Snort hangs when starting in daemon mode

["Chris Eidem" <CEIDEM () Dexma com>]

I'm trying to start snort with a -D on an OpenBSD 4.7 server, but when I
do, I get the following:

 

ids-1 /etc/snort# /usr/local/bin/snort -c /etc/snort/snort.by.fxp0.conf
-u _snort -g _snort -l /var/snort/log -i fxp0 -D

 0x82a25800 sleep_wait  15 -c---W---f 0000 main     

 

 

And then the console hangs.

 

If I run a ps aux, I get this:

 

USER       PID %CPU %MEM   VSZ   RSS TT  STAT  STARTED       TIME
COMMAND

_snort   28637  1.9 12.1 75756 63120 ??  Ss    10:59AM    1:12.40
/usr/local/bin/snort -c /etc/snort/snort.by.fxp0.conf -u _snort -g
_snort -l /var/snort/log -i fxp0 -D

 

[... snipped processes ...]

 

root     13116  0.0  5.6 28676 29428 p1  S+    10:59AM    0:20.07
/usr/local/bin/snort -c /etc/snort/snort.by.fxp0.conf -u _snort -g
_snort -l /var/snort/log -i fxp0 -D

 

So it appears that there's a problem in changing to the _snort user.  In
/etc/passwd I have the user defined as:

_snort:*:557:557:Snort Account:/nonexistent:/sbin/nologin

 

and when I look at /var/log/messages, I can see that it is loading up
and running as expected, but not letting go of the console.

 

Does anyone have a hint on what's going on and how I can fix it?

 

Thanks in advance,

-          chris

------------------------------------------------------------------------------
This SF.net email is sponsored by Sprint
What will you do first with EVO, the first 4G phone?
Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users