[Snort-users] ERROR: OpenLogFile()

Fyodor fygrave at ...121...
Sun Aug 6 05:26:16 EDT 2000



~ :I still have the same problem:
~ :
~ :host snort[2729]: ERROR: OpenLogFile() =>> fopen(/var/log/snort/192.168.1.140/UDP:137-137) log file: No such file or directory
~ :
~ :host:/etc/snort# ls -al /var/log/snort
~ :drwxr-s---    2 snort    snort        1024 sie  5 13:31 .

umm.. now that's interesting.. :-) why would you have `s' permission here.

~ :drwxr-xr-x   10 root     root         4096 sie  1 12:41 ..
~ :-rw-------    1 root     snort        2122 sie  5 13:15 0805 at ...254...
~ :-rw-------    1 root     snort          24 sie  5 13:10 0805 at ...255...
~ :-rw-------    1 root     snort         580 sie  5 13:15 0805 at ...256...
~ :-rw-------    1 root     snort        4497 sie  5 14:16 0805 at ...257...
~ :-rw-------    1 root     snort           0 sie  5 13:19 alert
~ :-rw-------    1 root     snort           0 sie  5 12:55 portscan.log
~ :-rw-------    1 root     snort           0 sie  5 13:18 snort.alert
~ :host:/etc/snort# 



~ :Another question is why those files (above) are root's not snort's user ?
~ :I run snort with options -u and -g.

oops.. serious? it looks like only gid is changed. can you show us ps uax
| grep snort (or something that would show snort process owner?)

~ :Can somebody send me start options of snort, where it logs packets
~ :into directories ?
~ :

-l /path should point out what directory packets should be logged into.





More information about the Snort-users mailing list