[Snort-users] snort 1.9 + OpenBSD 3.2-stable

twig les twigles at ...131...
Mon Dec 9 10:49:06 EST 2002


Maybe chown -R?  That's what I use on my
/var/log/snort.  I prolly should have said that the
first time....

BTW, why are you using sudo?  Snort can drop
privileges natively.  Have you tried cutting sudo out
and seeing if it works?  Not to say sudo breaks it,
but it may require an added config option somewhere
(never sudo'd snort).

--- Darren <darren at ...7695...> wrote:
> 
> Hello Twig,
> 
> Yep.
> 
> $ ls -ld /var/log/snort
> drwxr-xr-x  34 snort  snort  1024 Dec  9 18:32
> /var/log/snort
> 
> $ grep snort /etc/group
> snort:*:75:
> $ grep snort /etc/passwd
> snort:*:75:75::/home/snort:/sbin/nologin
> 
> $ ls -l /var/log/alert.csv
> -rw-r--r--  1 snort  snort  0 Dec  9 15:14
> /var/log/alert.csv
> 
> Darren
> 
> Monday, December 9, 2002, 6:07:21 PM, you wrote:
> 
> tl> Did you chown snort:snort /var/log/snort?
> 
> tl> --- Darren <darren at ...7695...> wrote:
> >> 
> >> Hello larc,
> >> 
> >> I upgraded to snort 1.9 and still adding the
> >> following 2 lines.
> >> 
> >> I used ./configure with no options.
> >> 
> >> /etc/snort.conf
> >> 
> >> output alert_syslog: LOG_AUTH LOG_ALERT
> >> output CSV: /var/log/alert.csv default
> >> etc
> >> [I have also tried with commenting out
> alert_syslog]
> >> 
> >> /etc/snort/classification.config
> >> /etc/snort/*.rules
> >> 
> >> Nothing goes in any of the /var/log/* files, nor
> >> does it log to
> >> 
> >> -bash-2.05b$ ls -l /var/log/alert.csv
> >> -rw-r--r--  1 snort  snort  0 Dec  9 15:14
> >> /var/log/alert.csv
> >> 
> >> -bash-2.05b$ sudo snort -v -u snort -g snort -l
> >> /var/log/snort -D
> >> Initializing Output Plugins!
> >> 
> >> I don't think something is broke, but it's the
> way
> >> i'm using it.
> >> 
> >> Anyone got any thoughts?
> >> 
> >> Darren
> >> 
> >> Monday, December 9, 2002, 10:56:19 AM, you wrote:
> >> 
> >> l> Hi,
> >> 
> >> l> Well the best tip that I can give is, go to
> >> www.snort.org and download snort 1.9
> >> l> Version 1.8.6 is really old and there are no
> >> signatures for it anymore.
> >> 
> >> l> Stefan D.
> >> 
> >> l> ------------------------
> >> l>  Darren <darren at ...7695...> wrote:
> >> l> ------------------------
> >> l> Hello snort-users,
> >> >>
> >> >>After spending all afternoon on this, I need
> some
> >> tips.
> >> >>
> >> >>I am using OpenBSD 3.2-stable and snort 1.8.6
> >> compiles from ports.
> >> >>
> >> >>I can't get snort to write csv output.  Is this
> a
> >> known issue or
> >> >>am I doing something wrong?
> >> >>
> >> >>/etc/snort.conf
> >> >>
> >> >>output alert_syslog: LOG_AUTH LOG_ALERT
> >> >>output csv: /var/log/snort/snort.log
> >> msg,proto,timestamp,src,srcport,dst,dstport
> >> >>
> >> >>-bash-2.05b$ ls -ld /var/log/snort
> >> >>drwxr-xr-x  2 snort  snort  512 Dec  8 17:31
> >> /var/log/snort
> >> >>-bash-2.05b$ ls -l /var/log/snort/snort.log
> >> >>-rw-r--r--  1 snort  snort  0 Dec  8 17:31
> >> /var/log/snort/snort.log
> >> >>
> >> >>I have to launch snort like this so it writes
> into
> >> /var/log/snort/
> >> >># snort -v -u snort -g snort -l /var/log/snort
> -D
> >> >>
> >> >>-bash-2.05b$ ps auxw | grep snort
> >> >>snort    21995 31.8  0.0   664   644 ??  Ss    
> >> 5:38PM    0:14.62 snort -v -u snort -g snort -l
> >> /var/log/snort -D
> >> >>
> >> >>Interestingly without the -l option it won't
> write
> >> there, but this
> >> >>is less important.
> >> >>
> >> >>I'd like syslog and csv output.
> >> >>
> >> >>Snort was build like this
> >> >># cd /usr/ports/net/snort
> >> >># make install
> >> >>
> >> >>-bash-2.05b$ grep LOG_AUTH
> /usr/include/syslog.h
> >> >>#define LOG_AUTH        (4 Snort!
> 
> 


=====
-----------------------------------------------------------
If you give a man a fish, he can eat for a day
If you bludgeon him to death, you can eat the fish yourself                       
-----------------------------------------------------------

__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com




More information about the Snort-users mailing list