From owner-freebsd-questions@FreeBSD.ORG Thu Mar 12 20:26:04 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D9E6F106567B for ; Thu, 12 Mar 2009 20:26:04 +0000 (UTC) (envelope-from freebsd@optiksecurite.com) Received: from relais.videotron.ca (relais.videotron.ca [24.201.245.36]) by mx1.freebsd.org (Postfix) with ESMTP id AEAC78FC1A for ; Thu, 12 Mar 2009 20:26:04 +0000 (UTC) (envelope-from freebsd@optiksecurite.com) MIME-version: 1.0 Content-transfer-encoding: 8BIT Content-type: text/plain; charset=ISO-8859-1; format=flowed Received: from [0.0.0.0] ([69.70.93.206]) by VL-MO-MR003.ip.videotron.ca (Sun Java(tm) System Messaging Server 6.3-4.01 (built Aug 3 2007; 32bit)) with ESMTP id <0KGE00823U2XO1A0@VL-MO-MR003.ip.videotron.ca> for freebsd-questions@freebsd.org; Thu, 12 Mar 2009 16:25:45 -0400 (EDT) Message-id: <49B96F9A.8050404@optiksecurite.com> Date: Thu, 12 Mar 2009 16:24:58 -0400 From: FreeBSD User-Agent: Thunderbird 2.0.0.19 (Windows/20081209) To: Paul Schmehl References: <49B95E83.7050002@optiksecurite.com> In-reply-to: Cc: freebsd-questions@freebsd.org Subject: Re: Error starting Snort via rc.d [SOLVED] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 Mar 2009 20:26:06 -0000 Paul Schmehl a écrit : > --On Thursday, March 12, 2009 14:12:03 -0500 FreeBSD > wrote: > >> >> Hello list! >> >> I'm running FreeBSD 7.1-RELEASE-p3 with a fresh ports tree. I just >> installed Snort 2.8.2.2_2 from the ports. The problem is that I always >> got an error when I want to start/stop/restart Snort via >> /usr/local/etc/rc.d/snort. >> >> I isolated the part of the script that is outputting the error. The >> problem comes from the last line : run_rc_command "$1" >> >> The error I get is : >> eval: 1: Syntax error: "(" unexpected (expecting ")") >> >> I don't have any problem starting MySQL, so I don't understand why >> there's a problem with this command only for Snort. >> >> Thanks for your precious help, >> > > The problem isn't in the last line. That's just a common impression > when an error message isn't clear. You have to understand that the rc.d > system, while it makes creating startup scripts easier, obfuscates (to > some degree) what's going on in the backround. > > If you'll notice, there is no eval command in the snort startup script. > What's being parsed by eval is /etc/rc.conf. If you'll look at > /etc/rc.subr, you'll see that it uses eval to assess the values that you > have assigned to the various variables used in the snort startup script. > > For example, it checks to see if you've enabled the script by evaluating > /etc/rc.conf for the line _enable="YES". It checks the > run_rc_command to see if the name is correct, what, if any, the > arguments are that should be appended to the run command, what, if any, > the extra arguments are, and so forth. > > I'll bet you have a snort variable in /etc/rc.conf that isn't quoted > correctly. > > Send us the results of this command: > > grep snort /etc/rc.conf > > It should look something like this: > > # grep snort /etc/rc.conf > snort_enable="YES" > snort_flags="-u snort -g snort -Dq" > snort_interface="bge0" > Thanks a lot! There was an error in the "snort_interface" line. Thank you for your excellent explanation. Martin