Summary: | multiple snort instances | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Eric Brown <eric.brown> |
Component: | New packages | Assignee: | Gentoo Netmon project <netmon> |
Status: | RESOLVED UPSTREAM | ||
Severity: | enhancement | CC: | trombik |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | x86 | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Eric Brown
2005-10-20 08:47:21 UTC
snort is currently assigning its PID according to the options set in /etc/conf.d/snort. I'll look into the pidfile creation though, as I am not convinced how we are doing it now is the best way. in util.c 779 snprintf(pv.pid_filename, STD_BUF, "%s/snort_%s%s.pid", pv.pid_path, intf, 780 pv.pidfile_suffix); it seems like the filename is hardcoded. snort should support an option like --pid or something similar in snort.conf The only way we can make this happy is by calling start-stop-daemon with -b -m --pidfile, which i think is ugly and unnecessary. It will still create its hardcoded pid and to be honest I don't see why you need more then one snort running at any point in time. This would have to be resolve upstream if you really see the need. It's has been useful to have more than one snort instance for 2 very good reasons so far: 1) sniffing on 2 different interfaces that should use different rule sets 2) using database output with a setup where you have 2 interfaces (you need two instances, two databases to avoid atomicity issues) I think this is a dup of bug 123169 (i posted it again by accident?) Anyway, in that bug, the problem is apparently fixed... |