Snort mailing list archives

Question about Ring PCAP\Snort\Environment Variables

From: "Mark Ewert" <mewert () ihcis com>
Date: Fri, 7 Nov 2003 11:08:08 -0500

Greetings,

 

Sorry if this is documented somewhere - I've searched google and the
ring pcap site for the answer and can't find it. I've installed the ring
pcap version of libpcap and verified TCPDUMP is using it properly. My
question is basically how do I set the PCAP environment variables so
that Snort correctly uses them. The trick is that I'm running snort
under an account that does not have the rights to login (shell
/sbin/nologin etc...) which as I understand it prevents /etc/profile
from executing. If I login as a user that has shell login rights the
environment variables are set correctly. I am running Snort in daemon
mode as well - which I've read differing accounts about it kicking Snort
off as root initially then switching to the snort account (not certain
about this) - in which case the environment variables set for root who
can login might take care of it. 

 

Sorry if this is obvious and I've just missed it somewhere - if anyone
out there could provide some guidance on how to properly set the PCAP
variables for Snort running under an account that has no shell I would
be most appreciative. 

 

I'm running Snort 2.0.2 but will be upgrading to Snort 2.0.3 soon.

 

THANKS!

 

M

 

---------------------------------------------

Mark F. Ewert, Principal Systems Architect

Integrated Healthcare Information Services

www.ihcis.com <http://www.ihcis.com/> 

 


---------------------------------------------------------------------------
This e-mail and the information transmitted within it is intended only
for the recipient(s) to which it is addressed and may contain confidential
and/or privileged material. Any review, retransmission, dissemination or 
other use of; or taking of any action in reliance upon this information
by persons or entities other than the intended recipient is prohibited. 
If you received this in error, please send the e-mail back to notify the
sender and delete the message and its contents from any computers and
network systems involved in its receipt. Thank you.

Current thread:

Question about Ring PCAP\Snort\Environment Variables Mark Ewert (Nov 07)
- Re: Question about Ring PCAP\Snort\Environment Variables Phil Wood (Nov 07)
- <Possible follow-ups>
- Question about Ring PCAP\Snort\Environment Variables Mark Ewert (Nov 07)