Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: About Snort file

From: waldo kitty <wkitty42 () windstream net>
Date: Fri, 05 Jul 2013 18:28:19 -0400
On 7/5/2013 12:12, Mayur Patil wrote:

Hello,

     I have copied it directly from "PDF Manual" to text editor and  make the
spacing as given in PDF file.

     but why the error is there if I have followed steps clearly as given document?


well, yes and no... it gave the script in the PDF but it also speaks of the 
script being available in the archive so that problems copying it from the PDF 
do not occur as you have seen...


     The file I attached is as it *  /etc/init.d/snort* .


i missed your attachment the first time...


     Any clue so that I will cross check it ??


the first thing i see is that there are some lines that should be unwrapped... 
they were wrapped in the document and when copied and pasted out, they stay 
wrapped and get broken... that's my initial theory, anyway...

i see at least two lines that appear to be wrapped and should be unwrapped...

line 37 ("#OPTIONS") is the tail end of line 36 and belongs on line 36... that's 
likely your double-quote error...

find this block

--- snip *5 lines* ---
# Some functions to make the below more readable
SNORTD=/usr/local/bin/snort
#OPTIONS="-A fast -b -d -D -i eth0 -u snort -g snort -c /etc/snort/snort.conf -l
/var/log/snort"
#PID_FILE=/var/run/snort_eth0.pid
--- snip ---

and change it to this

--- snip *4 lines* NO wrap ---
# Some functions to make the below more readable
SNORTD=/usr/local/bin/snort
#OPTIONS="-A fast -b -d -D -i eth0 -u snort -g snort -c /etc/snort/snort.conf -l 
/var/log/snort"
#PID_FILE=/var/run/snort_eth0.pid
--- snip ---


pulling 37 up onto 36 then brings all the following lines up by one... so now 
the next batch of lines is 130, 131 and 132 which all appear to be the end of 
what is now 129...

find this block

--- snip *7 lines* ---
       echo -n $"Starting $prog: "
       daemon --pidfile=$PID_FILE $SNORTD $ALERTMODE $BINARY_LOG
$LINK_LAYER $NO_PACKET_LOG $DUMP_APP -D $PRINT_INTERFACE
$INTERFACE -u $USER -g $GROUP $CONF -l $LOGDIR $PASS_FIRST $BPFFILE
$BPF && success || failure
       RETVAL=$?
       [ $RETVAL -eq 0 ] && touch $lockfile
--- snip ---

and change it to this

--- snip *4 lines* NO wrap ---
       echo -n $"Starting $prog: "
       daemon --pidfile=$PID_FILE $SNORTD $ALERTMODE $BINARY_LOG $LINK_LAYER 
$NO_PACKET_LOG $DUMP_APP -D $PRINT_INTERFACE $INTERFACE -u $USER -g $GROUP $CONF 
-l $LOGDIR $PASS_FIRST $BPFFILE $BPF && success || failure
       RETVAL=$?
       [ $RETVAL -eq 0 ] && touch $lockfile
--- snip ---

i think that will fix your problem...

-- 
NOTE: No off-list assistance is given without prior approval.
       Please keep mailing list traffic on the list unless
       private contact is specifically requested and granted.

------------------------------------------------------------------------------
This SF.net email is sponsored by Windows:

Build for Windows Store.

http://p.sf.net/sfu/windows-dev2dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: