Date: Thu, 12 Mar 2009 16:24:58 -0400 From: FreeBSD <freebsd@optiksecurite.com> To: Paul Schmehl <pschmehl_lists@tx.rr.com> Cc: freebsd-questions@freebsd.org Subject: Re: Error starting Snort via rc.d [SOLVED] Message-ID: <49B96F9A.8050404@optiksecurite.com> In-Reply-To: <D6C3CCA22353A80D9B47C370@utd65257.utdallas.edu> References: <49B95E83.7050002@optiksecurite.com> <D6C3CCA22353A80D9B47C370@utd65257.utdallas.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
Paul Schmehl a écrit :
> --On Thursday, March 12, 2009 14:12:03 -0500 FreeBSD
> <freebsd@optiksecurite.com> wrote:
>
>>
>> Hello list!
>>
>> I'm running FreeBSD 7.1-RELEASE-p3 with a fresh ports tree. I just
>> installed Snort 2.8.2.2_2 from the ports. The problem is that I always
>> got an error when I want to start/stop/restart Snort via
>> /usr/local/etc/rc.d/snort.
>>
>> I isolated the part of the script that is outputting the error. The
>> problem comes from the last line : run_rc_command "$1"
>>
>> The error I get is :
>> eval: 1: Syntax error: "(" unexpected (expecting ")")
>>
>> I don't have any problem starting MySQL, so I don't understand why
>> there's a problem with this command only for Snort.
>>
>> Thanks for your precious help,
>>
>
> The problem isn't in the last line. That's just a common impression
> when an error message isn't clear. You have to understand that the rc.d
> system, while it makes creating startup scripts easier, obfuscates (to
> some degree) what's going on in the backround.
>
> If you'll notice, there is no eval command in the snort startup script.
> What's being parsed by eval is /etc/rc.conf. If you'll look at
> /etc/rc.subr, you'll see that it uses eval to assess the values that you
> have assigned to the various variables used in the snort startup script.
>
> For example, it checks to see if you've enabled the script by evaluating
> /etc/rc.conf for the line <scriptname>_enable="YES". It checks the
> run_rc_command to see if the name is correct, what, if any, the
> arguments are that should be appended to the run command, what, if any,
> the extra arguments are, and so forth.
>
> I'll bet you have a snort variable in /etc/rc.conf that isn't quoted
> correctly.
>
> Send us the results of this command:
>
> grep snort /etc/rc.conf
>
> It should look something like this:
>
> # grep snort /etc/rc.conf
> snort_enable="YES"
> snort_flags="-u snort -g snort -Dq"
> snort_interface="bge0"
>
Thanks a lot! There was an error in the "snort_interface" line.
Thank you for your excellent explanation.
Martin
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?49B96F9A.8050404>