Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Snort Setup and Config
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
scooter
n00b
n00b


Joined: 11 Apr 2002
Posts: 12

PostPosted: Mon Jul 15, 2002 3:23 pm    Post subject: Snort Setup and Config Reply with quote

anyone familiar with SNORT?

I got it installed and what not, edited the /etc/snort/snort.conf file and the /etc/conf.d/snort file to the proper settings

but when i try and start snort it acts like its starts and creates the pid file in /var/run but i can't grep on it to verify

and if i try and stop it via /etc/init.d/snort stop it doesn't work either

any help would be appreciated.
Back to top
View user's profile Send private message
elcesar
n00b
n00b


Joined: 11 Jul 2002
Posts: 16

PostPosted: Mon Jul 15, 2002 4:49 pm    Post subject: Re: Snort Setup and Config Reply with quote

scooter wrote:
anyone familiar with SNORT?

I got it installed and what not, edited the /etc/snort/snort.conf file and the /etc/conf.d/snort file to the proper settings

but when i try and start snort it acts like its starts and creates the pid file in /var/run but i can't grep on it to verify

and if i try and stop it via /etc/init.d/snort stop it doesn't work either

any help would be appreciated.


You need to put something like this in your /etc/rc.conf

export SNORT_OPTS="-D -c /etc/snort/snort.conf"

(-D Daemon mode, -c config file)
Back to top
View user's profile Send private message
Styles
Tux's lil' helper
Tux's lil' helper


Joined: 04 Jun 2002
Posts: 82

PostPosted: Mon Jul 15, 2002 4:52 pm    Post subject: Reply with quote

I'm running Demarc just because the web interface is pretty and I can see at a glance all the boxes that have using a snort sensor. If you setup Demarc dont install the apache and mysql that it wants to install just emerge apache and mysql as normal. I also have snarf running as well which makes it easy to fire off e-mails to the script kiddies isp etc...
Back to top
View user's profile Send private message
Xor
Tux's lil' helper
Tux's lil' helper


Joined: 07 Jul 2002
Posts: 144

PostPosted: Mon Jul 15, 2002 6:28 pm    Post subject: Reply with quote

acid is not so pretty... but free.... and you are free to make a theme for it :)

but to get back to the topic... what does "snort -T" say?
Back to top
View user's profile Send private message
Nitro
Bodhisattva
Bodhisattva


Joined: 08 Apr 2002
Posts: 661
Location: San Francisco

PostPosted: Mon Jul 15, 2002 7:33 pm    Post subject: Re: Snort Setup and Config Reply with quote

elcesar wrote:
You need to put something like this in your /etc/rc.conf
export SNORT_OPTS="-D -c /etc/snort/snort.conf"


Do not do this. The SNORT_OPTS variable is inherited from /etc/conf.d/snort. Edit it there.

Xor wrote:
but to get back to the topic... what does "snort -T" say?

Add a -c argument to that so we use the same config file:
Code:
snort -T -c /etc/snort/snort.conf

_________________
- Kyle Manna

Please, please SEARCH before posting.

There are three kinds of people in the world: those who can count, and those who can't.


Last edited by Nitro on Tue Jul 16, 2002 12:08 pm; edited 1 time in total
Back to top
View user's profile Send private message
elcesar
n00b
n00b


Joined: 11 Jul 2002
Posts: 16

PostPosted: Tue Jul 16, 2002 6:02 am    Post subject: Re: Snort Setup and Config Reply with quote

Nitro wrote:
elcesar wrote:
You need to put something like this in your /etc/rc.conf
export SNORT_OPTS="-D -c /etc/snort/snort.conf"


Do not do this. The SNORT_OPTS variable is inherited from /etc/conf.d/snort. Edit it there.

Xor wrote:
but to get back to the topic... what does "snort -T" say?

Add a -c argument to that so we use the same config file: [code]snort -T -c /etc/snort/snort.conf
[/quote]

Ok. That was only the easiest way to do that. and it works..
Thanks for your help
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum