Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Snort Installed fine but daemon will not run

From: Jeremy Hoel <jthoel () gmail com>
Date: Wed, 22 Aug 2012 19:16:35 +0000
When you started snort with the service command, you got a command
prompt back, correct? So you are not breaking/stopping the process to
view the log.

We can see that it starts at Aug 22 12:54:35 (And eth0 goes promisc)
but what happened here at Aug 22 12:54:35 to make eth0 go out of
promisc mode?

As soon as it starts do you see the pid that it lists with the process
in 'ps'? - ie:  snort[6933]  <--  6933 is the pid



On Wed, Aug 22, 2012 at 6:47 PM, Jimmy Ford <Jimmy.Ford () bloodntissue org> wrote:

Tail of the syslog.




root@hqfsql01:/usr/local/snort/rules# tail /var/log/syslog

Aug 22 12:54:35 hqfsql01 snort[6933]: PID path stat checked out ok, PID path
set to /var/run/

Aug 22 12:54:35 hqfsql01 snort[6933]: Writing PID "6933" to file
"/var/run//snort_eth0.pid"

Aug 22 12:54:35 hqfsql01 snort[6933]:

Aug 22 12:54:35 hqfsql01 snort[6933]:         --== Initialization Complete
==--

Aug 22 12:54:35 hqfsql01 snort[6933]: Commencing packet processing
(pid=6933)

Aug 22 12:54:35 hqfsql01 kernel: [84505.798987] device eth0 entered
promiscuous mode

Aug 22 13:09:01 hqfsql01 CRON[6938]: (root) CMD (  [ -x
/usr/lib/php5/maxlifetime ] && [ -d /var/lib/php5 ] && find /var/lib/php5/
-depth -mindepth 1 -maxdepth 1 -type f -cmin +$(/usr/lib/php5/maxlifetime) !
-execdir fuser -s {} 2>/dev/null \; -delete)

Aug 22 13:17:01 hqfsql01 CRON[6948]: (root) CMD (   cd / && run-parts
--report /etc/cron.hourly)

Aug 22 13:39:01 hqfsql01 CRON[7266]: (root) CMD (  [ -x
/usr/lib/php5/maxlifetime ] && [ -d /var/lib/php5 ] && find /var/lib/php5/
-depth -mindepth 1 -maxdepth 1 -type f -cmin +$(/usr/lib/php5/maxlifetime) !
-execdir fuser -s {} 2>/dev/null \; -delete)

Aug 22 13:40:31 hqfsql01 kernel: [87260.356875] device eth0 left promiscuous
mode



Thank you,

Jimmy L Ford



From: Jeremy Hoel [mailto:jthoel () gmail com]
Sent: Wednesday, August 22, 2012 2:05 PM
To: Jimmy Ford
Cc: Heine Lysemose; snort-users () lists sourceforge net


Subject: Re: [Snort-users] Snort Installed fine but daemon will not run



When you run 'service snortd start' when it finally says running (I assume
it says that) if you tail your syslog/messages file, what do you see?

On Wed, Aug 22, 2012 at 5:53 PM, Jimmy Ford <Jimmy.Ford () bloodntissue org>
wrote:


________________________________
Confidentiality Notice: This e-mail message, including any attachments, is
for the sole use of the intended recipient(s) and may contain confidential
and privileged information. Any unauthorized review, use, disclosure or
distribution is prohibited. If you are not the intended recipient, please
contact the sender by reply e-mail and original message.


------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: