[Snort-users] Snort Installed fine but daemon will not run

Jeremy Hoel jthoel at ...11827...
Wed Aug 22 15:16:35 EDT 2012


When you started snort with the service command, you got a command
prompt back, correct? So you are not breaking/stopping the process to
view the log.

We can see that it starts at Aug 22 12:54:35 (And eth0 goes promisc)
but what happened here at Aug 22 12:54:35 to make eth0 go out of
promisc mode?

As soon as it starts do you see the pid that it lists with the process
in 'ps'? - ie:  snort[6933]  <--  6933 is the pid



On Wed, Aug 22, 2012 at 6:47 PM, Jimmy Ford <Jimmy.Ford at ...15764...> wrote:
> Tail of the syslog.

>
> root at ...15765...:/usr/local/snort/rules# tail /var/log/syslog
>
> Aug 22 12:54:35 hqfsql01 snort[6933]: PID path stat checked out ok, PID path
> set to /var/run/
>
> Aug 22 12:54:35 hqfsql01 snort[6933]: Writing PID "6933" to file
> "/var/run//snort_eth0.pid"
>
> Aug 22 12:54:35 hqfsql01 snort[6933]:
>
> Aug 22 12:54:35 hqfsql01 snort[6933]:         --== Initialization Complete
> ==--
>
> Aug 22 12:54:35 hqfsql01 snort[6933]: Commencing packet processing
> (pid=6933)
>
> Aug 22 12:54:35 hqfsql01 kernel: [84505.798987] device eth0 entered
> promiscuous mode
>
> Aug 22 13:09:01 hqfsql01 CRON[6938]: (root) CMD (  [ -x
> /usr/lib/php5/maxlifetime ] && [ -d /var/lib/php5 ] && find /var/lib/php5/
> -depth -mindepth 1 -maxdepth 1 -type f -cmin +$(/usr/lib/php5/maxlifetime) !
> -execdir fuser -s {} 2>/dev/null \; -delete)
>
> Aug 22 13:17:01 hqfsql01 CRON[6948]: (root) CMD (   cd / && run-parts
> --report /etc/cron.hourly)
>
> Aug 22 13:39:01 hqfsql01 CRON[7266]: (root) CMD (  [ -x
> /usr/lib/php5/maxlifetime ] && [ -d /var/lib/php5 ] && find /var/lib/php5/
> -depth -mindepth 1 -maxdepth 1 -type f -cmin +$(/usr/lib/php5/maxlifetime) !
> -execdir fuser -s {} 2>/dev/null \; -delete)
>
> Aug 22 13:40:31 hqfsql01 kernel: [87260.356875] device eth0 left promiscuous
> mode
>
>
>
> Thank you,
>
> Jimmy L Ford
>
>
>
> From: Jeremy Hoel [mailto:jthoel at ...11827...]
> Sent: Wednesday, August 22, 2012 2:05 PM
> To: Jimmy Ford
> Cc: Heine Lysemose; snort-users at lists.sourceforge.net
>
>
> Subject: Re: [Snort-users] Snort Installed fine but daemon will not run
>
>
>
> When you run 'service snortd start' when it finally says running (I assume
> it says that) if you tail your syslog/messages file, what do you see?
>
> On Wed, Aug 22, 2012 at 5:53 PM, Jimmy Ford <Jimmy.Ford at ...15764...>
> wrote:
>
>
> ________________________________
> Confidentiality Notice: This e-mail message, including any attachments, is
> for the sole use of the intended recipient(s) and may contain confidential
> and privileged information. Any unauthorized review, use, disclosure or
> distribution is prohibited. If you are not the intended recipient, please
> contact the sender by reply e-mail and original message.




More information about the Snort-users mailing list