[Snort-users] Snort PID

Paul Schmehl pauls at ...6838...
Mon Nov 29 08:16:03 EST 2004


--On Sunday, November 28, 2004 12:59:46 PM +0100 Jose Maria Lopez 
<jkerouac at ...12346...> wrote:
>
> I think it depends on the distribution you are using, because
> the file is created by the starting script that loads snort.
> In my Redhat 9 the script /etc/rc.d/init.d/snortd creates a
> file /var/run/snort_any.pid with the pid of the snort process.

I'm pretty sure it's snort that creates the PID.  The OS just decides where 
to put it (usually in /var/run on *nixes).  However, *you* can control the 
PID's name using the -R switch.  The PID name is constructed thus:

snort_{your interface}.pid (e.g. snort_eth0.pid)
If you start snort with -R inside, the PID name will be:
snort_eth0inside.pid  ("Inside" is appended to the interface ID.)

Paul Schmehl (pauls at ...6838...)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu




More information about the Snort-users mailing list