<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<!--Converted with LaTeX2HTML 2002-2-1 (1.71)
original version by: Nikos Drakos, CBLU, University of Leeds
* revised and updated by: Marcus Hennecke, Ross Moore, Herb Swan
* with significant contributions from:
Jens Lippmann, Marek Rouchal, Martin Wilck and others -->
<HTML>
<HEAD>
<TITLE>1.6 Miscellaneous</TITLE>
<META NAME="description" CONTENT="1.6 Miscellaneous">
<META NAME="keywords" CONTENT="snort_manual">
<META NAME="resource-type" CONTENT="document">
<META NAME="distribution" CONTENT="global">
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<META NAME="Generator" CONTENT="LaTeX2HTML v2002-2-1">
<META HTTP-EQUIV="Content-Style-Type" CONTENT="text/css">
<LINK REL="STYLESHEET" HREF="snort_manual.css">
<LINK REL="next" HREF="node9.html">
<LINK REL="previous" HREF="node7.html">
<LINK REL="up" HREF="node2.html">
<LINK REL="next" HREF="node9.html">
</HEAD>
<BODY >
<!--Navigation Panel-->
<A NAME="tex2html353"
HREF="node9.html">
<IMG WIDTH="37" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="next" SRC="next.png"></A>
<A NAME="tex2html349"
HREF="node2.html">
<IMG WIDTH="26" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="up" SRC="up.png"></A>
<A NAME="tex2html343"
HREF="node7.html">
<IMG WIDTH="63" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="previous" SRC="prev.png"></A>
<A NAME="tex2html351"
HREF="node1.html">
<IMG WIDTH="65" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="contents" SRC="contents.png"></A>
<BR>
<B> Next:</B> <A NAME="tex2html354"
HREF="node9.html">1.7 More Information</A>
<B> Up:</B> <A NAME="tex2html350"
HREF="node2.html">1. Snort Overview</A>
<B> Previous:</B> <A NAME="tex2html344"
HREF="node7.html">1.5 Inline Mode</A>
<B> <A NAME="tex2html352"
HREF="node1.html">Contents</A></B>
<BR>
<BR>
<!--End of Navigation Panel-->
<H1><A NAME="SECTION00260000000000000000">
1.6 Miscellaneous</A>
</H1>
<P>
If you want to run Snort in daemon mode, you can add -D switch to any
combination described in the previous sections. Please notice that if you want to be able to restart Snort
by sending a SIGHUP signal to the daemon, you <EM>must</EM> specify the full path to the Snort
binary when you start it, for example:
<P>
<DIV ALIGN="CENTER">
</DIV><PRE>
/usr/local/bin/snort -d -h 192.168.1.0/24 \
-l /var/log/snortlogs -c /usr/local/etc/snort.conf -s -D
</PRE>
<DIV ALIGN="CENTER">
</DIV>
<P>
Relative paths are not supported due to security concerns.
<P>
If you need to post packet logs to public mailing lists, you might
want to use the -O switch. This switch obfuscates your IP addresses in
packet printouts. This is handy if you don't want people on the mailing
list to know the IP addresses involved. You can also combine the -O switch with
the -h switch to only obfuscate the IP addresses of hosts on the home network.
This is useful if you don't care who sees the address of the attacking host.
For example, you could use the following command to read the packets from a log
file and dump them to the screen, obfuscating only the addresses from the
192.168.1.0/24 class C network:
<P>
<DIV ALIGN="CENTER">
</DIV><PRE>
./snort -d -v -r snort.log -O -h 192.168.1.0/24
</PRE>
<DIV ALIGN="CENTER">
</DIV>
<P>
<HR>
<!--Navigation Panel-->
<A NAME="tex2html353"
HREF="node9.html">
<IMG WIDTH="37" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="next" SRC="next.png"></A>
<A NAME="tex2html349"
HREF="node2.html">
<IMG WIDTH="26" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="up" SRC="up.png"></A>
<A NAME="tex2html343"
HREF="node7.html">
<IMG WIDTH="63" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="previous" SRC="prev.png"></A>
<A NAME="tex2html351"
HREF="node1.html">
<IMG WIDTH="65" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="contents" SRC="contents.png"></A>
<BR>
<B> Next:</B> <A NAME="tex2html354"
HREF="node9.html">1.7 More Information</A>
<B> Up:</B> <A NAME="tex2html350"
HREF="node2.html">1. Snort Overview</A>
<B> Previous:</B> <A NAME="tex2html344"
HREF="node7.html">1.5 Inline Mode</A>
<B> <A NAME="tex2html352"
HREF="node1.html">Contents</A></B>
<!--End of Navigation Panel-->
</BODY>
</HTML>
