Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

[Snort-users] snort auto start

8 views
Skip to first unread message

amin Salehi

unread,
Nov 16, 2012, 11:52:30 PM11/16/12
to
hi.how can i config my linux backtrack 64bit system to automatically run snort with custom options after boot?

Tony Robinson

unread,
Nov 17, 2012, 1:36:32 PM11/17/12
to
What I usually do for the autosnort scripts is add an entry to rc.local -- rc.local is a script that runs after all of the other init scripts are ran. This is the line I usually put in for snort:
echo "/usr/local/snort/bin/snort -D -u snort -g snort -c /usr/local/snort/etc/snort.conf -i $snort_iface" >> /etc/rc.local

so, to explain what this line is doing:
we're using echo to print this line to the terminal instead of running it
we're calling snort, wherever its installed (my scripts install snort to /usr/local/snort/bin/)
using the -D flag to daemonize it
running it as the snort user and group (-u snort -g snort)
pointing it to snort.conf (-c /usr/local/snort/etc/snort.conf)
and specifying which interface we want snort to run on (-i $snort_iface [snort iface is the snort sniffing interface of your choice, say for instance, eth1])
then we use the append redirection option to redirect the printed outputl to the /etc/rc.local file (>> /etc/rc.local)


if you use different command line options, such as afpacket for inline mode operation or other options, then add those command options or specify running snort however you prefer to run it, just add the line to rc.local and provided snort didn't run across something it did not like in the configuration file or the directives you gave it, it should come up automatically:
ps -ef | grep snort

what to do if it isn't running:
check /var/log/messages or /var/log/syslog.
cat /var/log/[messages or syslog] | grep snort | less -- and look for error messages or warning messages when snort is trying to initialize. the error messages are usually pretty straightforward.

hope this helps,

DA



On Fri, Nov 16, 2012 at 11:52 PM, amin Salehi <seyedami...@yahoo.com> wrote:
hi.how can i config my linux backtrack 64bit system to automatically run snort with custom options after boot?

------------------------------------------------------------------------------
Monitor your physical, virtual and cloud infrastructure from a single
web console. Get in-depth insight into apps, servers, databases, vmware,
SAP, cloud infrastructure, etc. Download 30-day Free Trial.
Pricing starts from $795 for 25 servers or applications!
http://p.sf.net/sfu/zoho_dev2dev_nov
_______________________________________________
Snort-users mailing list
Snort...@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!



--
when does reality end? when does fantasy begin?
0 new messages