[Snort-users] Snort does not deamonize

Paul Schmehl pschmehl_lists at ...14358...
Thu Jan 28 12:13:32 EST 2010


--On Thursday, January 28, 2010 03:15:22 -0600 Helmut Schneider 
<jumper99 at ...348...> wrote:

>
>> --On January 27, 2010 9:30:36 AM -0600 Helmut Schneider <jumper99 at ...348...>
>> wrote:
>>>
>>> since 2.8.5.1 I have a problem with snort, after startup on FreeBSD 8.0
>>> it
>>> does not deamonize. The startup command is
>>>
>>> /usr/local/bin/snort -Dyq -F /usr/local/etc/snort/filter.conf -u nobody
>>> -g
>>> nobody -t /var/snort -l /var/snort/var/log -i xl0 -c
>>> /usr/local/etc/snort/snort.conf
>>>
>>
>> Your problem is here - -Dyq.  You cannot combine the -D (daemonize) switch
>> with other switches.  Change it to -D -yq.  (You may also have to separate
>> the -y and -q switches.  I don't know because I haven't tested that.)
>
> Wow, what gave you that idea?!

Frustration.  I was getting sick and tired of having to kill snort and then 
start it in the background in order to get it to work.  I'd tried about 
everything else I could think of, so I started it without the q (-D instead of 
-Dq) and it worked.

 Was that introduced with 2.8.5(.1)?

No idea.  Someone else setup the box.  I'd never used the -q switch before, so 
I don't know if this was a longstanding problem or recently introduced.  Maybe 
Nigel can answer that.

 It definitely worked before.

Glad I could help.

-- 
Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
*******************************************
"It is as useless to argue with those who have
renounced the use of reason as to administer
medication to the dead." Thomas Jefferson





More information about the Snort-users mailing list