[Snort-devel] Bug in logrotate and a documentation suggestion

Maarten Bremer maarten at ...2287...
Mon Dec 15 07:46:15 EST 2003


Snort is really great software, you all did a great job!

While installing it to our servers I discovered some minor error in the RPM
build (snort-2.0.4-1.i386.rpm). In /etc/logrotate.d/snort there is a
reference to "/va/rlog/snort". Obviously this should be "/var/log/snort".

It took me a while to figure out how to scan on multiple interfaces. The
documentation is referencing to the "S. Krahmer's patch" which is quite hard
to find. It took me very long to finally figure out the solution was easy,
it was almost working right out of the box. The only thing that needed to be
done was altering the INTERFACE option to ALL in /etc/sysconfig/snort. It
would be nice if you could add this to the FAQ / documentation, so other
people notice this great feature too.

Kind regards,

Maarten Bremer

More information about the Snort-devel mailing list