[Snort-users] var/log/messages

James Hoagland hoagland at ...47...
Tue Jul 18 15:16:35 EDT 2000


At 2:21 PM -0400 7/18/00, Joseph Hager wrote:
>Jul 18 10:19:15 itcop snort:  [!] ERROR:Can not get write to logging
>directory /var/log/snort. (directory doesn't exist or permissions are set
>incorrectly)
>
>I get this error when I attempt to launch snort.
>
>preprocessor portscan: 0.0.0.0/0 5 5 /var/log/snort.log
>
>is the only logging line I can find in my cfg file.. any suggestions on
>where else to look?
>

Joeseph,

Snort normally logs alerted packet contents to files inside 
/var/log/snort/.  You might look at these logs if you alert log 
contains something where seeing inside the packet is useful.  My 
guess is that the reason you are getting this message is that this 
directory does not exist on your computer.  A mkdir and perhaps a 
chmod should fix this problem.

Regards,

   Jim
-- 
|*   Jim Hoagland, Associate Researcher, Silicon Defense    *|
|*               hoagland at ...47...                *|
|*  Voice: (707) 445-4355 x13          Fax: (707) 826-7571  *|




More information about the Snort-users mailing list