Snort mailing list archives
RE: snort 1.8
From: "Bill Gercken" <bgercken () providentanalysis com>
Date: Wed, 11 Jul 2001 21:25:56 -0400
John, The best thing to do when debugging this type of problem is to first try running it in the foreground. Start simple and leave out the -D and see what you get as in: /usr/sbin/snort -c /etc/snort.conf -l /var/log/snort -i eth0 then add the rest of your arguments as in: /usr/sbin/snort -c /etc/snort.conf -l /var/log/snort -i eth0 -s -g snort -u snort -d and make sure that works. Then run it in the background. Regards, -bill -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net]On Behalf Of John Johnson Sent: Wednesday, July 11, 2001 7:12 PM To: snort-users () lists sourceforge net Subject: [Snort-users] snort 1.8 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ok, I am just having a heck of a time with snort 1.8 I start snort and it dies with no error....this is all I get in my logs. I am using MAndrake 8.0 with Kernel 2.4.3 I am starting snort like this. /usr/sbin/snort -u snort -g snort -s -d -D -i eth0 -l /var/log/snort -c /etc/snort/snort.conf user snort and group snort own all logging directorys. I am getting this ready to upgrade snort at work but I can't do that til I can make it work and I am lost as to what the problem is. Jul 10 21:17:38 linux snort: Checking PID path... Jul 10 21:17:38 linux snort: PATH_VARRUN is set to /var/run/ on this operating system Jul 10 21:17:38 linux snort: Initializing daemon mode Jul 10 21:17:38 linux kernel: device eth0 entered promiscuous mode Jul 10 21:17:38 linux snortd: snort startup succeeded Jul 10 21:17:38 linux kernel: device eth0 left promiscuous mode -----BEGIN PGP SIGNATURE----- Version: PGP 7.0.1 iQA/AwUBO0zdTwfP+qzR55XlEQIQHACfZgz/UfDXgsoRWw7efvZuMuY/QygAoOTU V3YL7EUDspP0hC0pIlKxF6Hl =67Xt -----END PGP SIGNATURE----- _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- snort 1.8 John Johnson (Jul 11)
- RE: snort 1.8 Bill Gercken (Jul 11)
- Message not available
- RE: snort 1.8 John Johnson (Jul 11)
- Re: snort 1.8 Fyodor (Jul 11)
- Re: snort 1.8 Scott Nursten (Jul 12)
- Re: snort 1.8 Fyodor (Jul 12)
- Re: snort 1.8 Scott Nursten (Jul 12)
- RE: snort 1.8 John Johnson (Jul 11)
- <Possible follow-ups>
- snort 1.8 Phil Wood (Jul 11)