Snort mailing list archives
Re: Snort 3 Config File Question (2)
From: Marcin Dulak via Snort-users <snort-users () lists snort org>
Date: Wed, 19 Jul 2017 20:37:42 +0200
On Wed, Jul 19, 2017 at 8:05 PM, Jim Campbell <jim () w4bqp net> wrote:
I can run Snort 3 from a command-line on my login using the following: sudo /opt/snort/bin/snort --daq afpacket -Q -c /opt/snort/etc/snort/snort.lua -R /opt/snort/etc/snort/snort3.rules -i enp1s0:enp4s0 -A unified2 I created a systemD startup script as per the instructions at: http://sublimerobots.com/2017/01/snort-2-9-9-x-ubuntu-systemd-scripts/ My systemD script for Snort is as follows: [Unit] Description=Snort NIPS Daemon After=syslog.target network.target [Service] Type=simple ExecStart=/opt/snort/bin/snort --daq afpacket -Q -c /opt/snort/etc/snort/snort.lua -R /opt/snort/etc/snort/snort3.rules -i enp1s0:enp4s0 -A unified2 [Install] WantedBy=multi-user.target Note: I'm using a similar script for Barnyard2 and it works with no problem. When I (re)start snort with the command "sudo systemctl restart snort" I get the following error: Jul 19 13:25:31 jim-IPS snort[8373]: FATAL: can't init /opt/snort/etc/snort/snort.lua: error loading module 'snort_config' from file '/usr/lib/x86_64-linux-gnu/lua/5.1/snort_config.so': I have snort_config in /opt/snort/etc/snort. There is a snort_config.lua in /opt/snort/include/snort/lua. From printenv: - SNORT_LUA_PATH=/opt/snort/etc/snort/ - LUA_PATH=/opt/snort/include/snort/lua/?.lua;; In my environment Snort is getting the correct environment variables. In the systemD environment it isn't. QUESTION: How do I pass the correct environment variables to systemD.
https://github.com/marcindulak/vagrant-snort-nfqueue-tutorial-centos7/blob/master/spec/snort/snort.service Marcin
Thank you, Jim -- "We are not human beings having a spiritual experience; we are spiritual beings having a human experience." ---Pierre Teilhard de Chardin _______________________________________________ Snort-users mailing list Snort-users () lists snort org Go to this URL to change user options or unsubscribe: https://lists.snort.org/mailman/listinfo/snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
_______________________________________________ Snort-users mailing list Snort-users () lists snort org Go to this URL to change user options or unsubscribe: https://lists.snort.org/mailman/listinfo/snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Snort 3 Config File Question (2) Jim Campbell (Jul 19)
- Re: Snort 3 Config File Question (2) Marcin Dulak via Snort-users (Jul 19)
- Re: Snort 3 Config File Question (2) Marcin Dulak via Snort-users (Jul 19)
- Re: Snort 3 Config File Question (2) Stéphane Descary via Snort-users (Jul 19)
- Re: Snort 3 Config File Question (2) Jim Campbell (Jul 19)
- Re: Snort 3 Config File Question (2) Marcin Dulak via Snort-users (Jul 19)