[Snort-users] Snort changes from 1.6.3 -> pl 2

Ralf Hildebrandt Ralf.Hildebrandt at ...22...
Tue Sep 26 10:36:47 EDT 2000

Am 26.09.2000 um 10:31:59 -0400 schrieb Martin Roesch folgendes:
> Hehe, oops.  You need to reset the log directory relative to the chroot
> directory, so if you chroot it to  /var/spool/snort its root directory becomes
> that directory and so the default logging directory is no longer valid.  Short
> term workaround is to set a link to /var/log/snort in the /var/spool/snort
> dir, then use the -l variable to work point to it.  I *think* that'll work....
> :)

Yup. Haven't thought of this...

> So, what's the proper behavior for this (and the setgid/setuid) switch? 
> Should it open up files relative to the real root dir, or after?  If we do it
> before, people are going to set their logging dir to '/' expecting the thing
> to be set before hand (I've had at least 2-3 reports of that behavior being a
> bug).  How does everone around here want this to work?  Let's figure it out
> and I'll code it up...

It should work like in named (BIND)

ralf.hildebrandt at ...22...
Dipl.-Informatiker                                       innominate AG
system engineer                                      networking people
tel: +49.30.308806-62  fax: -77   http://innominate.de  pgp at request
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 358 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20000926/9fe6df0c/attachment.sig>

More information about the Snort-users mailing list