LinuxQuestions.org - reconfigure snort daemon startup script

Hi,

I just installed snort from RPM in Mandrake 10.0. The startup script in /etc/rc.d/init.d starts snort & instructs it to log to /var/log/snort/alert. However, I need for it to log violations in /var/log/messages. Now, how do I edit the snortd file so that it may do so? I'm afraid I know next to nothing about building unix shell scripts (beyond the obvious, that is). Please do advise me on how to do that, or point me to a howto that might help ( the howto's in snort.org do not have this). Maybe it's something trivial, but I do not want to risk misconfiguring the script.

Please do advise.

For reference, the /etc/rc.d/init.d/snorts is provided below:

*********************************************************************************************
#!/bin/sh
# $Id: snortd,v 1.3 2003/12/12 02:05:51 cazz Exp $
# snortd Start/Stop the snort IDS daemon.
# chkconfig: 2345 40 60
# description: snort is a lightweight network intrusion detection tool that \
# currently detects more than 1100 host and network \
# vulnerabilities, portscans, backdoors, and more.
#
# Source function library.
. /etc/rc.d/init.d/functions
# Source the local configuration file
. /etc/sysconfig/snort
# Convert the /etc/sysconfig/snort settings to something snort can
# use on the startup line.
if [ "$ALERTMODE"X = "X" ]; then
ALERTMODE=""
else
ALERTMODE="-A $ALERTMODE"
fi

if [ "$USER"X = "X" ]; then
USER="snort"
fi

if [ "$GROUP"X = "X" ]; then
GROUP="snort"
fi

if [ "$BINARY_LOG"X = "1X" ]; then
BINARY_LOG="-b"
else
BINARY_LOG=""
fi

if [ "$CONF"X = "X" ]; then
CONF="-c /etc/snort/snort.conf"
else
CONF="-c $CONF"
fi

if [ "$INTERFACE"X = "X" ]; then
INTERFACE="-i eth0"
else
INTERFACE="-i $INTERFACE"
fi

if [ "$DUMP_APP"X = "1X" ]; then
DUMP_APP="-d"
else
DUMP_APP=""
fi

if [ "$NO_PACKET_LOG"X = "1X" ]; then
NO_PACKET_LOG="-N"
else
NO_PACKET_LOG=""
fi

if [ "$PRINT_INTERFACE"X = "1X" ]; then
PRINT_INTERFACE="-I"
else
PRINT_INTERFACE=""
fi

if [ "$PASS_FIRST"X = "1X" ]; then
PASS_FIRST="-o"
else
PASS_FIRST=""
fi

if [ "$LOGDIR"X = "X" ]; then
LOGDIR=/var/log/snort
fi

######################################
# Now to the real heart of the matter:
# See how we were called.
case "$1" in
start)
echo -n "Starting snort: "
cd $LOGDIR
if [ "$INTERFACE" = "-i ALL" ]; then
for i in `cd /proc/sys/net/ipv4/conf; ls -d eth* |sed s/"\/"//g`
do
mkdir -p "$LOGDIR/$i"
chown -R snort:snort $LOGDIR
daemon /usr/sbin/snort $ALERTMODE $BINARY_LOG $NO_PACKET_LOG $DUMP_APP -D $PRINT_INTERFACE -i $i -u $USER -g $GROUP $CONF -l $LOGDIR/$i $PASS_FIRST
done
else
daemon /usr/sbin/snort $ALERTMODE $BINARY_LOG $NO_PACKET_LOG $DUMP_APP -D $PRINT_INTERFACE $INTERFACE -u $USER -g $GROUP $CONF -l $LOGDIR $PASS_FIRST
fi
touch /var/lock/subsys/snort
echo
;;
stop)
echo -n "Stopping snort: "
killproc snort
rm -f /var/lock/subsys/snort
echo
;;
reload)
echo "Sorry, not implemented yet"
;;
restart)
$0 stop
$0 start
;;
status)
status snort
;;
*)
echo "Usage: $0 {start|stop|reload|restart|status}"
exit 2
esac

exit 0