Snort mailing list archives
Re: Snort PID in /var/log/messages
From: sekure <sekure () gmail com>
Date: Wed, 1 Dec 2004 14:33:21 -0500
That's not really what I am asking... When snort daemonizes itself it logs its startup messages to syslog, which then end up in /var/log/messages or whatever you designate. Usually, most daemons include the process id with every message to syslog. Snort hasn't been. Example: Dec 1 11:35:30 hostname snort: Initializing daemon mode Dec 1 11:35:30 hostname snort: PID path stat checked out ok, PID path set to /var/run/ Dec 1 11:35:30 hostname snort: Writing PID "17944" to file "/var/run//snort_eth3.pid" Dec 1 11:35:31 hostname barnyard[17945]: Initializing daemon mode Notice how there is the PID of the barnyard process in the braces, but not of snort. I have 3 snort instances running on one machine, and as a result i have no way of knowing which one daemon logs which messages. On Wed, 1 Dec 2004 11:53:27 -0500, Tom Baker <tbaker () accessway net> wrote:
You will see the line: Nov 29 12:07:14 ogre snort: Writing PID "YOUR PID HERE" to file "/var/run//snort_fxp0.pid" -T -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net]On Behalf Of sekure Sent: Wednesday, December 01, 2004 11:41 AM To: Snort Subject: [Snort-users] Snort PID in /var/log/messages Can someone please do a quick check and see if the PID of snort is recorded in /var/log/messages or wherever snort logs it's startup information. For some reason snort is the only process on my machine that does NOT log it's PID to syslog. I've seen this in 2.2 and now in 2.3RC1. Thanks ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort PID in /var/log/messages sekure (Dec 01)
- RE: Snort PID in /var/log/messages Tom Baker (Dec 01)
- Re: Snort PID in /var/log/messages sekure (Dec 01)
- RE: Snort PID in /var/log/messages Tom Baker (Dec 01)