[Snort-users] Snort does not deamonize

Nigel Houghton nhoughton at ...1935...
Wed Jan 27 11:24:35 EST 2010


On Wed, Jan 27, 2010 at 10:30 AM, Helmut Schneider <jumper99 at ...348...> wrote:
> Hi,
>
> since 2.8.5.1 I have a problem with snort, after startup on FreeBSD 8.0 it
> does not deamonize. The startup command is
>
> /usr/local/bin/snort -Dyq -F /usr/local/etc/snort/filter.conf -u nobody -g
> nobody -t /var/snort -l /var/snort/var/log -i xl0 -c
> /usr/local/etc/snort/snort.conf
>
> The last I can see on the screen is
>
> [...]
>        --== Initialization Complete ==--
>
>   ,,_     -*> Snort! <*-
>  o"  )~   Version 2.8.5.2 (Build 121)
>   ''''    By Martin Roesch & The Snort Team:
> http://www.snort.org/snort/snort-team
>           Copyright (C) 1998-2009 Sourcefire, Inc., et al.
>           Using PCRE version: 8.00 2009-10-19
>
>           Rules Engine: SF_SNORT_DETECTION_ENGINE  Version 1.11  <Build 17>
>           Preprocessor Object: SF_SSLPP  Version 1.1  <Build 3>
>           Preprocessor Object: SF_SSH  Version 1.1  <Build 2>
>           Preprocessor Object: SF_SMTP  Version 1.1  <Build 8>
>           Preprocessor Object: SF_FTPTELNET  Version 1.2  <Build 12>
>           Preprocessor Object: SF_DNS  Version 1.1  <Build 3>
>           Preprocessor Object: SF_DCERPC2  Version 1.0  <Build 2>
>           Preprocessor Object: SF_DCERPC  Version 1.1  <Build 5>
>           Preprocessor Object: SF_Dynamic_Example_Preprocessor  Version 1.0
> <Build 1>
> Not Using PCAP_FRAMESNot Using PCAP_FRAMES
> ^C*** Caught Int-Signal
> Run time prior to being shutdown was 240.557323 seconds
> database: Closing connection to database "snort"
> [...]
>
> Snort is then running fine but preventing the rest of the boot process.
>
> What's wrong?
>
> Thanks, Helmut
>
>
> ------------------------------------------------------------------------------
> The Planet: dedicated and managed hosting, cloud storage, colocation
> Stay online with enterprise data centers and the best network in the business
> Choose flexible plans and management services without long-term contracts
> Personal 24x7 support from experience hosting pros just a phone call away.
> http://p.sf.net/sfu/theplanet-com
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>


Are you trying to start snort using a script in /usr/local/etc/rc.d
along with a variable in /etc/rc.conf or /etc/rc.local? Or are you
trying to do something else?

-- 
Nigel Houghton
Head Mentalist
SF VRT
http://vrt-sourcefire.blogspot.com && http://www.snort.org/vrt/




More information about the Snort-users mailing list