kill -HUP doesn't work

[Florin Andrei <florin () sgi com>]

Using:
- snort-2.0.2
- MySQL-3.23.56-1.9 (patched for latest security stuff)
- gcc-3.2.2-5
- glibc-2.3.2-27.9
- Linux Red Hat 9 fully updated
- dual PIII

Snort was compiled like this:

+ LANG=C
+ export LANG
+ export 'CFLAGS=-O2 -g -pipe -march=i386 -mcpu=i686'
+ CFLAGS=-O2 -g -pipe -march=i386 -mcpu=i686
+ export 'CXXFLAGS=-O2 -g -pipe -march=i386 -mcpu=i686'
+ CXXFLAGS=-O2 -g -pipe -march=i386 -mcpu=i686
+ ./configure --prefix=/usr --with-mysql --mandir=/usr/share/man
--sysconfdir=/etc

It looks like kill -HUP $snort_pid does not work. If i run it, snort
dies.

Here are the system logs at the moment when a system script attempted to
rotate the snort logs:

Sep 21 04:02:02 tart kernel: device eth0 left promiscuous mode
Sep 21 04:02:02 tart snort: Restarting Snort
Sep 21 04:02:02 tart snort: snort -HUP succeeded
Sep 21 04:02:02 tart kernel: snort uses obsolete (PF_INET,SOCK_PACKET)
Sep 21 04:02:02 tart syslogd 1.4.1: restart.
Sep 21 04:02:02 tart snort: FATAL ERROR: OpenPcap() device eth0 open: 
^Isocket: Operation not permitted
Sep 22 04:02:02 tart snort: snort shutdown failed

If i do a kill -HUP by hand, snort dies and this is what syslog reveals:

Sep 22 14:38:21 tart kernel: device eth0 left promiscuous mode
Sep 22 14:38:21 tart snort: Restarting Snort
Sep 22 14:38:21 tart snort: FATAL ERROR: OpenPcap() device eth0 open: 
^Isocket: Operation not permitted

-- 
Florin Andrei

http://florin.myip.org/



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users