i'm trying to install Snort and everything is fine but when i am about to start snortd daemon i have this error
starting snort: [FAILED]
there is a copy of my /etc/rc.d/init.d/snortd
Code:
#!/bin/sh
# $Id: snortd,v 1.1.2.1 2004/11/10 23:20:32 jhewlett Exp $
#
# snortd Start/Stop the snort IDS daemon.
#
# chkconfig: 2345 40 60
# description: snort is a lightweight network intrusion detection tool that \
# currently detects more than 1100 host and network \
# vulnerabilities, portscans, backdoors, and more.
#
# Source function library.
. /etc/rc.d/init.d/functions
# Source the local configuration file
. /etc/sysconfig/snort
# Convert the /etc/sysconfig/snort settings to something snort can
# use on the startup line.
if [ "$ALERTMODE"X = "X" ]; then
ALERTMODE=""
else
ALERTMODE="-A $ALERTMODE"
fi
if [ "$USER"X = "X" ]; then
USER="snort"
fi
if [ "$GROUP"X = "X" ]; then
GROUP="snort"
fi
if [ "$BINARY_LOG"X = "1X" ]; then
BINARY_LOG="-b"
else
BINARY_LOG=""
fi
if [ "$CONF"X = "X" ]; then
CONF="-c /etc/snort/snort.conf"
else
CONF="-c $CONF"
fi
if [ "$INTERFACE"X = "X" ]; then
INTERFACE="-i eth0"
else
INTERFACE="-i $INTERFACE"
fi
if [ "$DUMP_APP"X = "1X" ]; then
DUMP_APP="-d"
else
DUMP_APP=""
fi
if [ "$NO_PACKET_LOG"X = "1X" ]; then
NO_PACKET_LOG="-N"
else
NO_PACKET_LOG=""
fi
if [ "$PRINT_INTERFACE"X = "1X" ]; then
PRINT_INTERFACE="-I"
else
PRINT_INTERFACE=""
fi
if [ "$PASS_FIRST"X = "1X" ]; then
PASS_FIRST="-o"
else
PASS_FIRST=""
#fi
#if [ "$LOGDIR"X = "X" ]; then
# LOGDIR=/var/log/snort
fi
# These are used by the 'stats' option
if [ "$SYSLOG"X = "X" ]; then
SYSLOG=/var/log/messages
fi
if [ "$SECS"X = "X" ]; then
SECS=5
fi
if [ ! "$BPFFILE"X = "X" ]; then
BPFFILE="-F $BPFFILE"
fi
######################################
# Now to the real heart of the matter:
# See how we were called.
case "$1" in
start)
echo -n "Starting snort: "
# cd $LOGDIR
# if [ "$INTERFACE" = "-i ALL" ]; then
# for i in `cat /proc/net/dev|grep eth|awk -F ":" '{ print $1; }'`
# do
# mkdir -p "$LOGDIR/$i"
# chown -R $USER:$GROUP $LOGDIR
daemon /usr/sbin/snort $ALERTMODE $BINARY_LOG $NO_PACKET_LOG $DUMP_APP -D $PRINT_INTERFACE -i $i -u $USER -g $GROUP $CONF $PASS_FIRST $BPFFILE $BPF
# done
# else
# check if more than one interface is given
# if [ `echo $INTERFACE|wc -w` -gt 2 ]; then
# for i in `echo $INTERFACE | sed s/"-i "//`
# do
# mkdir -p "$LOGDIR/$i"
# chown -R $USER:$GROUP $LOGDIR
# daemon /usr/sbin/snort $ALERTMODE $BINARY_LOG $NO_PACKET_LOG $DUMP_APP -D $PRINT_INTERFACE -i $i -u $USER -g $GROUP $CONF $PASS_FIRST $BPFFILE $BPF
# done
# else
# Run with a single interface (default)
# daemon /usr/sbin/snort $ALERTMODE $BINARY_LOG $NO_PACKET_LOG $DUMP_APP -D $PRINT_INTERFACE $INTERFACE -u $USER -g $GROUP $CONF $PASS_FIRST $BPFFILE $BPF
# fi
# fi
touch /var/lock/subsys/snort
echo
;;
stop)
echo -n "Stopping snort: "
killproc snort
rm -f /var/lock/subsys/snort
echo
;;
reload)
echo "Sorry, not implemented yet"
;;
restart)
$0 stop
$0 start
;;
condrestart)
[ -e /var/lock/subsys/snort ] && $0 restart
;;
status)
status snort
;;
stats)
TC=125 # Trailing context to grep
SNORTNAME='snort' # Process name to look for
if [ ! -x "/sbin/pidof" ]; then
echo "/sbin/pidof not present, sorry, I cannot go on like this!"
exit 1
fi
#Grab Snort's PID
PID=`pidof -o $$ -o $PPID -o %PPID -x ${SNORTNAME}`
if [ ! -n "$PID" ]; then # if we got no PID then:
echo "No PID found: ${SNORTNAME} must not running."
exit 2
fi
echo ""
echo "*******"
echo "WARNING: This feature is EXPERIMENTAL - please report errors!"
echo "*******"
echo ""
echo "You can also run: $0 stats [long | opt]"
echo ""
echo "Dumping ${SNORTNAME}'s ($PID) statistics"
echo "please wait..."
# Get the date and tell Snort to dump stats as close together in
# time as possible--not 100%, but it seems to work.
startdate=`date '+%b %e %H:%M:%S'`
# This causes the stats to be dumped to syslog
kill -USR1 $PID
# Sleep for $SECS secs to give syslog a chance to catch up
# May need to be adjusted for slow/busy systems
sleep $SECS
if [ "$2" = "long" ]; then # Long format
egrep -B 3 -A $TC "^$startdate .* snort.*: ={79}" $SYSLOG | \
grep snort.*:
elif [ "$2" = "opt" ]; then # OPTimize format
# Just show stuff useful for optimizing Snort
egrep -B 3 -A $TC "^$startdate .* snort.*: ={79}" $SYSLOG | \
egrep "snort.*: Snort analyzed |snort.*: dropping|emory .aults:"
else # Default format
egrep -B 3 -A $TC "^$startdate .* snort.*: ={79}" $SYSLOG | \
grep snort.*: | cut -d: -f4-
fi
;;
*)
echo "Usage: $0 {start|stop|reload|restart|condrestart|status|stats (long|opt)}"
exit 2
esac
exit 0
and my /etc/snort/snort.conf is standard and i just added this line as they said to do in the manual
Code:
output database : alert,mysql, dbname=snort user=******** password=******** host=192.168.1.152 sensor_name=fwgw
i'm trying to do the step 11 of the original doc here
http://www.snort.org/docs/setup_guid...ec%20Snort.pdf
but maybe i'm doing something wrong. someone have an idea ?
thanks.
snort
Linear Mode
