Hi all,
I'm using the latest pf_ring package from the ntop repo on RHEL 6.7 to
power a snort monitor. All working fine but for one slightly strange
issue. When Snort (Version 2.9.7.6 GRE (Build 285)) is started from the
standard /etc/init.d/snort service file it starts fine, uses pf_ring,
but the file name in /proc/net/pf_ring doesn't correspond to the pid
that is created by the snort service, e.g.
[root@snort ~]# ps aux | grep snort
snort 2202 0.0 18.5 542696 188996 ? Ssl 16:36 0:00
/usr/sbin/snort -A fast -b -d -D -i eth0 -u snort -g snort -c
/etc/snort/snort.conf -l /var/log/snort
[root@snort ~]# ls -l /proc/net/pf_ring/
total 0
-r--r--r-- 1 root root 0 Nov 18 16:36 2185-eth0.36
dr-xr-xr-x 5 root root 0 Nov 18 16:36 dev
-r--r--r-- 1 root root 0 Nov 18 16:36 info
-r--r--r-- 1 root root 0 Nov 18 16:36 plugins_info
dr-xr-xr-x 2 root root 0 Nov 18 16:36 stats
So daemon pid is 2202, pf_ring is showing 2185-eth0.36. Starting and
stopping the service dutifully changes both numbers.
Any ideas?
Cheers,
Luke
_______________________________________________
Ntop-misc mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop-misc
