Hello all:
OBSD3.7
I am trying to start snort from rc.local with this entry
if [ -x /usr/local/bin/snort ]; then
echo -n ' starting snort...'
/usr/local/bin/snort -u sguil -g sguil -l /nsm/em0 -c
/etc/snort/em0.snort.conf -U -A none -m 122 -i em0 -D
fi
After a reboot, the system comes up and I issue the ps -al command but
snort is not listed.
# ps -al
UID PID PPID CPU PRI NI VSZ RSS WCHAN STAT TT TIME
COMMAND
0 1678 26136 0 18 20 348 300 pause Is p0 0:00.01 -csh
(csh)
0 31482 1678 0 18 20 440 344 pause I p0 0:00.00 sh
0 6128 31482 0 28 20 284 172 - R+ p0 0:00.00 ps
-al
0 15263 1 8 18 20 412 340 pause I C0- 0:00.00
/bin/sh /usr/local/bin/mysqld_safe --user=_mysql
0 15286 1 0 3 20 92 472 ttyin Is+ C0 0:00.00
/usr/libexec/getty Pc ttyC0
0 32607 1 0 3 20 100 480 ttyin Is+ C1 0:00.00
/usr/libexec/getty Pc ttyC1
0 27061 1 0 3 20 84 492 ttyin Is+ C2 0:00.00
/usr/libexec/getty Pc ttyC2
0 2676 1 0 3 20 88 484 ttyin Is+ C3 0:00.00
/usr/libexec/getty Pc ttyC3
0 32629 1 0 3 20 84 480 ttyin Is+ C5 0:00.00
/usr/libexec/getty Pc ttyC5
However, a log is created in /nsm/em0/today/em0.snort.log.1126727428
which is 24 bytes that I can't read
Question 1) Is snort running but not shown w/ the ps flags I'm using?
Question 2) Does anyone know how to read the snort.log file?
Question 3) if there is an error with a script in rc.local where does
the error get logged? I don't have local access to the machine, ssh'd
in.
Any help would be appreciated.
Sean
