[Snort-users] No pid file in snort 2.4.2?

Michael Scheidell scheidell at ...5171...
Sun Oct 2 16:46:53 EDT 2005


Was running snort 2.4.0.
Freebsd, ./configure --enable-inline --enable-ipfw --enable-flexresp

For interface fxp0, snort was writing the pid to /var/run/snort_fxp0.pid

I downloaded snort 2.4.2 with same compile options killed snort and
restarted it.

No pid files that I can find anymore.
 find / -name 'snort_pid*' -ls

Syslog shows snort started:
Oct  1 12:25:16 scanner snort[56549]: Rule application order:
->activation->dynamic->pass->drop->sdrop->reject->alert->log
Oct  1 12:25:16 scanner snort[56549]: Log directory = /var/log/snort_lan
Oct  1 12:25:17 scanner snort[56549]: Snort initialization completed
successfully (pid=56549)

Ps shows snort running:
ps -wwp 56549
  PID  TT  STAT      TIME COMMAND
56549  ??  Ss     0:03.55 /usr/local/bin/snort -doDI -m 022 -z -c
/etc/snort/snort_lan.conf -i fxp0 -l /var/log/snort_lan -F
/etc/snort/snort_lan.bpf

Sockstat shows snort running.
snort     snort    56549    3 dgram  syslogd[103]:3
Changing config to run as root or snort makes no difference.
root     snort    56675    3 dgram  syslogd[103]:3

System is FREEBSD 4.11, you see startup options above.
Noticed -z option is deprecated., so removed it:(ok, how do you ignore
spoofed packets now)

Didn't do anything.  Still no pid file.
Also noticed a difference in netstat -an output.

Snort 2.4.2:
icm4       0      0  *.*                    *.*

Snort 2.4.0:
ip 4       0      0  *.*                    *.*
ip64       0      0  *.*                    *.*
-- 
Michael Scheidell, CTO
561-999-5000, ext 1131
SECNAP Network Security Corporation
Keep up to date with latest information on IT security: Real time
security alerts: http://www.secnap.com/news
 




More information about the Snort-users mailing list