[Snort-users] How to determine that the Snort is ready to capture the traffic?

Andrei_1980 andrei_1980 at ...1975...
Tue Jun 14 10:48:32 EDT 2016


Thanks! That cool thing, and it point me to right solution.  Now i use
option --create-pidfile  and check  for pid in /var/run/snort_*.pid. 
Seems pid file create only if snort correctly startup and load all rules.  

14.06.2016 15:52, wkitty42 at ...14940... 
> On 06/14/2016 07:17 AM, Andrei_1980 wrote:
>> P.s. Now i use simple way - grep stdout until some text pattern. But it will be
>> wonder, if Snort could announce readiness event.
> it does... tail and grep the log...
>
> Jun 14 01:45:27 perseus snort[1864]: Checking PID path...
> Jun 14 01:45:27 perseus snort[1864]: PID path stat checked out ok, PID path set 
> to /var/run/
> Jun 14 01:45:27 perseus snort[1864]: Writing PID "1864" to file 
> "/var/run//snort_ppp0.pid"
> Jun 14 01:45:27 perseus snort[1864]: Set gid to 101
> Jun 14 01:45:27 perseus snort[1864]: Set uid to 101
> Jun 14 01:45:27 perseus snort[1864]:
> Jun 14 01:45:27 perseus snort[1864]:         --== Initialization Complete ==--
> Jun 14 01:45:28 perseus snort[1864]: Commencing packet processing (pid=1864)
>
>
>





More information about the Snort-users mailing list