Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: kill -HUP doesn't work

From: Florin Andrei <florin () sgi com>
Date: 22 Sep 2003 19:14:13 -0700
On Mon, 2003-09-22 at 16:58, Demetri Mouratis wrote:

On 22 Sep 2003, Florin Andrei wrote:

It looks like kill -HUP $snort_pid does not work. If i run it, snort
dies.
Sep 21 04:02:02 tart snort: FATAL ERROR: OpenPcap() device eth0 open:
^Isocket: Operation not permitted
Sep 22 04:02:02 tart snort: snort shutdown failed


Here's your problem.  It looks like the user running snort no longer has
privilidges on the eth0 interface.  This most likely means you used either
the -u <uname> command line option when you started snort, or you're
running in some kind of chroot'ed environment.


Yeap, that's the problem. I was running it as -u snort -g snort
If i don't use -u -g, then -HUP works fine.

Hmmm... That's like a catch 22. If i run it as root, then it has too
many privileges. If i run it as non-root then i have to actually kill
the process which means i'll certainly loose more IP packets (kill/start
is slower than -HUP).

-- 
Florin Andrei

http://florin.myip.org/



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: