Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: snort 2.02 cant start automactically

From: James Riden <j.riden () massey ac nz>
Date: Tue, 31 Aug 2004 08:32:00 +1200
"th0ri4.wang" <th0ri4 () yahoo com cn> writes:


   hi,



   i have a debian woody box,  i have copied the file S99snort to
   /etc/init.d/snort,and create a symbol link at rc3.d. then i

   reboot my box, the following lines traped me:

   ----------------------------------------------------------------------
   ----------------------------------

   Aug 23 18:15:29 andreas kernel: TCP: Hash tables configured
   (established 4096 b
   nd 4096)
   Aug 23 18:15:29 andreas kernel: NET4: Unix domain sockets 1.0/SMP for
   Linux NET
   .0.
   Aug 23 18:15:29 andreas kernel: ds: no socket drivers loaded!
   Aug 23 18:15:29 andreas kernel: VFS: Mounted root (ext2 filesystem)
   readonly.
   Aug 23 18:15:29 andreas kernel: Freeing unused kernel memory: 188k
   freed
   Aug 23 18:15:29 andreas kernel: Adding Swap: 771048k swap-space
   (priority -1)
   Aug 23 18:15:32 andreas kernel: eth0: Promiscuous mode enabled.
   Aug 23 18:15:32 andreas kernel: device eth0 entered promiscuous mode
   Aug 23 18:15:33 andreas kernel: device eth0 left promiscuous mode

   ----------------------------------------------------------------------
   -----------------------------------

   when the script get snort start, it immediately down and left
   promiscuous mode, but  when i use this command:


What does it say in /var/log/messages ? 

eg.  this is part of a successful start up - yours might be 'snort'
instead of 'snort-pgsql':

Aug 31 03:58:03 it023072 snort-pgsql:     alert_large_fragments: ACTIVE
Aug 31 03:58:03 it023072 snort-pgsql:     alert_incomplete: ACTIVE
Aug 31 03:58:03 it023072 snort-pgsql:     alert_multiple_requests: ACTIVE
Aug 31 03:58:03 it023072 snort-pgsql: telnet_decode arguments:
Aug 31 03:58:03 it023072 snort-pgsql:     Ports to decode telnet on: 21 23 25 119
Aug 31 03:58:03 it023072 postgres[5595]: [1] LOG:  connection received: host=130.123.107.157 port=36152
Aug 31 03:58:03 it023072 postgres[5595]: [2] LOG:  connection authorized: user=snort_db_user database=snort
Aug 31 03:58:05 it023072 snort-pgsql: Warning: flowbits key 'realplayer.playlist' is checked but not ever set.
Aug 31 03:58:05 it023072 snort-pgsql: Snort initialization completed successfully

cheers,
 Jamie
-- 
James Riden / j.riden () massey ac nz / Systems Security Engineer
Information Technology Services, Massey University, NZ.
GPG public key available at: http://www.massey.ac.nz/~jriden/



-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=5047&alloc_id=10808&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: