Snort mailing list archives
Re: Running Snort Daemon Problem
From: Martin Roesch <roesch () sourcefire com>
Date: Thu, 31 Jan 2002 09:07:47 -0500
By the way, using the -v switch in combination with the -c switch is an
extremely inefficient way to run the software, you're going to see
packet loss due to latency from printing to the screen. Check out the
USAGE file for more info.
-Marty
Chris Green wrote:
"Bill" <wkuhn () adelphia net> writes:Chris, Thanks for replying.... I read your reply and 2 things I don't understand... You said "There is a missing \ at the end of your '-c' line" and "-v shouldn't be used in daemon mode". Well I have the \ at the end of my -c tag and I can't find a -v in the code... The only problem I saw with my code is that I have an extra space between -c and \. I will try the RPM's you mentioned of.Ok let me explain a bit more. snort -dev is equivalent to snort -d -e -v--------------------------------daemon /usr/local/bin/snort -u snort -dev -D \ -i $INTERFACE -l /var/log/snort -u snort -g snort -c /etc/snort/snort.conf -bThis snortd script is a bash shell script that says "run the function daemon with the arguments daemon "/usr/local/bin/snort -u snort -dev -D -i $INTERFACE -l /var/log/snort -u snort -g snort -c" That \ ``escapes'' the newline and makes the shell see that as one big line. The next line is /etc/snort/snort.conf -b which means that it's trying to execute the snort.conf file and since it's not executable, the shell ( not snort ) is saying permission denied. Of course, if that line break was an artifact of posting to the list, that explanation is bogus. Perhaps you edited snortd with pico and the word wrapping kicked you in the behind ;-) -- Chris Green <cmg () uab edu> A watched process never cores. _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- Martin Roesch - Founder/CEO, Sourcefire Inc. - (410)552-6999 Sourcefire: Professional Snort Sensor and Management Console appliances roesch () sourcefire com - http://www.sourcefire.com Snort: Open Source Network IDS - http://www.snort.org _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Running Snort Daemon Problem Bill (Jan 29)
- Re: Running Snort Daemon Problem Chris Green (Jan 29)
- <Possible follow-ups>
- RE: Re: Running Snort Daemon Problem Bill (Jan 30)
- Re: Running Snort Daemon Problem Chris Green (Jan 30)
- Re: Running Snort Daemon Problem Martin Roesch (Jan 31)
- Cisco IDS blade in Catalys switch Jerry A. Shenk (Jan 30)
- Re: Cisco IDS blade in Catalys switch Ryan Russell (Jan 30)
- RE: Cisco IDS blade in Catalyst switch Jerry A. Shenk (Jan 30)
- SV: Cisco IDS blade in Catalys switch Arne Opdal (Jan 30)
- Re: Cisco IDS blade in Catalys switch Jason Costomiris (Jan 30)
- Re: Running Snort Daemon Problem Chris Green (Jan 30)