Package: snort Version: 2.8.1-2 The state of snort is basically a disaster. I don't know what you guys are trying to do with it, but the way you have set it up with your convoluted configuration and initialization scripts has not helped make the package more stable, easy to use, or better. What it has done is make it extremely brittle and prone to failure. At this point, on a clean, fresh install of snort it fails to start. After digging through bug reports via google I read about setting ALLOW_UNAVAILABLE="no" in /etc/default/snort to "yes". Well, all this does is create a situation where now when /etc/init.d/snort start is invoked it claims to start but still fails. There is no error output whatsoever. There appear to be no options anywhere, in the mess of debianized config files, to enable debug logging or to even indicate where its supposed to be logging daemon status-type messages.
My question is - why do you need to create such a twisted, convoluted set of scripts and config files to run this? It seems like Debian is departing markedly from its original way of being a more basic operating system that kept things reasonably close to straightforward and basic, with minimal obfuscation of the source packages. Now you have set up this whole config/init system which overrides and deprecates many things in the daemon's own config files. For example, you have the interface defined in /etc/snort/snort.debian.conf. What is the purpose of this file? Are you aware that /etc/snort/snort.conf already has a place to define the interface/IP addresses that snort will listen on. This is plain retarded. I do not think Debian maintainers should, as a policy, *ever* be allowed to superceed a daemon's own configuration file options, regardless of how much they think doing so is an improvement. At any rate, the current state of snort is "critical" or "severe" because it fails to complete the install, and even with the workaround in /etc/default/snort it still fails to launch, with no log/debug output whatsoever. -- Psssst! Schon vom neuen GMX MultiMessenger gehört? Der kann`s mit allen: http://www.gmx.net/de/go/multimessenger -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
