[Snort-users] Snort PID

Paul Schmehl pauls at ...6838...
Mon Nov 29 08:16:03 EST 2004

--On Sunday, November 28, 2004 12:59:46 PM +0100 Jose Maria Lopez 
<jkerouac at ...12346...> wrote:
> I think it depends on the distribution you are using, because
> the file is created by the starting script that loads snort.
> In my Redhat 9 the script /etc/rc.d/init.d/snortd creates a
> file /var/run/snort_any.pid with the pid of the snort process.

I'm pretty sure it's snort that creates the PID.  The OS just decides where 
to put it (usually in /var/run on *nixes).  However, *you* can control the 
PID's name using the -R switch.  The PID name is constructed thus:

snort_{your interface}.pid (e.g. snort_eth0.pid)
If you start snort with -R inside, the PID name will be:
snort_eth0inside.pid  ("Inside" is appended to the interface ID.)

Paul Schmehl (pauls at ...6838...)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member

More information about the Snort-users mailing list