[Snort-users] wierd behaviour -> bug in snort or openbsd?
Erik.Engberg at ...511...
Mon Oct 16 16:49:07 EDT 2000
I discovered a really annoying problem today. Same on two different boxes I
tried. Only tried this on OpenBSD 2.7-2.8
When I try to start snort from /etc/rc.local everything seems fine but snort
does not use the alert file!
I have tried all sorst of combinations, but this is about what I want:
/usr/local/bin/snort -A full -c /etc/snort/snort.conf -d -D -i fxp1 -l
snort_portscan.log generates nicely, but no alert file (its just not there
and won´t generate, it won´t add to an old one either).
If I use the exact same command logged on as root I get the alert file
If I cd to /var/www/htdocs/snortlog in the rc.local file it works, but not
if I don´t. Logged on it does not seem to matter.
I don´t see why it should matter but I guess it could be connected to the
shells used. If I´m right sh is used to parse the rc.local and I use tcsh as
Also, I can´t seem to the -g switch. Snort just reports:
ERROR: No netmask specified for home network!
I don´t see any access problems, config file is readable etc. It´s something
else I guess.
Also, when I use -t to chroot it can´t find the logging dir, doesn´t matter
if I use the real path or the path it should have after chroot.
More information about the Snort-users