Snort mailing list archives
No pid file in snort 2.4.2?
From: "Michael Scheidell" <scheidell () secnap net>
Date: Sat, 1 Oct 2005 12:51:44 -0400
Was running snort 2.4.0. Freebsd, ./configure --enable-inline --enable-ipfw --enable-flexresp For interface fxp0, snort was writing the pid to /var/run/snort_fxp0.pid I downloaded snort 2.4.2 with same compile options killed snort and restarted it. No pid files that I can find anymore. find / -name 'snort_pid*' -ls Syslog shows snort started: Oct 1 12:25:16 scanner snort[56549]: Rule application order: ->activation->dynamic->pass->drop->sdrop->reject->alert->log Oct 1 12:25:16 scanner snort[56549]: Log directory = /var/log/snort_lan Oct 1 12:25:17 scanner snort[56549]: Snort initialization completed successfully (pid=56549) Ps shows snort running: ps -wwp 56549 PID TT STAT TIME COMMAND 56549 ?? Ss 0:03.55 /usr/local/bin/snort -doDI -m 022 -z -c /etc/snort/snort_lan.conf -i fxp0 -l /var/log/snort_lan -F /etc/snort/snort_lan.bpf Sockstat shows snort running. snort snort 56549 3 dgram syslogd[103]:3 Changing config to run as root or snort makes no difference. root snort 56675 3 dgram syslogd[103]:3 System is FREEBSD 4.11, you see startup options above. Noticed -z option is deprecated., so removed it:(ok, how do you ignore spoofed packets now) Didn't do anything. Still no pid file. Also noticed a difference in netstat -an output. Snort 2.4.2: icm4 0 0 *.* *.* Snort 2.4.0: ip 4 0 0 *.* *.* ip64 0 0 *.* *.* -- Michael Scheidell, CTO 561-999-5000, ext 1131 SECNAP Network Security Corporation Keep up to date with latest information on IT security: Real time security alerts: http://www.secnap.com/news ------------------------------------------------------- This SF.Net email is sponsored by: Power Architecture Resource Center: Free content, downloads, discussions, and more. http://solutions.newsforge.com/ibmarch.tmpl _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- No pid file in snort 2.4.2? Michael Scheidell (Oct 02)
- Re: No pid file in snort 2.4.2? sekure (Oct 03)
- Re: No pid file in snort 2.4.2? Michael Scheidell (Oct 03)
- Re: No pid file in snort 2.4.2? sekure (Oct 03)
- Re: No pid file in snort 2.4.2? Michael Scheidell (Oct 03)
- Re: No pid file in snort 2.4.2? Michael Scheidell (Oct 03)
- Re: No pid file in snort 2.4.2? sekure (Oct 03)