Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: snort cant start automacitally.

From: Jose Maria Lopez <jkerouac () bgsec com>
Date: 31 Aug 2004 22:20:41 +0200
El mar, 31 de 08 de 2004 a las 07:44, th0ri4.wang escribió:

thank u,

i have show my /var/log/messenges last night,when
system is starting , init scripts show the following
lines:
--------------------------------------------------
Aug 23 18:15:32 andreas kernel: eth0: Promiscuous mode
enabled.
Aug 23 18:15:32 andreas kernel: device eth0 entered
promiscuous mode
Aug 23 18:15:33 andreas kernel: device eth0 left
promiscuous mode
Aug 23 18:22:48 andreas kernel: eth0: Promiscuous mode
enabled.
Aug 23 18:22:48 andreas kernel: device eth0 entered
promiscuous mode
--------------------------------------------------
this mean snort is flapping,entered promiscuous and
then left.

when i debug this script use the command
sh -x /etc/init.d/snort start
snort starts without any error! and my acid works well
also.with nmap scanning,alerts is logged.

why this happened? 


Quite strange. I have this message only when I start or
stop snort. Have you got any program that rotates the
logs of snort or something similar that can start and
stop snort? I suppose this it's not the problem, so you
would see that it starts and stops. Or maybe could be
another program that it's putting the interface in
promiscuous mode. I don't have a clue, really...

-- 
Jose Maria Lopez Hernandez
Director Tecnico de bgSEC
jkerouac () bgsec com
bgSEC Seguridad y Consultoria de Sistemas Informaticos
http://www.bgsec.com
ESPAÑA

The only people for me are the mad ones -- the ones who are mad to live,
mad to talk, mad to be saved, desirous of everything at the same time,
the ones who never yawn or say a commonplace thing, but burn, burn, burn
like fabulous yellow Roman candles.
                -- Jack Kerouac, "On the Road"



-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_idP47&alloc_id808&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: