| View previous topic :: View next topic |
| Author |
Message |
jessler
Tux's lil' helper
Joined: 17 Jul 2002
Posts: 78
Location: 127.0.0.1
|
 Posted: Thu Nov 16, 2006 2:24 am Post subject: Snort and Prelude |
 |
|
I know there have been a few post about this but none seem to be able to solve my problem.
I have just installed and configured prelude with a snort sensor on the same machine. I used the very well documented guide http://gentoo-wiki.com/HOWTO_IDS.
The problem I'm having is when I try to run snort as a daemon. I can get everything working if I start snort from a command line | Code: | | snort -c /etc/snort/snort.conf -i eth1 |
.
At first I could not get snort to work at all from the init scripts. I would run the init script for snort | Code: | | /etc/init.d/snort start |
and even though I would get an [ok], I would ps -ef | grep snort and not see snort running. I was able to solve that problem by applying the fix contained in this forum article https://forums.gentoo.org/viewtopic-t-336521-highlight-snort+prewikka.html?sid=b77b3ddd9b4faf972536d1c83835827b.
Now when I start snort though either a reboot or running the command | Code: | | /etc/init.d/snort start |
the snort process shows as running, but prewikka shows that the sensor is "abnormally offline".
When I registered the sensor I used "uid=101 gid=407" since that is what was listed in /etc/passwd for the snort user.
How do I get snort to run as a daemon and also report events to prelude.
Thanks in advanced. |
|
| Back to top |
|
 |
jessler
Tux's lil' helper
Joined: 17 Jul 2002
Posts: 78
Location: 127.0.0.1
|
| Posted: Thu Nov 16, 2006 8:02 pm Post subject: |
|
|
| Gentle Nudge |
|
| Back to top |
|
|
jessler
Tux's lil' helper
Joined: 17 Jul 2002
Posts: 78
Location: 127.0.0.1
|
| Posted: Tue Nov 28, 2006 10:13 pm Post subject: |
|
|
Unfortunately I haven't received any replies from this post.
Is anyone else having this issue or am I the only one?
Thanks |
|
| Back to top |
|
|
|
Networking & Security
