Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Problems starting snort, yet again.

From: "C. Bensend" <benny () bennyvision com>
Date: Tue, 17 Jul 2001 20:04:18 -0500 (CDT)

Hey folks,

        I just finished a network-wide firewall upgrade, so
it's time to go around and Snort-ify.

        And once again, with the new version
(Version 1.8-RELEASE (Build 43)), I am having issues getting
the command-line parameters to obey my evil whim.  It seems
like I have these issues _every_ single time I try a new
Snort version.

What I want:

        Full logging (-Afull)
        Non-root (-g snort and -u snort)
        Chroot (-t /home/snort)
        Daemon mode (-D)

Soooo, one would assume that:

snort -Afull -g snort -u snort -t /home/snort -D

... would work correctly.  When I run this (as root), I get:

Reading Conf File...
using config file /root/.snortrc

        *blink*blink*  OK, it looks like it can't find the
config file in /home/snort/snort.conf.  So, I add the config
file option (-c):

snort -Afull -g snort -u snort -t /home/snort -c snort.conf -D

which results in:

Checking PID path...
PATH_VARRUN is set to /var/run/ on this operating system
Initializing daemon mode

        And yet snort does _not_ start up.  And it does not
complain about anything in /var/log/messages, /var/log/snort,
or anywhere else I can see.  I have had this same problem on
every version I've used in the past - are the arguments just
very sensitive reguarding their order?  Am I an idiot?  Is
snort interpreting things differently than I anticipate?
Does snort need better error checking, so it will spit out
some errors instead of just vaporizing?

Vital stats:

        OpenBSD 2.9 patched
        Plenty of RAM/disk/etc
        /var/run exists and is snort-writable in the chroot
        Same with /var/log/snort

As in the past, I'd certainly appreciate someone kicking me
in the head and showing me The Way.  :)

Benny


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"I find your lack of clue...disturbing" - Sysadmin Vader.
- Quote from a .sig file, on the MailMan users mailing list



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: