Snort mailing list archives
Re: New member, 3 quick questions
From: Joel Esler <jesler () sourcefire com>
Date: Mon, 6 Jul 2009 08:37:14 -0400
On Sun, Jul 5, 2009 at 9:10 PM, Paul Melson <pmelson () gmail com> wrote:
On Sun, Jul 5, 2009 at 7:30 PM, r s<wera711 () gmail com> wrote:1. what is the most common way to run snort? I have been running it as such: ./snort -de -h 192.168.3.0/24 -c /usr/ports/security/snort/work/snort-2.8.2.2/etc/snort.conf I normally keep a separate session open with a tail -f/var/log/snort/alertIs there a better way to do this? I have heard you can run snort as adaemonso that it runs in the background. If I do it this way, will it still continue to run if I close the session? Do I simply append a "-D" at theendof my command line to run it in the background?Yes, appending -D will run Snort in daemon mode and log stdout to syslog. I prefer to run it from an init.d script so that it automatically starts at boot time and can be properly shut down by the operating system. The one I use is based on Dave Dittrich's from hist batch of Snort scripts: http://staff.washington.edu/dittrich/misc/snort-stuff.tar Running on BSD, your mileage may vary. If I recall correctly, OpenBSD, for example, locks you into launching stuff from rc.local. However, if you are running in "-c" or ids mode, there is no need to use
"-d" or "-e". You also need to put your HOME_NET in your snort.conf, and not try and specify it via the command line using "-h". J -- joel esler | Sourcefire | AIM: eslerjoel | 302-223-5974
------------------------------------------------------------------------------
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- New member, 3 quick questions r s (Jul 05)
- Re: New member, 3 quick questions Paul Melson (Jul 05)
- Re: New member, 3 quick questions Joel Esler (Jul 06)
- Re: New member, 3 quick questions Paul Melson (Jul 05)