Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum. |
| Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
 |
03-09-2014, 09:11 AM
|
#1
|
|
Member
Registered: Dec 2012
Posts: 39
Rep: 
|
How can I get snort to run as a daemon?
I've done searching but haven't found anything that works for me. The last thing I tried was putting this in my /etc/rc.d directory:
/usr/sbin/snort -d -h 192.168.1.0/24
That I found in the snort manual
I have snort working, I'm able to see traffic. I setup some rules to see if it's working and I see my alerts, so everything seems to be good on that end. I just can't get snort to run as a service.
Any help is appreciated.
|
|
|
|
|
03-09-2014, 09:26 AM
|
#2
|
|
Senior Member
Registered: Jan 2012
Distribution: Slackware
Posts: 3,349
Rep:
|
You could create a script containing that command and drop it in the right directory for the init system of your distribution to pick up. You could also just add the command to rc.local.
Which distribution are you running?
|
|
|
|
|
03-10-2014, 07:28 AM
|
#3
|
|
Member
Registered: Dec 2012
Posts: 39
Original Poster
Rep:
|
I am running CentOS 6.5. I did put that command in my rc.local, but it doesn't seem to be working. I ran a ps -aux, but I don't see snort listed. If I issue the command 'service snort status', it says snort is unrecognized.
|
|
|
|
|
03-10-2014, 09:23 AM
|
#4
|
|
Senior Member
Registered: Jan 2012
Distribution: Slackware
Posts: 3,349
Rep:
|
The service command doesn't actually check running processes. Instead, it looks for an init script with the name of the "service" in question in the /etc/init.d directory.
Putting the snort command in rc.local will ensure that it's started when the system boots (provided the command syntax is 100% correct), and the process should be visible in the process list (ps ax) after the next reboot, but the CentOS init system still won't recognize it as a "service". (There really is no such thing as a "service" in Linux, at least not like there is in Windows; it's just a distribution-specific term for a background process started by a certain kind of init system.)
You need to create or obtain what's called a "SysV Init Script" for snort. If you installed snort from an rpm package, I would have expected the package to contain such a script. Have you tried running chkconfig --list?
|
|
|
|
|
03-10-2014, 10:20 AM
|
#5
|
|
Member
Registered: Dec 2012
Posts: 39
Original Poster
Rep:
|
Thank you for your time with this, I appreciate it.
The init thing makes sense, I should have tried snortd. I know that is in my init directory. I'll have to try that with the script I have in my rc.local. Should 'service snortd status' say that snort is running if I have it setup with the correct syntax?
'Have you tried running chkconfig --list'
I have not tried this command, but will see what it gives me.
|
|
|
|
All times are GMT -5. The time now is 05:02 AM.
|
|
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
|
 Latest Threads
LQ News
|
|
