Hosting Provided By

[Snort-devel] [ snort-Bugs-906490 ] adding -F to snort/snortd ?

From: SourceForge.net <noreply(at)sourceforge.net>
Date: Sat Feb 28 2004 - 10:20:12 EST

Bugs item #906490, was opened at 2004-02-28 15:20 Message generated for change (Tracker Item Submitted) made by Item Submitter You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=103357&aid=906490&group_id=3357

Category: None
Group: None
Status: Open
Resolution: None
Priority: 5
Submitted By: Dirk Grabenhorst (dirktue) Assigned to: Nobody/Anonymous (nobody)
Summary: adding -F to snort/snortd ?

Initial Comment:
i'm using snort 2.1.1 but i have problems using bpf_file.

i tried "config bpf_file: /etc/snort/snort.bpf" but it seams not working. what am i doing wrong?

snort.bpf has only one line:
not ( src net 192.168.1.0/24 and dst port 80 )

otherwise using the "-F" parameter on command-line it works well.

so what about the solution to put this parameter also to the file "/etc/sysconfig/snort" ?

here is my solution. what is the rest thinking about this?

Do you need help?

/etc/sysconfig/snort (added following lines):

# using command line paramter instead of using
# "config bpf_file [: bpf_file_name]
# -F
# config bpf_file[: bpf_file_name]

BPF_FILE=/etc/snort/snort.bpf

/etc/init.d/snortd (added/changed folloging lines):

# added parameter test

if [ "$BPF_FILE"X = "X" ]; then

BPF_FILE=""
else

BPF_FILE="-F $BPF_FILE"
fi

# changed "start of deamon" lines, putting variable
# $BPF_FILE at the end of each:

daemon /usr/sbin/snort [...] $PASS_FIRST $BPF_FILE

what about including these changes in the rpm's ?

greetings Dirk
dirk@grabenhorst.net

You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=103357&aid=906490&group_id=3357

SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click

Snort-devel mailing list
Snort-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-devel Received on Mon Mar 1 10:58:23 2004

Do you need more help?

This message: [ Message body ]
Next message: SourceForge.net: "[Snort-devel] [ snort-Support Requests-907522 ] How we can configure a local rules"
Previous message: SourceForge.net: "[Snort-devel] [ snort-Support Requests-907525 ] Hard disk is getting full.."
Reply: JP Vossen: "Re: [Snort-devel] [ snort-Bugs-906490 ] adding -F to snort/snortd ?"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:08:10 EDT