[Snort-users] -T option error
erek at ...950...
Fri Feb 13 02:52:01 EST 2004
On Thu, 12 Feb 2004, crazy wrote:
> I have installed snort-2.1.1-RC1 by myself.
Yep, same here.
> The first question is how to compile
> snort-snapshot-CURRENT.tar.gz Thu Feb 12 10:15:17 2004 GMT
> there is no configure file
(requires automake and friends)
> The second one:
> /usr/local/bin/snort -T -i eth0 -o -d -c /etc/snort/snort.eth0.conf
> outputs the following:
You don't need to use -d, but I will just as a comparision:
[erek at ...3978...]/local/build/cvs/snort#src/snort -T -i hme0 -o -d -c
Running in IDS mode
Log directory = /var/log/snort
Initializing Network Interface hme0
--== Initializing Snort ==--
Rule application order changed to Pass->Alert->Log
Initializing Output Plugins!
Decoding Ethernet on interface hme0
Parsing Rules file /etc/snort.conf
[...lotsa stuff snipped...]
--== Initialization Complete ==--
-*> Snort! <*-
Version 2.1.1-RC1 (Build 21)
By Martin Roesch (roesch at ...1935..., www.snort.org)
Snort sucessfully loaded all rules and checked all rule chains!
Final Flow Statistics
[...flow stats snipped...]
Memcap: 0 Overhead Bytes: 0
Finds: 0 (Sucessful: 0(%0.000000) Unsucessful: 0(%0.000000))
Recovered Nodes: 0
[erek at ...3978...]/local/build/cvs/snort#
Ok, so it worked, checked the rules and exited. Just exactly like it's
I'm guessing your problem is right here:
> database: compiled support for ( mysql )
> database: configured to use mysql
> database: user = snort
> database: password is set
> database: database name = snort
> database: host = 192.168.0.1
> database: port = 3306
> database: sensor name = notebook
If your notebook isn't running the DB, Snort can't make the test
connection to it. It's not actually writing to the DB, it's just making a
connection and waiting on a connection back. Since you don't have
anything else after that, I'm guessing that's where it's getting hung.
> There is no difference if "-T" option exists or not.
> /usr/local/bin/snort -T -D -i eth0 -o -d -c /etc/snort/snort.eth0.conf
> start snort siletly like
> /usr/local/bin/snort -D -i eth0 -o -d -c /etc/snort/snort.eth0.conf
> Also, is there any way to indicate the process of starting in daemon
ps -ef |grep snort
ps -auxww|grep snort
> If there an errors in /etc/snort/snort.eth0.conf, and I try to statr
> snort with -D option then I receive nothing at output, is there any
> way to make snort to show errors when it starts in -T or -D mode?
When you start Snort with -D all output to STDOUT is silently discarded.
Start it without the -D until you get it working.
"It looks just like a Telefunken U-47. You'll love it..." -- Frank Zappa
More information about the Snort-users