Snort mailing list archives

Previous By Date Next
Previous By Thread Next

[snort-users] Snort dying

From: ftnx () ksbase com (Kari Suomela)
Date: Sat, 18 Aug 2001 00:03:41 -0500
I have now tried different versions, the latest *RELEASE*, too, and 
they all start fine, and run and log to 'alert' for a while, but then 
logging stops. Snort is up, but even a restart doesn't reactivate 
logging. The systems are RH 7.0 with the latest updates.

Here is my /etc/rc.d/init.d/snortd:

#!/bin/sh
#
# snortd         Start/Stop the snort IDS daemon.
#
# chkconfig: 2345 40 60
# description:  snort is a lightweight network intrusion detection tool 
that
#  currently detects more than 1100 host and network
#  vulnerabilities, portscans, backdoors, and more.
#
# June 10, 2000 -- Dave Wreski <dave () linuxsecurity com>
#   - initial version
#
# July 08, 2000 Dave Wreski <dave () guardiandigital com>
#   - added snort user/group
#   - support for 1.6.2

# Source function library.
. /etc/rc.d/init.d/functions

# Specify your network interface here
INTERFACE=eth0

# See how we were called.
case "$1" in
  start)
 echo -n "Starting snort: "
 daemon /usr/bin/snort -u snort -g snort -d -D \
  -i $INTERFACE -l /var/log/snort -c /etc/snort/snort.conf
 touch /var/lock/subsys/snort
 echo
 ;;
  stop)
 echo -n "Stopping snort: "
 killproc snort
 rm -f /var/lock/subsys/snort
 echo
 ;;
  restart)
 $0 stop
 $0 start
 ;;
  status)
 status snort
 ;;
  *)
 echo "Usage: $0 {start|stop|restart|status}"
 exit 1
esac

exit 0

 KS

   KARICO Business Services
   Toronto, ON Canada
   http://www.karico.ca


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: