Error starting Snort via rc.d [SOLVED]

FreeBSD freebsd at optiksecurite.com
Thu Mar 12 13:26:06 PDT 2009 

Paul Schmehl a écrit :
> --On Thursday, March 12, 2009 14:12:03 -0500 FreeBSD 
> <freebsd at optiksecurite.com> wrote:
> 
>>
>> Hello list!
>>
>> I'm running FreeBSD 7.1-RELEASE-p3 with a fresh ports tree. I just
>> installed Snort 2.8.2.2_2 from the ports. The problem is that I always
>> got an error when I want to start/stop/restart Snort via
>> /usr/local/etc/rc.d/snort.
>>
>> I isolated the part of the script that is outputting the error. The
>> problem comes from the last line : run_rc_command "$1"
>>
>> The error I get is :
>> eval: 1: Syntax error: "(" unexpected (expecting ")")
>>
>> I don't have any problem starting MySQL, so I don't understand why
>> there's a problem with this command only for Snort.
>>
>> Thanks for your precious help,
>>
> 
> The problem isn't in the last line.  That's just a common impression 
> when an error message isn't clear.  You have to understand that the rc.d 
> system, while it makes creating startup scripts easier, obfuscates (to 
> some degree) what's going on in the backround.
> 
> If you'll notice, there is no eval command in the snort startup script.  
> What's being parsed by eval is /etc/rc.conf.  If you'll look at 
> /etc/rc.subr, you'll see that it uses eval to assess the values that you 
> have assigned to the various variables used in the snort startup script.
> 
> For example, it checks to see if you've enabled the script by evaluating 
> /etc/rc.conf for the line <scriptname>_enable="YES".  It checks the 
> run_rc_command to see if the name is correct, what, if any, the 
> arguments are that should be appended to the run command, what, if any, 
> the extra arguments are, and so forth.
> 
> I'll bet you have a snort variable in /etc/rc.conf that isn't quoted 
> correctly.
> 
> Send us the results of this command:
> 
> grep snort /etc/rc.conf
> 
> It should look something like this:
> 
> # grep snort /etc/rc.conf
> snort_enable="YES"
> snort_flags="-u snort -g snort -Dq"
> snort_interface="bge0"
> 

Thanks a lot! There was an error in the "snort_interface" line.

Thank you for your excellent explanation.

Martin

More information about the freebsd-questions mailing list