Snort mailing list archives
Re: kill -HUP doesn't work
From: Florin Andrei <florin () sgi com>
Date: 22 Sep 2003 19:14:13 -0700
On Mon, 2003-09-22 at 16:58, Demetri Mouratis wrote:
On 22 Sep 2003, Florin Andrei wrote:It looks like kill -HUP $snort_pid does not work. If i run it, snort dies. Sep 21 04:02:02 tart snort: FATAL ERROR: OpenPcap() device eth0 open: ^Isocket: Operation not permitted Sep 22 04:02:02 tart snort: snort shutdown failedHere's your problem. It looks like the user running snort no longer has privilidges on the eth0 interface. This most likely means you used either the -u <uname> command line option when you started snort, or you're running in some kind of chroot'ed environment.
Yeap, that's the problem. I was running it as -u snort -g snort If i don't use -u -g, then -HUP works fine. Hmmm... That's like a catch 22. If i run it as root, then it has too many privileges. If i run it as non-root then i have to actually kill the process which means i'll certainly loose more IP packets (kill/start is slower than -HUP). -- Florin Andrei http://florin.myip.org/ ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- kill -HUP doesn't work Florin Andrei (Sep 22)
- Re: kill -HUP doesn't work Matt Kettler (Sep 22)
- Re: kill -HUP doesn't work Demetri Mouratis (Sep 22)
- Re: kill -HUP doesn't work Florin Andrei (Sep 22)