Snort mailing list archives
RE: Problems starting snort, yet again.
From: "Bill Gercken" <bgercken () providentanalysis com>
Date: Tue, 17 Jul 2001 21:25:17 -0400
C, Try starting without the -D argument as in: snort -Afull -g snort -u snort -t /home/snort -c snort.conf that will reveal more messages. Once, the errors are cleaned up, try adding the -D. Most likely reason is that snort can not find the classification.config file or the rules. Regards, -bill -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net]On Behalf Of C. Bensend Sent: Tuesday, July 17, 2001 9:04 PM To: snort-users () lists sourceforge net Subject: [Snort-users] Problems starting snort, yet again. Hey folks, I just finished a network-wide firewall upgrade, so it's time to go around and Snort-ify. And once again, with the new version (Version 1.8-RELEASE (Build 43)), I am having issues getting the command-line parameters to obey my evil whim. It seems like I have these issues _every_ single time I try a new Snort version. What I want: Full logging (-Afull) Non-root (-g snort and -u snort) Chroot (-t /home/snort) Daemon mode (-D) Soooo, one would assume that: snort -Afull -g snort -u snort -t /home/snort -D ... would work correctly. When I run this (as root), I get: Reading Conf File... using config file /root/.snortrc *blink*blink* OK, it looks like it can't find the config file in /home/snort/snort.conf. So, I add the config file option (-c): snort -Afull -g snort -u snort -t /home/snort -c snort.conf -D which results in: Checking PID path... PATH_VARRUN is set to /var/run/ on this operating system Initializing daemon mode And yet snort does _not_ start up. And it does not complain about anything in /var/log/messages, /var/log/snort, or anywhere else I can see. I have had this same problem on every version I've used in the past - are the arguments just very sensitive reguarding their order? Am I an idiot? Is snort interpreting things differently than I anticipate? Does snort need better error checking, so it will spit out some errors instead of just vaporizing? Vital stats: OpenBSD 2.9 patched Plenty of RAM/disk/etc /var/run exists and is snort-writable in the chroot Same with /var/log/snort As in the past, I'd certainly appreciate someone kicking me in the head and showing me The Way. :) Benny ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "I find your lack of clue...disturbing" - Sysadmin Vader. - Quote from a .sig file, on the MailMan users mailing list _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Problems starting snort, yet again. C. Bensend (Jul 17)
- RE: Problems starting snort, yet again. Bill Gercken (Jul 17)
- RE: Problems starting snort, yet again. C. Bensend (Jul 17)
- Re: Problems starting snort, yet again. Brett G. Lemoine (Jul 17)
- RE: Problems starting snort, yet again. Dragos Ruiu (Jul 17)
- RE: Problems starting snort, yet again. C. Bensend (Jul 17)
- RE: Problems starting snort, yet again. Bill Gercken (Jul 17)