Snort mailing list archives
Re: Snort PID
From: Jose Maria Lopez <jkerouac () bgsec com>
Date: 10 Dec 2004 21:47:43 +0100
El lun, 29 de 11 de 2004 a las 17:15, Paul Schmehl escribió:
--On Sunday, November 28, 2004 12:59:46 PM +0100 Jose Maria Lopez <jkerouac () bgsec com> wrote:I think it depends on the distribution you are using, because the file is created by the starting script that loads snort. In my Redhat 9 the script /etc/rc.d/init.d/snortd creates a file /var/run/snort_any.pid with the pid of the snort process.I'm pretty sure it's snort that creates the PID. The OS just decides where to put it (usually in /var/run on *nixes). However, *you* can control the PID's name using the -R switch. The PID name is constructed thus: snort_{your interface}.pid (e.g. snort_eth0.pid) If you start snort with -R inside, the PID name will be: snort_eth0inside.pid ("Inside" is appended to the interface ID.) Paul Schmehl (pauls () utdallas edu) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu
You are right, I checked the daemon function in /etc/rc.d/init.d/functions and it doesn't creates the pid file, it only checks if it's there to see if the daemon it's loaded. It's snort that creates it. I have any as the interface and that's because the pid file it's called snort_any.pid. Thanks for the info. -- Jose Maria Lopez Hernandez Director Tecnico de bgSEC jkerouac () bgsec com bgSEC Seguridad y Consultoria de Sistemas Informaticos http://www.bgsec.com ESPAÑA The only people for me are the mad ones -- the ones who are mad to live, mad to talk, mad to be saved, desirous of everything at the same time, the ones who never yawn or say a commonplace thing, but burn, burn, burn like fabulous yellow Roman candles. -- Jack Kerouac, "On the Road" ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort PID McKeeman, Samuel (Nov 24)
- Re: Snort PID Jose Maria Lopez (Nov 28)
- Re: Snort PID Paul Schmehl (Nov 29)
- Re: Snort PID Jose Maria Lopez (Dec 10)
- Re: Snort PID Paul Schmehl (Nov 29)
- <Possible follow-ups>
- RE: Snort PID Lance Boon (Nov 24)
- RE: Snort PID Shackleford, David M. (Nov 24)
- SPF DNS Record Frank Reid (Nov 27)
- Re: Snort PID Jose Maria Lopez (Nov 28)