[Snort-users] the most cryptic fsck'ing thing...
jsage at ...2022...
Sun May 20 22:44:19 EDT 2001
Erek Adams wrote:
> On Sat, 19 May 2001, John Sage wrote:
>> At the risk of seeming like a total idiot (at this point I don't care ;-)
> Idiot? No, I've already won that title. :)
>> Snort has got to be the most cryptic fsck'ing thing to get running I've
>> ever seen!
> Yeppers. It has a few 'things' that make it fun to setup.
Actually, snort's working great, now, if all I want to do is look at eth0 ;-)
Most of my problems *now* seem to be pointing toward a ppp0 issue.
There's a thread in the snort archives from last month suggesting that
the 1.8 beta may be the way to go..
>> May 19 10:48:44 sparky snort: log_tcpdump TcpdumpInitLogFile(): No such
>> file or directory
>> What's that all about?
>> Is that why nothing's logging? (OK: well, duh..)
> You got it in one guess! ;-)
> Actually... If I were to guess at it, I'd say that it's a file/directory
> problem. Take a look and make sure that /var/log/snort exists, and that the
> user that snort is running as has write permissions to it. Also check and
> make sure that the /var/log/snort/tcpdump.log file exists and has writeable
I think you are right.. been fiddling with so much, I forgot what exactly
was wrong with that particular issue.
I think I had too much in my snort.conf -- I had the file name and not just the
path... or something like that. Or I was alerting, but not logging, or logging
but not alerting, or somesuch ;-)
That's fixed. Now I gotta deal with the ppp0 issue..
> If you are on Solaris you can use 'truss' to find out where/why it's dying.
> I had one of my Linux geek friends tell me that there is something called
> 'strace' for Linux that does almost the same thing...
I'm running Linux.. strace: I'lllook into that.
>> Finally, how can I dump the current active variables?
>> Is there something like "echo $HOME_NET"?
> Not to my knowledge. I usually just grep thru the snort.conf for "$" to find
> any variables.
> Hope this helps!
Thanks for your reply; sorry my post was so cranky..
FinchHaven, Vashon Island, WA, USA
mailto:jsage at ...2022...
"The web is so, like, five minutes ago..."
More information about the Snort-users