There are some problems with the /etc/conf.d/snort file (files/snort.confd in the ebuild directory): 1) There's a MODE variable that is not used, so it should be deleted. 2) NETWORK should be set from the /etc/snort.conf. The "-h" flag is only meant for use when you want to override the conf file when running the snort manualy. 3) This one is even nastier : "-s" overrides *any* "output" directive from the snort.conf file. It took me some time to realize that it's this switch that prevented the snort from loggin into a database as I wanted. Again, this switch is not intended for use when running the service daemon, only for manual execution when you want to override some .conf settings. 4) -dev is probably not needed either, and better to be handeled from the .conf as well
fix0red