[Snort-users] Snort switches to packet Dump Mode

waldo kitty wkitty42 at ...14940...
Tue Jul 16 13:04:06 EDT 2013


On 7/16/2013 07:05, Mayur Patil wrote:
> In continuation with previous mail,
>
>     I recompiled Snort and Daq from source.
>
>     (This time I put script of snort from the snort website)
>
>     I got snort compilation successful and snort exit.
>
>     The output I am getting now are
>
>     [root at ...16428... init.d]# ./snort status
>     snort (pid  15718) is running...
>
>     [root at ...16428... init.d]# snort status
> *Running in packet dump mode*

*./snort* and *snort* are NOT the same when you are in that directory! ;)

now do yourself a huge favor and rename /etc/init.d/snort to something else so 
that you will no longer be confused if you are running snort directly or running 
the script to manage snort... if you are going to use the script, use the script 
all the time...

perhaps something like
   mv /etc/init.d/snort /etc/init.d/snortd

then use /etc/init.d/snortd everywhere and stop using snort plain without the d...

OR rename your snort binary and alter your /etc/init.d/snort script to use the 
binary's new name...


-- 
NOTE: No off-list assistance is given without prior approval.
       Please keep mailing list traffic on the list unless
       private contact is specifically requested and granted.




More information about the Snort-users mailing list