Snort mailing list archives
Re: Test Snort
From: Pratibha Rajan <pratibha.nair12 () outlook com>
Date: Mon, 25 Jul 2016 19:34:55 +0530
Hi Russ,
Thanks for responding, I did as you suggested and it seems to be stuck at:
Commencing packet processing (pid=29664)
when I check the /var/log/messages I see:
: WARNING: _PATH_VARRUN is invalid, trying /var/log/ ...
: WARNING: /var/log/ is invalid, logging Snort PID path to log directory (/var/log/snort).
: Writing PID "24421" to file "/var/log/snort//snort_ens192.pid"
What do I do next?
Thanks
Pratibha.
To: snort-users () lists sourceforge net
From: rucombs () cisco com
Date: Mon, 25 Jul 2016 07:52:00 -0400
Subject: Re: [Snort-users] Test Snort
The script probably does need tweaking. I suggest you run the snort
binary directly using the same options as the script but drop -D,
-E, and -M if present to see exactly what is going on.
On 7/24/16 9:49 AM,
pratibha.nair12 () outlook com wrote:
Hi,
Can I get some help here?
Thanks
Pratibha
On Fri, Jul 22, 2016 at 11:41 PM +0530,
"Pratibha Rajan"
<pratibha.nair12 () outlook com>
wrote:
Hi,
This is with regard to the error I am facing while starting
the snort service after the test Snort start up which was
successfull:
******************************************************************
Preprocessor Object: SF_POP Version 1.0 <Build
1>
Preprocessor Object: SF_FTPTELNET Version 1.2
<Build 13>
Snort successfully validated the configuration!
Snort exiting
********************************************************************
while trying to start the service this is the error being
faced:
*********************************************************************
[root@tparheidspxx1 init.d]# ./snort restart
Stopping snort: [
OK ]
Starting snort: Spawning daemon child...
My daemon child 13226 lives...
Daemon parent exiting (0)
[
OK ]
[root@tparheidspxx1 init.d]# ./snort status
snort dead but subsys locked
**************************************************************************
The initialization file i have used is the shell script from
snort.downloads and below is the permission set for the same:
[root@tparheidspxx1 init.d]# ls -l | grep snort
-rwx------. 1 snort snort 3761 Jul 21 12:41 snort
Few queries:
Do I need to make changes to the script with respect to
network interface? As the test snort is being run on a virtual
machine.
I see that the interface set in the script is "eth0".
Is the permission set for the script correct?
Also:
********************************************
# cd /var/log/snort
# ls -l
total 4
-rw-r--r--. 1 snort snort 0 Jul 22 09:25 alert
-rw-------. 1 snort snort 6 Jul 22 13:50 snort_ens192.pid
-rw-------. 1 snort snort 0 Jul 22 13:50 snort_ens192.pid.lck
-rw-------. 1 snort snort 0 Jul 22 13:50 snort.log.1469209828
ens192 is the management interface of the virtual
machine.
Kindly let me know if I need to attach any logs
Thanks
Pratibha
------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports.http://sdm.link/zohodev2dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports.http://sdm.link/zohodev2dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports.http://sdm.link/zohodev2dev
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Test Snort Pratibha Rajan (Jul 22)
- Re: Test Snort pratibha.nair12 (Jul 24)
- Re: Test Snort Russ (Jul 25)
- Re: Test Snort Pratibha Rajan (Jul 25)
- Re: Test Snort Russ (Jul 25)
- Re: Test Snort Joel Esler (jesler) (Jul 25)
- Re: Test Snort Russ (Jul 25)
- Re: Test Snort pratibha.nair12 (Jul 24)