[Snort-devel] Bug in logrotate and a documentation suggestion]

JP Vossen vossenjp at ...628...
Wed Jan 7 13:49:01 EST 2004

> From: "Maarten Bremer" <maarten at ...2287...>
> To: snort-devel at lists.sourceforge.net
> Subject: [Snort-devel] Bug in logrotate and a documentation suggestion
> Organization: Xolphin
> Date: Sun, 14 Dec 2003 19:31:11 +0100
> While installing it to our servers I discovered some minor error in the RPM
> build (snort-2.0.4-1.i386.rpm). In /etc/logrotate.d/snort there is a
> reference to "/va/rlog/snort". Obviously this should be "/var/log/snort".

This was corrected on or before Wed, 3 Dec 2003 and should be in current and
future builds.

Also, see my next message.

> It took me a while to figure out how to scan on multiple interfaces. The
> documentation is referencing to the "S. Krahmer's patch" which is quite hard
> to find. It took me very long to finally figure out the solution was easy,
> it was almost working right out of the box. The only thing that needed to be
> done was altering the INTERFACE option to ALL in /etc/sysconfig/snort. It
> would be nice if you could add this to the FAQ / documentation, so other
> people notice this great feature too.

Cool, Dan will be happy!  Dan & I (the RPM guys) have no control over the main
Snort Docs, but hopefully Brian has seen thins and can tweak it when he has a

JP Vossen, CISSP              |:::======|         jp{at}jpsdomain{dot}org
My Account, My Opinions       |=========|       http://www.jpsdomain.org/
You used to have to reboot the Windows 9.x series every couple of days
because it would crash.  Now you have to reboot Windows 200x or XP every
couple of days because of a patch.  How is that better or more stable?

More information about the Snort-devel mailing list