Re: [Snort-users] Snort PID
This is a discussion on Re: [Snort-users] Snort PID within the Snort forums, part of the System Security and Security Related category; El lun, 29 de 11 de 2004 a las 17:15, Paul Schmehl escribi=C3=B3: > --On Sunday, November ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
12-10-2004
|
|||
|
|||
Re: [Snort-users] Snort PID
El lun, 29 de 11 de 2004 a las 17:15, Paul Schmehl escribi=C3=B3:
> --On Sunday, November 28, 2004 12:59:46 PM +0100 Jose Maria Lopez=20 > <jkerouac@bgsec.com> wrote: > > > > I think it depends on the distribution you are using, because > > the file is created by the starting script that loads snort. > > In my Redhat 9 the script /etc/rc.d/init.d/snortd creates a > > file /var/run/snort_any.pid with the pid of the snort process. >=20 > I'm pretty sure it's snort that creates the PID. The OS just decides w= here=20 > to put it (usually in /var/run on *nixes). However, *you* can control = the=20 > PID's name using the -R switch. The PID name is constructed thus: >=20 > snort_{your interface}.pid (e.g. snort_eth0.pid) > If you start snort with -R inside, the PID name will be: > snort_eth0inside.pid ("Inside" is appended to the interface ID.) >=20 > Paul Schmehl (pauls@utdallas.edu) > Adjunct Information Security Officer > The University of Texas at Dallas > AVIEN Founding Member > http://www.utdallas.edu >=20 You are right, I checked the daemon function in /etc/rc.d/init.d/functions and it doesn't creates the pid file, it only checks if it's there to see if the daemon it's loaded. It's snort that creates it. I have any as the interface and that's because the pid file it's called snort_any.pid. Thanks for the info. --=20 Jose Maria Lopez Hernandez Director Tecnico de bgSEC jkerouac@bgsec.com bgSEC Seguridad y Consultoria de Sistemas Informaticos http://www.bgsec.com ESPA=C3=91A The only people for me are the mad ones -- the ones who are mad to live, mad to talk, mad to be saved, desirous of everything at the same time, the ones who never yawn or say a commonplace thing, but burn, burn, burn like fabulous yellow Roman candles. -- Jack Kerouac, "On the Road" ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
