[Snort-users] Logging Error

Guy Bruneau bruneau at ...126...
Tue Aug 1 05:47:13 EDT 2000


Jeffrey,

I just looked at the permission on /var/adm/snort and you have Snort as a
file vice a directory. That is why it isn't working. Snort uses this
directory to log the portscan and save the detects by defaults.

I use Snort on Slackware 7.0 and it works fine.

Guy

Jeffrey Denton wrote:

> I'm new to this list. Excuse me if this has already been covered.  I
> looked through the archives on the website, but didn't find anything.
>
> Snort version 1.6.3
> Slackware 7.1
> 2.2.16
> egcs-2.91.66
>
> #snort -s -d -i ppp0 -l /usr/adm/snort -c /etc/snort/rules.base
>
> I get the following error when I run the above command:
>
> [!] ERROR:Can not get write to logging directory /usr/adm/snort.
> (directory doesn't exist or permissions are set incorrectly)
>
> #ls -l /usr/adm/snort
> -rw-------   1 root     root            0 Jul 30 13:38 /usr/adm/snort
>
> I've tried every permission from 600 to 777.  If I run snort without -l I
> get:
>
> # snort -s -i ppp0 -c /etc/snort/vision.conf
>
> [!] ERROR:Can not get write to logging directory /var/log/snort.
> (directory doesn't exist or permissions are set incorrectly)
>
> # ls -l /var/log/snort
> -rw-------   1 root     root            0 Jul 30 13:38 /var/log/snort
>
> /usr/adm is ln -s to /var/log.
>
> Any ideas?
>
> Jeff
>





More information about the Snort-users mailing list