Snort mailing list archives

RE: New user question(s)

From: "Harper, Patrick" <patrick.harper () phns com>
Date: Wed, 22 Sep 2004 17:32:07 -0500

That is the init script.  It will tell snort to start with whatever
options you plug into it.  Just a script.

Mine simply tells the system to use eth0, to start snort -c
/etc/snort/snort.conf.  My conf file tells snort (the binary) the
environmental variables, where the rules are, and what to output to.
Hope that helps



 
-----Original Message-----
From: Chris [mailto:cpollock () earthlink net] 
Sent: Wednesday, September 22, 2004 5:17 PM
To: Harper, Patrick; Snort Users
Subject: Re: [Snort-users] New user question(s)

On Wednesday 22 September 2004 01:25 pm, Harper, Patrick wrote:

When you say snortd are you talking about the init script?

A snortd script was installed in my /etc/rc.d/init.d folder.  When
running ./snortd from the cli as root I get "snortd
start|stop|restart|status, below is a portion of the script that starts
snort:

# See how we were called.
case "$1" in
  start)
        if [ -x /usr/sbin/snort -a ! -e /var/lock/subsys/snort ]; then
                gprintf "Starting snort: "
                cd /var/log/snort
                daemon /usr/sbin/snort -u snort -g snort -s -d -D \
                         -i ${INTERFACE} -l /var/log/snort -c
/etc/snort/snort.conf
                touch /var/lock/subsys/snort
                echo
        else
                gprintf "Snort already running.\n"

I'm going to have to search to see what the -u -g -s -d -D mean.

I'm running Mandrake 9.0 with snort 1.8.7-3mdk.

--
Chris
Registered Linux User 283774 http://counter.li.org 5:07pm up 14 days,
21:47, 1 user, load average: 0.26, 0.10, 0.08
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Please forgive me if, in the heat of battle, I sometimes forget which
side I'm on.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







Disclaimer:
This electronic message, including any attachments, is confidential and intended solely for use of the intended 
recipient(s). This message may contain information that is privileged or otherwise protected from disclosure by 
applicable law. Any unauthorized disclosure, dissemination, use or reproduction is strictly prohibited. If you have 
received this message in error, please delete it and notify the sender immediately. 





-------------------------------------------------------
This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
Project Admins to receive an Apple iPod Mini FREE for your judgement on
who ports your project to Linux PPC the best. Sponsored by IBM.
Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

New user question(s) Chris (Sep 22)
- Re: New user question(s) Jason (Sep 22)
- Re: New user question(s) Matt Kettler (Sep 22)
- <Possible follow-ups>
- RE: New user question(s) Harper, Patrick (Sep 22)
  - Re: New user question(s) Chris (Sep 22)
- RE: New user question(s) Harper, Patrick (Sep 22)