[Snort-users] snort & logfile permissions

J. Craig Woods drjung at ...5405...
Wed Aug 14 15:26:02 EDT 2002

Sander Smeenk wrote:
> Hi,
> Can anyone tell me if, and how, I can have snort create it's logfiles
> -rw-r-----      snort.snort                     alert
> So that I can put users who need to read the logs in group 'snort' etc?
> Currently it just creates the files as mode 600 :/
> Regards,
> Sander.

Not much info posted but from looking at the mail headers, you appear to
be running a Debian distro. Running a simple "chmod 640
/var/log/snort/alert" (substitute the path for your OS) would change the
alert file to be readable for any member of the snort group. If you are
starting and stopping snort a lot so that the file reverts back to 600,
create a cronjob to keep it at 640. I think you already know this stuff
so maybe you could elaborate on what you actually want to do.


J. Craig Woods
UNIX/NT Network/System Administration
Character is built upon the debris of despair --Emerson

More information about the Snort-users mailing list