Snort mailing list archives
Re: Snort 3 Config File Question (2)
From: Jim Campbell <jim () w4bqp net>
Date: Wed, 19 Jul 2017 20:35:49 -0400
I received the answer to this question from Noah Dietrich and Marcin Dulak. To perhaps assist others who follow and have the same problem I'm going to share the answer.
The Service section of my /lib/systemd/system/snort.service file: [Service] # Type=simple User=root Group=snort Environment=LUA_PATH=/opt/snort/include/snort/lua/?.lua Environment=SNORT_LUA_PATH=/opt/snort/etc/snortExecStart=/opt/snort/bin/snort --daq afpacket -Q -c /opt/snort/etc/snort/snort.lua -R /opt/snort/etc/snort/snort3.rules -i enp1s0:enp4s0 -A unified2 -l /opt/snort/etc/snort
Thanks, Noah and Marcin, Jim On 7/19/2017 2:05 PM, Jim Campbell wrote:
I can run Snort 3 from a command-line on my login using the following:sudo /opt/snort/bin/snort --daq afpacket -Q -c /opt/snort/etc/snort/snort.lua -R /opt/snort/etc/snort/snort3.rules -i enp1s0:enp4s0 -A unified2I created a systemD startup script as per the instructions at: http://sublimerobots.com/2017/01/snort-2-9-9-x-ubuntu-systemd-scripts/ My systemD script for Snort is as follows: [Unit] Description=Snort NIPS Daemon After=syslog.target network.target [Service] Type=simpleExecStart=/opt/snort/bin/snort --daq afpacket -Q -c /opt/snort/etc/snort/snort.lua -R /opt/snort/etc/snort/snort3.rules -i enp1s0:enp4s0 -A unified2[Install] WantedBy=multi-user.targetNote: I'm using a similar script for Barnyard2 and it works with no problem.When I (re)start snort with the command "sudo systemctl restart snort" I get the following error:Jul 19 13:25:31 jim-IPS snort[8373]: FATAL: can't init /opt/snort/etc/snort/snort.lua: error loading module 'snort_config' from file '/usr/lib/x86_64-linux-gnu/lua/5.1/snort_config.so':I have snort_config in /opt/snort/etc/snort. There is a snort_config.lua in /opt/snort/include/snort/lua. From printenv: - SNORT_LUA_PATH=/opt/snort/etc/snort/ - LUA_PATH=/opt/snort/include/snort/lua/?.lua;;In my environment Snort is getting the correct environment variables. In the systemD environment it isn't.QUESTION: How do I pass the correct environment variables to systemD. Thank you, Jim
_______________________________________________ Snort-users mailing list Snort-users () lists snort org Go to this URL to change user options or unsubscribe: https://lists.snort.org/mailman/listinfo/snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Snort 3 Config File Question (2) Jim Campbell (Jul 19)
- Re: Snort 3 Config File Question (2) Marcin Dulak via Snort-users (Jul 19)
- Re: Snort 3 Config File Question (2) Marcin Dulak via Snort-users (Jul 19)
- Re: Snort 3 Config File Question (2) Stéphane Descary via Snort-users (Jul 19)
- Re: Snort 3 Config File Question (2) Jim Campbell (Jul 19)
- Re: Snort 3 Config File Question (2) Marcin Dulak via Snort-users (Jul 19)