[Snort-users] var/log/messages

Joseph Hager JosHag at ...37...
Tue Jul 18 15:19:32 EDT 2000


I found the problem.. it wasn't the dir/permissions.. it was a config issue.
Snort was running the wrong cfg (my fault) all fixed.

Anyone using snort with a linux db app and apache to do logging and
searching via a web browser? (or maybe using dig)  I'm currently having the
info mailed to me.. but a web front-end would be nice.

Thanks
Joey


 -----Original Message-----
From: 	James Hoagland [mailto:hoagland at ...47...] 
Sent:	Tuesday, July 18, 2000 3:17 PM
To:	Joseph Hager; Snort-Users (E-mail)
Subject:	Re: [Snort-users] var/log/messages

At 2:21 PM -0400 7/18/00, Joseph Hager wrote:
>Jul 18 10:19:15 itcop snort:  [!] ERROR:Can not get write to logging
>directory /var/log/snort. (directory doesn't exist or permissions are set
>incorrectly)
>
>I get this error when I attempt to launch snort.
>
>preprocessor portscan: 0.0.0.0/0 5 5 /var/log/snort.log
>
>is the only logging line I can find in my cfg file.. any suggestions on
>where else to look?
>

Joeseph,

Snort normally logs alerted packet contents to files inside 
/var/log/snort/.  You might look at these logs if you alert log 
contains something where seeing inside the packet is useful.  My 
guess is that the reason you are getting this message is that this 
directory does not exist on your computer.  A mkdir and perhaps a 
chmod should fix this problem.

Regards,

   Jim
-- 
|*   Jim Hoagland, Associate Researcher, Silicon Defense    *|
|*               hoagland at ...47...                *|
|*  Voice: (707) 445-4355 x13          Fax: (707) 826-7571  *|




More information about the Snort-users mailing list