- 论坛徽章:
- 0
|
开始用的是snort-2.0.2-5.i386.rpm,
用/etc/rc.d/init.d/snortd start
可以起来,不过过两分钟就死了。
用/etc/rc.d/init.d/snortd status查,
snort dead but subsys locked
没有出错信息! /var/log/message 里看不到error。
因为是daemon,死的静悄悄。
想到不用daemon
把/etc/rc.d/init.d/snortd 里启动 参数 -D 去掉,
/usr/local/bin/snort -b -d -i eth0 -u snort -g snort -c /etc/snort/snort.conf -l /var/log/snort
原来是
segmentation fault!
,换snort-2.1.1-0.rhel3.dag.i386.rpm
rpm -i 就segmentation fault
再换
snort-2.1.1-1.i386.rpm
rpm -i 就 hang,faint!
end up building from source
got snort-2.1.1.tar.gz
follow
http://www.snort.org/docs/snort_acid_rh9.pdf page 14
basicly (I did not use mysql to store data)
groupadd snort
useradd -g snort snort
mkdir /etc/snort
mkdir /var/log/snort
tar -xvzf snort-2.X.X.tar.gz
cd snort-2.X.X
./configure
make
make install
you'll find snort under /usr/local/bin
Don't forget download ruels to /etc/snort dir
e.g. snortrules-stable.tar.gz
and make sure it matches what snort.conf says about rule dir
I use the old /etc/init.d/snortd and link it to rc3.d
change /usr/sbin/snort to /usr/local/bin/snort in /etc/init.d/snortd |
|
免费注册
发表于 2004-03-14 12:21