[Snort-users] ERROR: OpenLogFile()

Przemek Bak przemolicc at ...234...
Mon Aug 7 01:18:15 EDT 2000


On Sun, Aug 06, 2000 at 04:26:16PM +0700, Fyodor wrote:
> ~ :I still have the same problem:
> ~ :
> ~ :host snort[2729]: ERROR: OpenLogFile() =>> fopen(/var/log/snort/192.168.1.140/UDP:137-137) log file: No such file or directory
> ~ :
> ~ :host:/etc/snort# ls -al /var/log/snort
> ~ :drwxr-s---    2 snort    snort        1024 sie  5 13:31 .
> 
> umm.. now that's interesting.. :-) why would you have `s' permission here.

I installed snort as a debian package. That is standard directory
permission set by package. Does it matter ?

> ~ :drwxr-xr-x   10 root     root         4096 sie  1 12:41 ..
> ~ :-rw-------    1 root     snort        2122 sie  5 13:15 0805 at ...254...
> ~ :-rw-------    1 root     snort          24 sie  5 13:10 0805 at ...255...
> ~ :-rw-------    1 root     snort         580 sie  5 13:15 0805 at ...256...
> ~ :-rw-------    1 root     snort        4497 sie  5 14:16 0805 at ...257...
> ~ :-rw-------    1 root     snort           0 sie  5 13:19 alert
> ~ :-rw-------    1 root     snort           0 sie  5 12:55 portscan.log
> ~ :-rw-------    1 root     snort           0 sie  5 13:18 snort.alert
> ~ :host:/etc/snort# 
> 
> ~ :Another question is why those files (above) are root's not snort's user ?
> ~ :I run snort with options -u and -g.
> 
> oops.. serious? it looks like only gid is changed. can you show us ps uax
> | grep snort (or something that would show snort process owner?)

host:/var/log# ps axu|grep snort
snort      522  1.5  5.3  4240 3396 ?        S    07:14   0:00 /usr/sbin/snort -D -S HOME_NET=192.168.0.0/16 -h 192.168.0.0/16 -c /etc/snort/snort-lib -t /var/log/snort -l /var/log/snort -u snort -g snort -s -d -i eth0
host:/var/log# 

przemol




More information about the Snort-users mailing list