[Snort-users] snort keeps quitting with errors.

Mipam mipam at ...266...
Mon Sep 25 16:52:39 EDT 2000


> But one question.... ist seems like it was having problems opening
> files on your file system... are you sure that there were no
> other resource contention issues on the box.
> 

I would know of any considered the processes i run there.
The permission on the dirs etc were correctly.
Snort wasnt running chrooted as well.
As for /var/log/snort/smtp for example, i created that one
with correct permissions. But after this still the error can
from fopen (/var/log/snort/smtp) no such file or directory.
And i am very sure no other process is claiming that file or
has any bussiness in that dir.

> I'm not saying it wasn't snort, but the file opening problem
> would point elsewhere to me as it is different files in
> different parts of snort... but...

This problem i described was on openbsd 2.7 with snort 1.6.3
I use netbsd longer as openbsd and i planted snort 1.7-beta0
on netbsd 1.4.3
Some interesting points here:
Nope, it doesnt die, all seems to work fine....
However, NO logs at all are created here when i do not use the -s option.
I do not use the -b option and i used again the rules
log TCP any any <> $INTERNAL 25 (session: all; logto: "smtp";)
Same for port 80 and filename http.
Starting snort with -t /var/log/snort and more options.
No logs were created at all.....
Yeah sure the alert file has been created in the /var/log/snort dir
but it remains empty.
I know which rules i use and went on triggering them.
Especially with smtp and http...
However, no file smtp or http has been found in /var/log/snort at all.
Normal alerts seem to be logged fine when using alert instead of log.
Or i am understanding things wrong about snort concerning logging.
Or maybe something else is wrong.
Bye,

Mipam.



More information about the Snort-users mailing list