[Snort-users] wierd behaviour -> bug in snort or openbsd?

Erik Engberg Erik.Engberg at ...511...
Mon Oct 16 16:49:07 EDT 2000


I discovered a really annoying problem today. Same on two different boxes I
tried. Only tried this on OpenBSD 2.7-2.8

When I try to start snort from /etc/rc.local everything seems fine but snort
does not use the alert file!

I have tried all sorst of combinations, but this is about what I want:

/usr/local/bin/snort -A full -c /etc/snort/snort.conf -d -D -i fxp1 -l
/var/www/htdocs/snortlog

snort_portscan.log generates nicely, but no alert file (its just not there
and won´t generate, it won´t add to an old one either).

If I use the exact same command logged on as root I get the alert file

If I cd to /var/www/htdocs/snortlog in the rc.local file it works, but not
if I don´t. Logged on it does not seem to matter.
I don´t see why it should matter but I guess it could be connected to the
shells used. If I´m right sh is used to parse the rc.local and I use tcsh as
loginshell.

Also, I can´t seem to the -g switch. Snort just reports:
ERROR: No netmask specified for home network!

I don´t see any access problems, config file is readable etc. It´s something
else I guess.

Also, when I use -t to chroot it can´t find the logging dir, doesn´t matter
if I use the real path or the path it should have after chroot.

brgds,
/Erik





More information about the Snort-users mailing list