[Snort-users] logging directory
jsage at ...2022...
Mon Jul 22 14:15:04 EDT 2002
On Mon, Jul 22, 2002 at 03:03:12PM -0500, Cary Mathews wrote:
> Ok, I spoke too soon. John's solution looked to be the correct one, but
> I'm still getting errors. I have the following lines in my snort.conf:
> config logdir: /acu/var/log
> var RULE_PATH /acu/var/etc/rules
> (/acu is a seperate file-system with more space than /var currently
A "separate file system"?
An NFS mount?
What are the appropriate permissions, etc etc..?
/* not that Cary hasn't probably thought of that, but what the hey.. */
> ========actual output===========
> /acu/var> sudo bin/snort -c etc/snort.conf
When you sudo, does the resulting user have read/write permissions
across the "separate file system"?
If I interpret the line above, correctly, you're in /acu/var when you
execute "sudo bin/snort -c etc/snort.conf" ?
Are "bin" and "etc" directories under /acu/var ?
/* feels he's wandered off into a meaningless digression */
"Cowardly refusing to create an empty archive."
PGP key http://www.finchhaven.com/pages/gpg_pubkey.html
Fingerprint FE 97 0C 57 08 43 F3 EB 49 A1 0C D0 8E 0C D0 BE C8 38 CC B5
> Log directory = /var/log/snort
> Initializing Network Interface eb0
> --== Initializing Snort ==--
> [!] ERROR: Can not get write access to logging directory "/var/log/snort".
> (directory doesn't exist or permissions are set incorrectly
> or it is not a directory at all)
> Fatal Error, Quitting..
> =======end output===============
> I could create a symlink from /var/log/snort -> /acu/var/log, but that's
> more of a hack than properly configuring the program...
> What else could I be missing from my conf file, if anything?
> On Mon, 22 Jul 2002, John Sage wrote:
> > Date: Mon, 22 Jul 2002 11:16:50 -0700
> > From: John Sage <jsage at ...2022...>
> > To: Cary Mathews <scattered at ...4621...>
> > Cc: snort-users at lists.sourceforge.net
> > Subject: Re: [Snort-users] logging directory
> > Cary:
> > On Mon, Jul 22, 2002 at 11:33:26AM -0500, Cary Mathews wrote:
> > > I looked through the FAQs and the archives and didn't see this address any
> > > where. I can specify the logging directory on the command line with the
> > > -l <dir> option, but how do I override the default logging directory
> > > within the snort.conf file?
> > >
> > > Cary
> > You might try this:
> > >From SnortUsersManual.pdf:
> > "2.1.3 Config
> > Many configuration and command line options of Snort can be specified
> > in the configuration file.
> > Format:
> > config <directive>[: <value> ]
> > <snip>
> > logdir - Set the logdir (snort -l). Example: config logdir: /var/log/snort
> > <snip>
> > HTH..
> > - John
More information about the Snort-users