LinuxQuestions.org - Snort daemon

- Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)

- - Snort daemon (https://www.linuxquestions.org/questions/linux-security-4/snort-daemon-284907/)

System settings:
kernel: 2.6.10
kde: 3.3.2
snort: 2.2.0

I'm trying 2 setup snort to run on startup with the following options:
-vde -c /etc/snort/snort.conf -l /home/.../snort_log

insert with dpkg-reconfigure snort
cat snort.debian.conf
# This file is used for options that are changed by Debian to leave
# the original lib files untouched.
# You have to use "dpkg-reconfigure snort" to change them.

DEBIAN_SNORT_STARTUP="boot"
DEBIAN_SNORT_HOME_NET="ANY"
DEBIAN_SNORT_OPTIONS="-vde -c/etc/snort/snort.conf -l/home/.../snort_log"
DEBIAN_SNORT_INTERFACE="eth0"
DEBIAN_SNORT_STATS_RCPT="root"
DEBIAN_SNORT_STATS_THRESHOLD="1"

the problem is that snort doesn't log anything :(
if I run the following in a console:
snort -vde -c/etc/snort/snort.conf -l/home/.../snort_log
It works perfect! :(

I checked the paths but they where also correct.

So does somebody know what i'm doing wrong?

TNX

Hugo

After a reboot, do you see the Snort process running in the output of ps?
Anything in the system logs or dmesg?

if I run the following in a console:
snort -vde -c/etc/snort/snort.conf -l/home/.../snort_log
It works perfect!

Does it just start or will it actually log alerts to the snort_log file?
Try manually starting snort at boot by putting an entry in /etc/rc.local to see if it has to do with the debian start script.

tnx 4 the tips

I find nothing in dmesg and in the syslog files.
I really don't know where the rc.local file is in the Debian.

Maybee this is the prob, investigating :D

Problem fixed.

There are 2 ways to fix this:

change the snort.common.parameters 2 your needs or
make a new file where you tell how snort has to start when youre system boots.

In the file:
#! /bin/sh
snort -de -c /etc/snort/snort.conf -l /home/.../snort_log/ -D

http://www.debian.org/doc/FAQ/ch-cus...tombootscripts