Re: snort auto start

[Tony Robinson <deusexmachina667 () gmail com>]

What I usually do for the autosnort scripts is add an entry to rc.local --
rc.local is a script that runs after all of the other init scripts are ran.
This is the line I usually put in for snort:
echo "/usr/local/snort/bin/snort -D -u snort -g snort -c
/usr/local/snort/etc/snort.conf -i $snort_iface" >> /etc/rc.local

so, to explain what this line is doing:
we're using echo to print this line to the terminal instead of running it
we're calling snort, wherever its installed (my scripts install snort to
/usr/local/snort/bin/)
using the -D flag to daemonize it
running it as the snort user and group (-u snort -g snort)
pointing it to snort.conf (-c /usr/local/snort/etc/snort.conf)
and specifying which interface we want snort to run on (-i $snort_iface
[snort iface is the snort sniffing interface of your choice, say for
instance, eth1])
then we use the append redirection option to redirect the printed outputl
to the /etc/rc.local file (>> /etc/rc.local)


if you use different command line options, such as afpacket for inline mode
operation or other options, then add those command options or specify
running snort however you prefer to run it, just add the line to rc.local
and provided snort didn't run across something it did not like in the
configuration file or the directives you gave it, it should come up
automatically:
ps -ef | grep snort

what to do if it isn't running:
check /var/log/messages or /var/log/syslog.
cat /var/log/[messages or syslog] | grep snort | less -- and look for error
messages or warning messages when snort is trying to initialize. the error
messages are usually pretty straightforward.

hope this helps,

DA



On Fri, Nov 16, 2012 at 11:52 PM, amin Salehi <seyedamin_salehi () yahoo com>wrote:

> hi.how can i config my linux backtrack 64bit system to automatically run
> snort with custom options after boot?
>
>
> ------------------------------------------------------------------------------
> Monitor your physical, virtual and cloud infrastructure from a single
> web console. Get in-depth insight into apps, servers, databases, vmware,
> SAP, cloud infrastructure, etc. Download 30-day Free Trial.
> Pricing starts from $795 for 25 servers or applications!
> http://p.sf.net/sfu/zoho_dev2dev_nov
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!



-- 
when does reality end? when does fantasy begin?

------------------------------------------------------------------------------
Monitor your physical, virtual and cloud infrastructure from a single
web console. Get in-depth insight into apps, servers, databases, vmware,
SAP, cloud infrastructure, etc. Download 30-day Free Trial.
Pricing starts from $795 for 25 servers or applications!
http://p.sf.net/sfu/zoho_dev2dev_nov

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!