[Snort-users] Snort Installed fine but daemon will not run

Peter Bates peter.bates at ...15381...
Wed Aug 22 15:31:22 EDT 2012


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Hello all

On 22/08/2012 19:47, Jimmy Ford wrote:
> Tail of the syslog.
> 
> root at ...15765...:/usr/local/snort/rules# tail /var/log/syslog Aug 22
> 12:54:35 hqfsql01 snort[6933]: PID path stat checked out ok, PID
> path set to /var/run/ Aug 22 12:54:35 hqfsql01 snort[6933]: Writing
> PID "6933" to file "/var/run//snort_eth0.pid" Aug 22 12:54:35
> hqfsql01 snort[6933]: Aug 22 12:54:35 hqfsql01 snort[6933]:
> --== Initialization Complete ==-- Aug 22 12:54:35 hqfsql01
> snort[6933]: Commencing packet processing (pid=6933) Aug 22
> 12:54:35 hqfsql01 kernel: [84505.798987] device eth0 entered
> promiscuous mode Aug 22 13:09:01 hqfsql01 CRON[6938]: (root) CMD (
> [ -x /usr/lib/php5/maxlifetime ] && [ -d /var/lib/php5 ] && find
> /var/lib/php5/ -depth -mindepth 1 -maxdepth 1 -type f -cmin
> +$(/usr/lib/php5/maxlifetime) ! -execdir fuser -s {} 2>/dev/null \;
> -delete) Aug 22 13:17:01 hqfsql01 CRON[6948]: (root) CMD (   cd /
> && run-parts --report /etc/cron.hourly) Aug 22 13:39:01 hqfsql01
> CRON[7266]: (root) CMD (  [ -x /usr/lib/php5/maxlifetime ] && [ -d
> /var/lib/php5 ] && find /var/lib/php5/ -depth -mindepth 1 -maxdepth
> 1 -type f -cmin +$(/usr/lib/php5/maxlifetime) ! -execdir fuser -s
> {} 2>/dev/null \; -delete) Aug 22 13:40:31 hqfsql01 kernel:
> [87260.356875] device eth0 left promiscuous mode

This looks like Snort ran from 12:54:35 (setting promiscuous mode on
eth0) up to 13:40.

Odd that it doesn't leave the statistics in the log.

You could also try

snort -A console -u snort -g snort -c /etc/snort/snort.conf -i eth0

to run snort in the foreground before worrying about running it in
daemon mode - but the fact it passes -T implies the configuration is
okay.

- -- 
Peter Bates
Senior Computer Security Officer    Phone: +44(0)2076792049
Information Services Division	    Internal Ext: 32049
University College London
London WC1E 6BT
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJQNTOKAAoJELhVoVpEMS6RkUwH/0QSLyUSJ7oZ1AHyeYXZd8BG
OBrd5bGhwQVfeKxj23jnta6DLlvv8DeDlDp+nSDvxnoJuSdQCtl3AwnCs7Hbk08B
Zc2Q5FbU0I3e3LLEncHY4dDOTD4QSXihKbUsDDB8RAMuUQAOa8zybfu51xbSP7xm
j20Jk8rfGSWSRM7USnAWBQVG3AJDcOSIbxBW2MxJdr76MmrcdqT20KIT8W26qYY7
1h/ydBWAh50aCkfIy5whKJHaAjuzthBRC/4cVKDsp3qD8YOW2mipfMbzri47MO0h
Pu9qt9DVaqMPEqrHZnUVUCats7nTM8jPAM/t/eSUeetMpZ//wCKbKUQzfX7XLRk=
=mozr
-----END PGP SIGNATURE-----





More information about the Snort-users mailing list