Snort mailing list archives
Re: starting multiple instances of snort
From: Y M <snort () outlook com>
Date: Fri, 4 Dec 2015 16:22:39 +0000
If I would throw a guess at it I would look in snort.conf file if it has the logdir statically defined in "config logdir:" This may cause a conflict. Also I would check if snort.conf has perfmon configured. By default snort will dump stats to /var/snort as opposed to the default log directory /var/log/snort. YM Sent from Mobile On Fri, Dec 4, 2015 at 7:55 AM -0800, "James" <snort () cyclohexane net<mailto:snort () cyclohexane net>> wrote: Hi, I'm attempting to start 16 instances of snort using a for loop, but see this error repeating in /var/log/messages and hope someone can help as I'm drawing a blank at the moment. snort[8537]: FATAL ERROR: Stat check on log dir failed: No such file or directory. This is the loop: for i in `seq 0 1 15`; do snort -q -u snort -g snort --pid-path /var/run --create-pidfile -D -c /etc/snort/snort.conf -l /logs/snort/eth4_eth5/instance-$i --daq-dir=/usr/local/lib/daq --daq pfring_zc --daq-mode passive -i zc:eth4@$i,zc:eth5@$i --daq-var clusterid=$i --daq-var bindcpu=$i done The referenced log dirs exist and are owned by the snort user, as shown: []$ sudo -u snort ls -al /logs/snort/eth4_eth5/ total 72 drwx------ 18 snort snort 4096 Dec 4 10:44 . drwx------ 3 snort snort 4096 Dec 4 10:43 .. drwx------ 2 snort snort 4096 Dec 4 10:50 instance-0 drwx------ 2 snort snort 4096 Dec 4 10:50 instance-1 drwx------ 2 snort snort 4096 Dec 4 10:44 instance-10 drwx------ 2 snort snort 4096 Dec 4 10:44 instance-11 drwx------ 2 snort snort 4096 Dec 4 10:53 instance-12 drwx------ 2 snort snort 4096 Dec 4 10:54 instance-13 drwx------ 2 snort snort 4096 Dec 4 10:54 instance-14 drwx------ 2 snort snort 4096 Dec 4 10:54 instance-15 drwx------ 2 snort snort 4096 Dec 4 10:51 instance-2 drwx------ 2 snort snort 4096 Dec 4 10:51 instance-3 drwx------ 2 snort snort 4096 Dec 4 10:51 instance-4 drwx------ 2 snort snort 4096 Dec 4 10:52 instance-5 drwx------ 2 snort snort 4096 Dec 4 10:52 instance-6 drwx------ 2 snort snort 4096 Dec 4 10:52 instance-7 drwx------ 2 snort snort 4096 Dec 4 10:44 instance-8 drwx------ 2 snort snort 4096 Dec 4 10:44 instance-9 Any help is much appreciated. J.
------------------------------------------------------------------------------ Go from Idea to Many App Stores Faster with Intel(R) XDK Give your users amazing mobile app experiences with Intel(R) XDK. Use one codebase in this all-in-one HTML5 development environment. Design, debug & build mobile apps & 2D/3D high-impact games for multiple OSs. http://pubads.g.doubleclick.net/gampad/clk?id=254741911&iu=/4140
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- starting multiple instances of snort James (Dec 04)
- Re: starting multiple instances of snort Y M (Dec 04)
- Re: starting multiple instances of snort James (Dec 07)
- Re: starting multiple instances of snort Jack Pepper (Dec 07)
- Re: starting multiple instances of snort James (Dec 07)
- Re: starting multiple instances of snort James (Dec 07)
- <Possible follow-ups>
- FW: starting multiple instances of snort Tony Reusser (Dec 04)
- Re: FW: starting multiple instances of snort James (Dec 07)
- Re: starting multiple instances of snort Y M (Dec 04)