Snort mailing list archives

Re: Snort switches to packet Dump Mode

From: Mayur Patil <ram.nath241089 () gmail com>
Date: Tue, 16 Jul 2013 12:29:01 +0530

Hi Waldo,

    You are right that file is copied from pdf.

    But when I tried this command

    [root@clc]# snort -c /etc/snort/snort.conf -i eth0

    it gives this output I think which is fine.   http://fpaste.org/25552/

    I also check for  /etc/sysconfig/snort file which is also fine.

    This is output of grep snort

    [root@clc ~]# ps aux | grep snort
     snort     1801  0.8  3.8 412328 74744 ?        Ssl  12:25   0:01
/usr/local/bin/snort -A fast -b -d -D -i eth0 -u snort -g snort -c
      /etc/snort/snort.conf -l /var/log/snort
      root      3317  0.0  0.0 103236   852 pts/13   S+   12:27   0:00 grep
snort
     clcmain  28334  0.1  0.9 377512 17836 ?        S    12:16   0:00 gedit
/home/clcmain/Downloads/euca-images/snort-centos-6x.sh

 Because running only

 [a@b]# snort

 send again to packet dump mode.

  Any idea what is the next step ??

 P.S: I will try with www.snort.com/docs snort script for centos and report
here.

 Seeking for guidance,

 Thanks!!

-- 
*Cheers,
Mayur*.

On Tue, Jul 16, 2013 at 1:01 AM, waldo kitty <wkitty42 () windstream net>wrote:

On 7/15/2013 14:53, Mayur Patil wrote:

Hi Waldo,

When I check for /etc/init.d/snort file following output I got

        [root@clc init.d]# snort status

[trim]

         Any idea where bug is lurking ??


yes... you are in the init.d folder trying to run a script that lives in
init.d... you left out the ./ yet you have snort in your path so it was
executed
directly instead of via your script...

your script is also the place where you need to check the start up
parameters
that are fed to your snort... this is that script you got out of that pdf
file,
isn't it??

--

------------------------------------------------------------------------------
See everything from the browser to the database with AppDynamics
Get end-to-end visibility with application monitoring from AppDynamics
Isolate bottlenecks and diagnose root cause in seconds.
Start your free trial of AppDynamics Pro today!
http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

Snort switches to packet Dump Mode Mayur Patil (Jul 15)
- Re: Snort switches to packet Dump Mode waldo kitty (Jul 15)
  - Re: Snort switches to packet Dump Mode Mayur Patil (Jul 15)
    - Re: Snort switches to packet Dump Mode waldo kitty (Jul 15)
    - Re: Snort switches to packet Dump Mode Mayur Patil (Jul 15)
    - Re: Snort switches to packet Dump Mode Mayur Patil (Jul 15)
    - Re: Snort switches to packet Dump Mode waldo kitty (Jul 15)
    - Re: Snort switches to packet Dump Mode Mayur Patil (Jul 16)
    - Re: Snort switches to packet Dump Mode Mayur Patil (Jul 16)
    - Re: Snort switches to packet Dump Mode waldo kitty (Jul 16)
    - Re: Snort switches to packet Dump Mode Mayur Patil (Jul 16)
    - Re: Snort switches to packet Dump Mode waldo kitty (Jul 16)
    - Re: Snort switches to packet Dump Mode Mayur Patil (Jul 16)
    - Re: Snort switches to packet Dump Mode waldo kitty (Jul 17)
    - Re: Snort switches to packet Dump Mode Mayur Patil (Jul 17)
    - Re: Snort switches to packet Dump Mode Mayur Patil (Jul 17)
    - Re: Snort switches to packet Dump Mode waldo kitty (Jul 17)
    - Re: Snort switches to packet Dump Mode Mayur Patil (Jul 17)

(Thread continues...)