[Snort-users] Snort switches to packet Dump Mode

Mayur Patil ram.nath241089 at ...11827...
Tue Jul 16 02:59:01 EDT 2013


Hi Waldo,

    You are right that file is copied from pdf.

    But when I tried this command

    [root at ...16428...]# snort -c /etc/snort/snort.conf -i eth0

    it gives this output I think which is fine.   http://fpaste.org/25552/

    I also check for  /etc/sysconfig/snort file which is also fine.

    This is output of grep snort

    [root at ...16428... ~]# ps aux | grep snort
     snort     1801  0.8  3.8 412328 74744 ?        Ssl  12:25   0:01
/usr/local/bin/snort -A fast -b -d -D -i eth0 -u snort -g snort -c
      /etc/snort/snort.conf -l /var/log/snort
      root      3317  0.0  0.0 103236   852 pts/13   S+   12:27   0:00 grep
snort
     clcmain  28334  0.1  0.9 377512 17836 ?        S    12:16   0:00 gedit
/home/clcmain/Downloads/euca-images/snort-centos-6x.sh

 Because running only

 [a at ...2582...]# snort

 send again to packet dump mode.

  Any idea what is the next step ??

 P.S: I will try with www.snort.com/docs snort script for centos and report
here.

 Seeking for guidance,

 Thanks!!

-- 
*Cheers,
Mayur*.

On Tue, Jul 16, 2013 at 1:01 AM, waldo kitty <wkitty42 at ...14940...>wrote:

> On 7/15/2013 14:53, Mayur Patil wrote:
> > Hi Waldo,
> >
> > When I check for /etc/init.d/snort file following output I got
> >
> >         [root at ...16428... init.d]# snort status
> [trim]
> >          Any idea where bug is lurking ??
>
> yes... you are in the init.d folder trying to run a script that lives in
> init.d... you left out the ./ yet you have snort in your path so it was
> executed
> directly instead of via your script...
>
> your script is also the place where you need to check the start up
> parameters
> that are fed to your snort... this is that script you got out of that pdf
> file,
> isn't it??
>
> --
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20130716/07baa79a/attachment.html>


More information about the Snort-users mailing list