."  -- Frank Zappa




More information about the Snort-users mailing list