Due to permission issue with /var/run/snort folder (where /var/run is symlink on /run, and /run is mount point for tmpfs partition), pid file can't be created. Log message:

...
Set gid to 996
Set uid to 107
Checking PID path...
WARNING: /var/run/snort is invalid, trying /var/run...
Previous Error, errno=13, (Permission denied)
WARNING: _PATH_VARRUN is invalid, trying /var/log/ ...
WARNING: /var/log/ is invalid, logging Snort PID path to log directory (/var/log/snort/).
Writing PID "52289" to file "/var/log/snort///snort_eth0.pid"
...


In ebuild we have (src_install function):

	fowners -R snort:snort \
		/var/log/snort \
		/var/run/snort \
		/etc/snort

But, since /var/run could be symlink on /run (by default, tmpfs partition), permission for /var/run/snort can't be stored during system halt/reboot. So, /etc/init.d/snort script create /var/run/snort folder with root:root owner and 775 mod all the time, and snort user can't creat pid file in that folder. 


The posible solution is correct /var/run/snort folder creation part in /etc/init.d/snort script:
replace "checkpath -d /var/run/snort" line
on "checkpath -d -o snort:snort /var/run/snort"
fix the issue.


Reproducible: Always