Snort will not stay started as of dec7 and 9 snapshot build

  • running

    built on Sun Dec 9 04:41:14 EST 2012 i386

    snort pkg v. 2.5.2

    it seems that snort will load, update codes, but as soon as I invoke the WAN(ppoe) interface, it will stop the snort service.

    attached is portion of the syslog. I cant seem to see anything indicating why it is stopping.

    any suggestions?


  • just a bit of an update.

    if i manually start snort from the command line it work fine.

    ie: '/usr/local/bin/snort -R 4941 -D -q -l /var/log/snort/snort_pppoe04941 –pid-path /var/run --nolock-pidfile -G 4941 -c /usr/local/etc/snort/snort_4941_pppoe0/snort.conf -i fxp0' > /var/run/

    however if i use the, it does not startup. im certain it has to do with the "-i pppoe". I'm not the greatest sh programmer. any suggestions on how to fix the to use the right interface name?

    rc_start() {

    For Each Iface

    Only try to restart if snort is running on Iface

    if [ ! -f /var/run/ ]; then
    /bin/pgrep -xf '/usr/local/bin/snort -R 4941 -D -q -l /var/log/snort/snort_pppoe04941 –pid-path /var/run --nolock-pidfile -G 4941 -c /usr/local/etc/snort/snort_4941_pppoe0/snort.conf -i pppoe' > /var/run/
    /bin/pgrep -nF /var/run/
    if [ $? = 0 ]; then
    /bin/pkill -HUP -F /var/run/ -a
    /usr/bin/logger -p -i -t SnortStartup "Snort SOFT START For wan(4941_pppoe0)…"

    Start snort and barnyard2

    /bin/rm /var/run/
    /usr/local/bin/snort -R 4941 -D -q -l /var/log/snort/snort_pppoe04941 --pid-path /var/run --nolock-pidfile -G 4941 -c /usr/local/etc/snort/snort_4941_pppoe0/snort.conf -i pppoe
    /usr/bin/logger -p -i -t SnortStartup "Snort START For wan(4941_pppoe0)..."

    sleep 2

    if [ -f /var/run/ ]; then
                    /bin/pkill -F /var/run/ -a
    /bin/rm /var/run/
    /bin/pkill -xf '/usr/local/bin/barnyard2 -r 4941 -f snort_4941_pppoe0.u2 –pid-path /var/run --nolock-pidfile -c /usr/local/etc/snort/snort_4941_pppoe0/barnyard2.conf -d /var/log/snort/snort_pppoe04941 -D -q'


Log in to reply