Re[4]: -T option error

[Erek Adams <erek () snort org>]

On Thu, 12 Feb 2004, crazy wrote:

> I have installed snort-2.1.1-RC1 by myself.

Yep, same here.

> The first question is how to compile
> snort-snapshot-CURRENT.tar.gz    Thu Feb 12 10:15:17 2004 GMT
> there is no configure file

        sh ./autojunk

(requires automake and friends)

> The second one:
>
> /usr/local/bin/snort -T -i eth0 -o -d -c /etc/snort/snort.eth0.conf
> outputs the following:

You don't need to use -d, but I will just as a comparision:

[erek@merf]/local/build/cvs/snort#src/snort -T -i hme0 -o -d -c
/etc/snort.conf

Running in IDS mode
Log directory = /var/log/snort

Initializing Network Interface hme0

        --== Initializing Snort ==--
Rule application order changed to Pass->Alert->Log
Initializing Output Plugins!
Decoding Ethernet on interface hme0
Initializing Preprocessors!
Initializing Plug-ins!
Parsing Rules file /etc/snort.conf

[...lotsa stuff snipped...]

        --== Initialization Complete ==--

-*> Snort! <*-
Version 2.1.1-RC1 (Build 21)
By Martin Roesch (roesch () sourcefire com, www.snort.org)

Snort sucessfully loaded all rules and checked all rule chains!
Final Flow Statistics

[...flow stats snipped...]

,-----[SERVER STATS]------------
   Memcap: 0  Overhead Bytes: 0
   Finds: 0 (Sucessful: 0(%0.000000) Unsucessful: 0(%0.000000))
   Nodes: 0
   Recovered Nodes: 0
`-------------------------------
Snort exiting

[erek@merf]/local/build/cvs/snort#


Ok, so it worked, checked the rules and exited.  Just exactly like it's
supposed to.

I'm guessing your problem is right here:

[...snip...]

> database: compiled support for ( mysql )
> database: configured to use mysql
> database:          user = snort
> database: password is set
> database: database name = snort
> database:          host = 192.168.0.1
> database:          port = 3306
> database:   sensor name = notebook

If your notebook isn't running the DB, Snort can't make the test
connection to it.  It's not actually writing to the DB, it's just making a
connection and waiting on a connection back.  Since you don't have
anything else after that, I'm guessing that's where it's getting hung.

> There is no difference if "-T" option exists or not.
>
> /usr/local/bin/snort -T -D -i eth0 -o -d -c /etc/snort/snort.eth0.conf
> start snort siletly like
> /usr/local/bin/snort -D -i eth0 -o -d -c /etc/snort/snort.eth0.conf
>
> Also, is there any way to indicate the process of starting in daemon
> mode?

        ps -ef |grep snort
or
        ps -auxww|grep snort

> If there an errors in /etc/snort/snort.eth0.conf, and I try to statr
> snort with -D option then I receive nothing at output, is there any
> way to make snort to show errors when it starts in -T or -D mode?

When you start Snort with -D all output to STDOUT is silently discarded.
Start it without the -D until you get it working.

Cheers!

-----
Erek Adams

 "It looks just like a Telefunken U-47.  You'll love it..."  -- Frank Zappa


-------------------------------------------------------
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users