[ Date Index ][
Thread Index ]
[ <= Previous by date / thread ] [ Next by date / thread => ]
On Sunday 17 Aug 2003 6:40 pm, Luke Hinds wrote:
> On Sun, 2003-08-17 at 18:19, Neil Williams wrote:
> > On Sunday 17 Aug 2003 5:02 pm, Luke Hinds wrote:
> > > Hi All,
> > So it should be in /var/run/ named snort_eth0.pid, snort_ppp0.pid or
> > similar.
>
> rm -f /var/run/snort_${INTERFACE}.pid
That should be either:
rm -f /var/run/snort_eth0.pid
or
rm -f /var/run/snort_ppp0.pid
The ${INTERFACE} is replaced by the interface in use by snort.
> But it's not in /var/run
>
> Definitely running as a demon.
>
> 17053 pts/3 00:00:00 snort
Have you fiddled with the permissions of /var/run/ ? It should be chmod 755.
If you want to just kill snort, you can just use
# kill 17053
Any pid file will be removed at this stage. The same thing can be accomplished
using the /etc/rc5.d/ links, look for Sxxsnort (xx is any number between 10
and 99) and then call the script with the argument stop.
# /etc/rc5.d/S60snort stop
(if it is S60).
Use the start argument to see if snort re-creates the pid file (as it should).
Also, try looking at:
# tail /var/log/messages
See if snort is reporting an error writing the pid file.
> I must be missing the down right obvious!??! Will have a look again
> later.
>
> Thanks,
> Luke
--
Neil Williams
=============
http://www.codehelp.co.uk
http://www.dclug.org.uk
http://www.biglumber.com/x/web?qs=0x8801094A28BCB3E3
Attachment:
pgp00032.pgp
Description: signature