[Snort-users] Snort does not deamonize

Paul Schmehl pschmehl_lists at ...14358...
Thu Jan 28 12:13:32 EST 2010

--On Thursday, January 28, 2010 03:15:22 -0600 Helmut Schneider 
<jumper99 at ...348...> wrote:

>> --On January 27, 2010 9:30:36 AM -0600 Helmut Schneider <jumper99 at ...348...>
>> wrote:
>>> since I have a problem with snort, after startup on FreeBSD 8.0
>>> it
>>> does not deamonize. The startup command is
>>> /usr/local/bin/snort -Dyq -F /usr/local/etc/snort/filter.conf -u nobody
>>> -g
>>> nobody -t /var/snort -l /var/snort/var/log -i xl0 -c
>>> /usr/local/etc/snort/snort.conf
>> Your problem is here - -Dyq.  You cannot combine the -D (daemonize) switch
>> with other switches.  Change it to -D -yq.  (You may also have to separate
>> the -y and -q switches.  I don't know because I haven't tested that.)
> Wow, what gave you that idea?!

Frustration.  I was getting sick and tired of having to kill snort and then 
start it in the background in order to get it to work.  I'd tried about 
everything else I could think of, so I started it without the q (-D instead of 
-Dq) and it worked.

 Was that introduced with 2.8.5(.1)?

No idea.  Someone else setup the box.  I'd never used the -q switch before, so 
I don't know if this was a longstanding problem or recently introduced.  Maybe 
Nigel can answer that.

 It definitely worked before.

Glad I could help.

Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
"It is as useless to argue with those who have
renounced the use of reason as to administer
medication to the dead." Thomas Jefferson

More information about the Snort-users mailing list