> However, a log is created in /nsm/em0/today/em0.snort.log.1126727428
> which is 24 bytes that I can't read
That's from unified logging which is roughly pcap format. The 24 bytes
are similar to the pcap file header, i.e. it is an empty log file.
> Question 1) Is snort running but not shown w/
> Andreas:
>
> Thank you. I think the break was an email thing, in the file it is all
> listed on one line. If you can imagine I can use the line in rc.local
> while I'm logged in ssh (root) and it works fine. Just not so fine in
> rc.local.
>
> Could it be running and not show up with ps -al?
> Hello all:
hi
>
> OBSD3.7
>
> I am trying to start snort from rc.local with this entry
>
> if [ -x /usr/local/bin/snort ]; then
> echo -n ' starting snort...'
> /usr/local/bin/snort -u sguil -g sguil -l /nsm/em0 -c
> /etc/snort/em0.snort.conf -U -A none -m 122 -i em0 -D
Is a EO
Hello all:
OBSD3.7
I am trying to start snort from rc.local with this entry
if [ -x /usr/local/bin/snort ]; then
echo -n ' starting snort...'
/usr/local/bin/snort -u sguil -g sguil -l /nsm/em0 -c
/etc/snort/em0.snort.conf -U -A none -m 122 -i em0 -D
fi
After a reboot, the system
4 matches
Mail list logo
