Snort mailing list archives
Re: Problems daemonizing snort when using BPF filters
From: Joel Esler <joel.esler () sourcefire com>
Date: Mon, 20 Aug 2007 07:48:55 -0400
Can you put the bpf's in a file and call the file with the "-F" command line tag? Joel On Mon, Aug 20, 2007 at 12:37:11PM +0200, it looks like Patrik Nordl?n sent me:
Hi, wondering if anyone else has experienced this... I'm running snort on a bunch of FreeBSD 6 machines. Due to some system constraints, I've had to compile a statically linked binary for use on the sensors (the dynamic libs distributed along with it), however this hasn't been a problem...however, when trying to run snort v2.7.x on these sensors I have a problem with getting snort to run in the background. Whether using -D on the command line or "config daemon" in the config file (I suppose it's the same thing in the end anyway), snort doesn't go into the background as it's supposed to if I add BPF filters as command line arguments. It still works perfectly though, just that it doesn't go into the background. If I just strip off the BPF filters from the command line arguments, snort goes into the background as it's supposed to. I'm not experiencing this problem when running snort v2.6.1.3 or earlier versions. I know I'm running a very non-standard setup here since I'm using statically linked binaries, but still, has anyone seen this problem and/or has a suggestion on how to solve it? Thanks, Patrik ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
----- joel esler http://demo.sourcefire.com/jesler.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Problems daemonizing snort when using BPF filters Patrik Nordlén (Aug 20)
- Re: Problems daemonizing snort when using BPF filters Joel Esler (Aug 20)