[Snort-users] (no subject)

Jason Benway benwaynet at ...11827...
Mon Aug 1 12:59:33 EDT 2005


Thank you, I had to change the alertmode=fast to alertmode=

from /var/sysconfig/snort to remove the --A

now I get 

 snort      386     1 20 14:58 ?        00:00:02 /usr/sbin/snort -b -d
-D -i eth0 -u snort -g snort -c /etc/snort/snort.conf -l
/var/log/snort/eth0
snort      392     1 20 14:58 ?        00:00:02 /usr/sbin/snort -b -d
-D -i eth1 -u snort -g snort -c /etc/snort/snort.conf -l
/var/log/snort/eth1

I'll watch base to see if I get any new data.

thank you
jb

On 8/1/05, Jason Brvenik <jasonb at ...1935...> wrote:
> The problem is that snort is being started with -A fast which will
> override any configured outputs in snort.conf
> 
> You need to remove --A fast from the startup script and all should work
> fine.
> 
> 
> Jason Benway wrote:
> 
> >snort    32082     1  3 04:02 ?        00:21:39 /usr/sbin/snort -A
> >fast -b -d -D -i eth0 -u snort -g snort -c /etc/snort/snort.conf -l
> >/var/log/snort/eth0
> >snort    32088     1  3 04:02 ?        00:20:36 /usr/sbin/snort -A
> >fast -b -d -D -i eth1 -u snort -g snort -c /etc/snort/snort.conf -l
> >/var/log/snort/eth1
> >root     32741 32334  0 14:48 pts/0    00:00:00 grep snort
> >
> >
> >On 8/1/05, Jason Brvenik <jasonb at ...1935...> wrote:
> >
> >
> >>ps -efwww | grep snort
> >>
> >>what command line do you start snort with?
> >>
> >>
> 
>




More information about the Snort-users mailing list