Snort mailing list archives
Re: Fwd: error on startup
From: waldo kitty <wkitty42 () windstream net>
Date: Thu, 08 Nov 2012 21:51:46 -0500
On 11/8/2012 14:43, Leonardo Pezente wrote:
ok im sending the snortd file
that's the snortd file... not the requested snort.conf file :/
#!/bin/sh
# $Id$
#
# snortd Start/Stop the snort IDS daemon.
#
# chkconfig: 2345 40 60
# description: snort is a lightweight network intrusion detection tool that \
# currently detects more than 1100 host and network \
# vulnerabilities, portscans, backdoors, and more.
#
# Source function library.
. /etc/rc.d/init.d/functions
# Source the local configuration file
. /etc/default/snort
# Convert the /etc/sysconfig/snort settings to something snort can
# use on the startup line.
if [ "$ALERTMODE"X = "X" ]; then
ALERTMODE=""
else
ALERTMODE="-A $ALERTMODE"
fi
if [ "$USER"X = "X" ]; then
USER="snort"
fi
if [ "$GROUP"X = "X" ]; then
GROUP="snort"
fi
if [ "$BINARY_LOG"X = "1X" ]; then
BINARY_LOG="-b"
else
BINARY_LOG=""
fi
if [ "$CONF"X = "X" ]; then
CONF="-c /root/snort-2.9.3.1/etc/snort.conf"
else
CONF="-c $CONF"
fi
if [ "$INTERFACE"X = "X" ]; then
INTERFACE="-i eth0"
else
INTERFACE="-i $INTERFACE"
fi
if [ "$DUMP_APP"X = "1X" ]; then
DUMP_APP="-d"
else
DUMP_APP=""
fi
if [ "$NO_PACKET_LOG"X = "1X" ]; then
NO_PACKET_LOG="-N"
else
NO_PACKET_LOG=""
fi
if [ "$PRINT_INTERFACE"X = "1X" ]; then
PRINT_INTERFACE="-I"
else
PRINT_INTERFACE=""
fi
if [ "$PASS_FIRST"X = "1X" ]; then
PASS_FIRST="-o"
else
PASS_FIRST=""
fi
if [ "$LOGDIR"X = "X" ]; then
LOGDIR=/var/log/snort
fi
# These are used by the 'stats' option
if [ "$SYSLOG"X = "X" ]; then
SYSLOG=/var/log/messages
fi
if [ "$SECS"X = "X" ]; then
SECS=5
fi
if [ ! "$BPFFILE"X = "X" ]; then
BPFFILE="-F $BPFFILE"
fi
######################################
# Now to the real heart of the matter:
# See how we were called.
case "$1" in
start)
echo -n "Starting snort: "
cd $LOGDIR
if [ "$INTERFACE" = "-i ALL" ]; then
for i in `cat /proc/net/dev|grep eth|awk -F ":" '{ print $1; }'`
do
mkdir -p "$LOGDIR/$i"
chown -R $USER:$GROUP $LOGDIR
daemon /usr/sbin/snort $ALERTMODE $BINARY_LOG $NO_PACKET_LOG
$DUMP_APP -D $PRINT_INTERFACE -i $i -u $USER -g $GROUP $CONF -l $LOGDIR/$i
$PASS_FIRST $BPFFILE $BPF
done
else
# check if more than one interface is given
if [ `echo $INTERFACE|wc -w` -gt 2 ]; then
for i in `echo $INTERFACE | sed s/"-i "//`
do
mkdir -p "$LOGDIR/$i"
chown -R $USER:$GROUP $LOGDIR
daemon /usr/sbin/snort $ALERTMODE $BINARY_LOG $NO_PACKET_LOG
$DUMP_APP -D $PRINT_INTERFACE -i $i -u $USER -g $GROUP $CONF -l $LOGDIR/$i
$PASS_FIRST $BPFFILE $BPF
done
else
# Run with a single interface (default)
daemon /usr/sbin/snort $ALERTMODE $BINARY_LOG $NO_PACKET_LOG
$DUMP_APP -D $PRINT_INTERFACE $INTERFACE -u $USER -g $GROUP $CONF -l $LOGDIR
$PASS_FIRST $BPFFILE $BPF
fi
fi
touch /var/lock/snort
echo
;;
stop)
echo -n "Stopping snort: "
killall snort
rm -f /var/lock/snort
echo
;;
reload)
echo "Sorry, not implemented yet"
;;
restart)
$0 stop
$0 start
;;
condrestart)
[ -e /var/lock/snort ] && $0 restart
;;
status)
status snort
;;
stats)
TC=125 # Trailing context to grep
SNORTNAME='snort' # Process name to look for
if [ ! -x "/sbin/pidof" ]; then
echo "/sbin/pidof not present, sorry, I cannot go on like this!"
exit 1
fi
#Grab Snort's PID
PID=`pidof -o $$ -o $PPID -o %PPID -x ${SNORTNAME}`
if [ ! -n "$PID" ]; then # if we got no PID then:
echo "No PID found: ${SNORTNAME} must not running."
exit 2
fi
echo ""
echo "*******"
echo "WARNING: This feature is EXPERIMENTAL - please report errors!"
echo "*******"
echo ""
echo "You can also run: $0 stats [long | opt]"
echo ""
echo "Dumping ${SNORTNAME}'s ($PID) statistics"
echo "please wait..."
# Get the date and tell Snort to dump stats as close together in
# time as possible--not 100%, but it seems to work.
startdate=`date '+%b %e %H:%M:%S'`
# This causes the stats to be dumped to syslog
kill -USR1 $PID
# Sleep for $SECS secs to give syslog a chance to catch up
# May need to be adjusted for slow/busy systems
sleep $SECS
if [ "$2" = "long" ]; then # Long format
egrep -B 3 -A $TC "^$startdate .* snort.*: ={79}" $SYSLOG | \
grep snort.*:
elif [ "$2" = "opt" ]; then # OPTimize format
# Just show stuff useful for optimizing Snort
egrep -B 3 -A $TC "^$startdate .* snort.*: ={79}" $SYSLOG | \
egrep "snort.*: Snort analyzed |snort.*: dropping|emory .aults:"
else # Default format
egrep -B 3 -A $TC "^$startdate .* snort.*: ={79}" $SYSLOG | \
grep snort.*: | cut -d: -f4-
fi
;;
*)
echo "Usage: $0 {start|stop|reload|restart|condrestart|status|stats
(long|opt)}"
exit 2
esac
exit 0
2012/11/8 Ray Caparros <arcy24 () gmail com <mailto:arcy24 () gmail com>>
Could you post your conf file for us to look at?
Thanks,
Ray
On Thu, Nov 8, 2012 at 1:54 PM, Leonardo Pezente <lmpezente () gmail com
<mailto:lmpezente () gmail com>> wrote:
> ok, i will try to be more clear.
> For what i can see, the snort has a startup script, and i only have to make
> some
> changes on it to adjust to my sistem. I have done that, but he is giving
> this error.
>
> im using ubuntu 12.04 LTS
>
> and im running snort with:
>
> snort -c /(path)/snort.conf
>
> for what i can see, this error happens because he cant find the file
> "functions".
> So i dont know if i jus comment this line or if there is another way.
>
> ---------- Forwarded message ----------
> From: waldo kitty <wkitty42 () windstream net <mailto:wkitty42 () windstream net>>
> Date: 2012/11/8
> Subject: Re: [Snort-users] error on startup
> To: Leonardo Pezente <lmpezente () gmail com <mailto:lmpezente () gmail com>>
>
>
>
> you need to send this to the list... i do not provide support in private...
> sorry... i guess i need to fix up a sig that states this :/
>
>
> On 11/8/2012 10:56, Leonardo Pezente wrote:
>>
>> ok, i will try to be more clear.
>> For what i can see, the snort has a startup script, and i only have to
>> make some
>> changes on it to adjust to my sistem. I have done that, but he is giving
>> this error.
>>
>> im using ubuntu 12.04 LTS
>>
>> and im running snort with:
>>
>> snort -c /(path)/snort.conf
>>
>> for what i can see, this error happens because he cant find the file
>> "functions".
>> So i dont know if i jus comment this line or if there is another way.
>>
>> 2012/11/7 waldo kitty <wkitty42 () windstream net
<mailto:wkitty42 () windstream net>
>> <mailto:wkitty42 () windstream net <mailto:wkitty42 () windstream net>>>
>>
>>
>> On 11/7/2012 13:39, Leonardo Pezente wrote:
>> > im getting this error when i try to config the startup of snort
>> >
>> > ./snortd: 13: .: Can't open /etc/rc.d/init.d/functions
>> >
>> > For what i can see, the directory rc.d not even exist. Is there any
>> other
>> file
>> > functions in another directory?
>>
>> the crystal balls are all in the shop for failing performance
>> inspections...
>> you've not given enough information and there's no way we can look
>> over your
>> shoulder from half way around the world... without the crystal balls,
>> there's
>> definitely no way we can help with the info you have provided...
>>
>> with all that said...
>>
>> 1. what OS?
>> 2. what command are you using to try to start snort?
------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_nov _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- error on startup Leonardo Pezente (Nov 07)
- Re: error on startup waldo kitty (Nov 07)
- Message not available
- Message not available
- Fwd: error on startup Leonardo Pezente (Nov 08)
- Re: Fwd: error on startup Ray Caparros (Nov 08)
- Re: Fwd: error on startup Leonardo Pezente (Nov 08)
- Re: Fwd: error on startup waldo kitty (Nov 08)
- Re: Fwd: error on startup Leonardo Pezente (Nov 09)
- Message not available
- Re: error on startup waldo kitty (Nov 07)
- Re: Fwd: error on startup waldo kitty (Nov 08)