[Snort-users] Snort changes from 1.6.3 -> pl 2

Ralf Hildebrandt Ralf.Hildebrandt at ...22...
Tue Sep 26 07:22:33 EDT 2000


Hi!

Today I updated from 1.6.3 to 1.6.3 pl 2 and noticed a change in the chroot
behaviour:

I use:
% snort -t /var/spool/snort -g snort -u snort -d -b -s -c /etc/snort.conf

and /etc/snort.conf lists /var/log/snort/portscan.log as (portscan) logfile.

I think the way logfiles are being opened must have changed, since now I get:

[!] ERROR:Can not get write to logging directory /var/log/snort.
(directory doesn't exist or permissions are set incorrectly)   

Shouldn't the (log)file be opened BEFORE going to jail?

-- 
ralf.hildebrandt at ...22...
Dipl.-Informatiker                                       innominate AG
system engineer                                      networking people
tel: +49.30.308806-62  fax: -77   http://innominate.de  pgp at request



More information about the Snort-users mailing list