[Snort-devel] Unified output / running snort unpriviledged

Helmut Kreft kreft at ...1955...
Thu Apr 24 03:43:07 EDT 2003


Version: 2.0.0

If the spo_unified output plugin is used and snort is started with
the -u or -g parameter, the logfiles are beeing owned by root
after startup anyways. Reason: These files are beeing opened by
snort before priviledges are beeing dropped.

This behaviour upsets the mudpit logprocessor, if also run as an
unpriviledged process. (Mudpit automatically deletes the files
after they were processed.)

    Helmut Kreft

Im Namen der Toleranz sollten wir daher das Recht beanspruchen, die
Intoleranz nicht zu tolerieren.
                                                Karl Popper

More information about the Snort-devel mailing list