[Snort-users] snort & logfile permissions

J. Craig Woods drjung at ...5405...
Wed Aug 14 15:26:02 EDT 2002


Sander Smeenk wrote:
> 
> Hi,
> 
> Can anyone tell me if, and how, I can have snort create it's logfiles
> 
> -rw-r-----      snort.snort                     alert
> 
> So that I can put users who need to read the logs in group 'snort' etc?
> Currently it just creates the files as mode 600 :/
> 
> Regards,
> Sander.
> 

Not much info posted but from looking at the mail headers, you appear to
be running a Debian distro. Running a simple "chmod 640
/var/log/snort/alert" (substitute the path for your OS) would change the
alert file to be readable for any member of the snort group. If you are
starting and stopping snort a lot so that the file reverts back to 600,
create a cronjob to keep it at 640. I think you already know this stuff
so maybe you could elaborate on what you actually want to do.

drjung

-- 
J. Craig Woods
UNIX/NT Network/System Administration
http://www.trismegistus.net/resume.html
Character is built upon the debris of despair --Emerson




More information about the Snort-users mailing list