I added a variable to /etc/config/snort and /etc/init.d/snort to allow me to pass additional arguments to the daemon. See here. When I start the daemon, it appears to get called correctly but it eventually crashes and the init system gives up after 6 times.
How can I debug this?
# /etc/init.d/snort start
...
# logread -e snort
Thu Dec 1 10:38:17 2022 daemon.info procd: Instance snort::instance1 s in a crash loop 8 crashes, 110 seconds since last crash
EDIT: I added a 'set -x' to /etc/init.d/snort and it seems that trouble is due to the init system introducing a pair of single quotes:
...
+ shift
+ _procd_add_array_data /usr/bin/snort -q --daq-dir /usr/lib/daq/ -i eth0:eth1 -c /etc/snort/small.lua -A alert_fast '-l /mnt/mmcblk0p3'
...
If I execute that from the shell, not the init script:
# /usr/bin/snort -q --daq-dir /usr/lib/daq/ -i eth0:eth1 -c /etc/snort/small.lua -A alert_fast '-l /mnt/mmcblk0p3'
...
afpacket DAQ configured to passive.
Commencing packet processing
++ [0] eth0:eth1
FATAL: OpenAlertFile() => fopen() alert file /mnt/mmcblk0p3/alert_fast.txt: No such file or directory
Fatal Error, Quitting..
Snort (PID 24708) caught fatal signal: SIGABRT (6)
That file does in fact exist. If I repeat dropping the single quotes, it runs as expected. How can I keep that variable from getting single quoted when the daemon runs?
# /usr/bin/snort --daq-dir /usr/lib/daq/ -i eth0:eth1 -c /etc/snort/small.lua -A alert_fast -l /mnt/mmcblk0p3
...
afpacket DAQ configured to passive.
Commencing packet processing
++ [0] eth0:eth1