[Snort-users] logging directory
scattered at ...4621...
Mon Jul 22 13:03:03 EDT 2002
Ok, I spoke too soon. John's solution looked to be the correct one, but
I'm still getting errors. I have the following lines in my snort.conf:
config logdir: /acu/var/log
var RULE_PATH /acu/var/etc/rules
(/acu is a seperate file-system with more space than /var currently
/acu/var> sudo bin/snort -c etc/snort.conf
Log directory = /var/log/snort
Initializing Network Interface eb0
--== Initializing Snort ==--
[!] ERROR: Can not get write access to logging directory "/var/log/snort".
(directory doesn't exist or permissions are set incorrectly
or it is not a directory at all)
Fatal Error, Quitting..
I could create a symlink from /var/log/snort -> /acu/var/log, but that's
more of a hack than properly configuring the program...
What else could I be missing from my conf file, if anything?
On Mon, 22 Jul 2002, John Sage wrote:
> Date: Mon, 22 Jul 2002 11:16:50 -0700
> From: John Sage <jsage at ...2022...>
> To: Cary Mathews <scattered at ...4621...>
> Cc: snort-users at lists.sourceforge.net
> Subject: Re: [Snort-users] logging directory
> On Mon, Jul 22, 2002 at 11:33:26AM -0500, Cary Mathews wrote:
> > I looked through the FAQs and the archives and didn't see this address any
> > where. I can specify the logging directory on the command line with the
> > -l <dir> option, but how do I override the default logging directory
> > within the snort.conf file?
> > Cary
> You might try this:
> >From SnortUsersManual.pdf:
> "2.1.3 Config
> Many configuration and command line options of Snort can be specified
> in the configuration file.
> config <directive>[: <value> ]
> logdir - Set the logdir (snort -l). Example: config logdir: /var/log/snort
> - John
> "Cowardly refusing to create an empty archive."
> PGP key http://www.finchhaven.com/pages/gpg_pubkey.html
> Fingerprint FE 97 0C 57 08 43 F3 EB 49 A1 0C D0 8E 0C D0 BE C8 38 CC B5
> This sf.net email is sponsored by:ThinkGeek
> Welcome to geek heaven.
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> Snort-users list archive:
More information about the Snort-users