Pantek Library
Hosting Provided By
CybrHost
High Speed Hosting
Mailing Lists: snort.org > snort-devel > 03 > 050468.html (Request Expert snort.org Support)

[Snort-devel] [ snort-Bugs-733102 ] 2.0.0-bug: config daemon

From: SourceForge.net <noreply(at)sourceforge.net>
Date: Fri May 16 2003 - 04:27:05 EDT


Bugs item #733102, was opened at 2003-05-06 08:36 Message generated for change (Comment added) made by elof You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=103357&aid=733102&group_id=3357

Category: None
Group: None
Status: Open
Resolution: None
Priority: 5
Submitted By: Martin Olsson (elof)
Assigned to: Nobody/Anonymous (nobody)
Summary: 2.0.0-bug: config daemon

Initial Comment:
In my snort.conf I have specified:

config daemon

When I run 'snort -c /usr/sentor/etc/snort.conf -l /usr/sentor/log' it runs in the foreground, ignoring the "config daemon" directive in snort.conf. I have to execute 'snort -c /usr/sentor/etc/snort.conf -l /usr/sentor/log -D' in order to daemonize the process.

>Comment By: Martin Olsson (elof)
Date: 2003-05-16 10:27

Message:
Logged In: YES
user_id=420942

Also the position of the "config daemon" directive within the snort.conf file give different results. If placed before the preprocessors and output plugins, you won't get any information from frag2, stream4, stream4_reassemble or from the database output plugin.
You will, however, get info from http_decode, rpc_decode, telnet_decode, conversation and portscan2. This is logged to syslog, not stdout.

Do you need help?X

If "config daemon" is located after the preprocessors and output plugins, you get all the configuration on stdout. Now you see everything (frag2, stream4, stream4_reassembly ... portscan2, database).
However, if you run snort with the -D switch, the info from frag2, stream4, stream4_reassemble and database is again gone.

Comment By: Martin Olsson (elof)
Date: 2003-05-16 08:07

Message:
Logged In: YES
user_id=420942

When "config daemon" is specifyed in snort.conf you loose the information about the number of rules and chains, and the rule application order (in test-mode) as well as all the statistics when snort is exiting. These stats & info is just not logged. Everything else is logged as usual, with the only difference that it's logged by syslogd and not on stdout.

You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=103357&aid=733102&group_id=3357


Enterprise Linux Forum Conference & Expo, June 4-6, 2003, Santa Clara The only event dedicated to issues related to Linux enterprise solutions www.enterpriselinuxforum.com

Snort-devel mailing list
Snort-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-devel Received on Fri May 16 08:16:43 2003

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:08:05 EDT

Contact Us  Legal Notices  Order Services Online 
Pantek Home  Privacy Policy  IT news  Site Map  Pantek Library