[Snort-users] About Snort file

waldo kitty wkitty42 at ...14940...
Fri Jul 5 18:28:19 EDT 2013


On 7/5/2013 12:12, Mayur Patil wrote:
> Hello,
>
>      I have copied it directly from "PDF Manual" to text editor and  make the
> spacing as given in PDF file.
>
>      but why the error is there if I have followed steps clearly as given document?

well, yes and no... it gave the script in the PDF but it also speaks of the 
script being available in the archive so that problems copying it from the PDF 
do not occur as you have seen...

>      The file I attached is as it *  /etc/init.d/snort* .

i missed your attachment the first time...

>      Any clue so that I will cross check it ??

the first thing i see is that there are some lines that should be unwrapped... 
they were wrapped in the document and when copied and pasted out, they stay 
wrapped and get broken... that's my initial theory, anyway...

i see at least two lines that appear to be wrapped and should be unwrapped...

line 37 ("#OPTIONS") is the tail end of line 36 and belongs on line 36... that's 
likely your double-quote error...

find this block

--- snip *5 lines* ---
# Some functions to make the below more readable
SNORTD=/usr/local/bin/snort
#OPTIONS="-A fast -b -d -D -i eth0 -u snort -g snort -c /etc/snort/snort.conf -l
/var/log/snort"
#PID_FILE=/var/run/snort_eth0.pid
--- snip ---

and change it to this

--- snip *4 lines* NO wrap ---
# Some functions to make the below more readable
SNORTD=/usr/local/bin/snort
#OPTIONS="-A fast -b -d -D -i eth0 -u snort -g snort -c /etc/snort/snort.conf -l 
/var/log/snort"
#PID_FILE=/var/run/snort_eth0.pid
--- snip ---


pulling 37 up onto 36 then brings all the following lines up by one... so now 
the next batch of lines is 130, 131 and 132 which all appear to be the end of 
what is now 129...

find this block

--- snip *7 lines* ---
       echo -n $"Starting $prog: "
       daemon --pidfile=$PID_FILE $SNORTD $ALERTMODE $BINARY_LOG
$LINK_LAYER $NO_PACKET_LOG $DUMP_APP -D $PRINT_INTERFACE
$INTERFACE -u $USER -g $GROUP $CONF -l $LOGDIR $PASS_FIRST $BPFFILE
$BPF && success || failure
       RETVAL=$?
       [ $RETVAL -eq 0 ] && touch $lockfile
--- snip ---

and change it to this

--- snip *4 lines* NO wrap ---
       echo -n $"Starting $prog: "
       daemon --pidfile=$PID_FILE $SNORTD $ALERTMODE $BINARY_LOG $LINK_LAYER 
$NO_PACKET_LOG $DUMP_APP -D $PRINT_INTERFACE $INTERFACE -u $USER -g $GROUP $CONF 
-l $LOGDIR $PASS_FIRST $BPFFILE $BPF && success || failure
       RETVAL=$?
       [ $RETVAL -eq 0 ] && touch $lockfile
--- snip ---

i think that will fix your problem...

-- 
NOTE: No off-list assistance is given without prior approval.
       Please keep mailing list traffic on the list unless
       private contact is specifically requested and granted.




More information about the Snort-users mailing list