[Snort-users] Getting an error using -r

Ken Pickering kjp8v at ...4512...
Wed Jan 9 10:58:05 EST 2002


I answered my own question, eventually. It seems that the new disk systems
put in was vfat, which they failed to mention to me. You need ext2 for
some of the new alerts in 1.8 (since 1.7 runs fine on vfat).

So, I have to reformat and rerun. Oh well.

On Wed, 9 Jan 2002, Ken Pickering wrote:

> I'm currently using snort 1.8.3 BUILD 88 on a RedHat Linux 7.1 box.
>
> When I excute the command "snort -d -l /root/darpa/1998-6/temp/ -r
> /root/darpa/1998-6/mon/tcpdump", everything works fine.
>
> When I change the logging directory to /d2/alerts/1998-6/temp where d2 is
> a bigger HD (directories are valid, etc), I get a message that states:
>
> ERROR: OpenLogFile() =>
> fopen(/d2/alerts/1998-6/temp/XXX.XX.XXX.XX/TCP:1025-21) log file: Invalid
> argument
> Fatal Error: Quitting
>
> where the XX's are an IP address.
>
> The permissions on the two directories are the same (755). Anything I
> might be doing wrong?
>
> -Ken Pickering
>
>
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>

--------------------------------------------------------
Ken Pickering                    kpickering at ...1995...
University of Virginia           ICQ: 23590031
Undergraduate School of Engineering and Applied Sciences
Electric Time Company, Inc       Webmaster and Sys Admin


"Remember your training. Help you, it will."





More information about the Snort-users mailing list