[Snort-users] logging directory

John Sage jsage at ...2022...
Mon Jul 22 14:15:04 EDT 2002


arf..

On Mon, Jul 22, 2002 at 03:03:12PM -0500, Cary Mathews wrote:
> Ok, I spoke too soon.  John's solution looked to be the correct one, but
> I'm still getting errors. I have the following lines in my snort.conf:
> config logdir: /acu/var/log
> var RULE_PATH /acu/var/etc/rules
> (/acu is a seperate file-system with more space than /var currently
> has...)

A "separate file system"?

How "separate"?

An NFS mount?

What are the appropriate permissions, etc etc..?

/* not that Cary hasn't probably thought of that, but what the hey.. */


> ========actual output===========
> /acu/var> sudo bin/snort -c etc/snort.conf

When you sudo, does the resulting user have read/write permissions
across the "separate file system"?

hmm..

If I interpret the line above, correctly, you're in /acu/var when you
execute "sudo bin/snort -c etc/snort.conf" ?

Are "bin" and "etc" directories under /acu/var ?

/* feels he's wandered off into a meaningless digression */


- John
-- 
"Cowardly refusing to create an empty archive."

PGP key      http://www.finchhaven.com/pages/gpg_pubkey.html
Fingerprint  FE 97 0C 57 08 43 F3 EB 49 A1 0C D0 8E 0C D0 BE C8 38 CC B5 


> Log directory = /var/log/snort
> 
> Initializing Network Interface eb0
> 
>         --== Initializing Snort ==--
> 
> [!] ERROR: Can not get write access to logging directory "/var/log/snort".
> (directory doesn't exist or permissions are set incorrectly
> or it is not a directory at all)
> 
> Fatal Error, Quitting..
> =======end output===============
> I could create a symlink from /var/log/snort -> /acu/var/log, but that's
> more of a hack than properly configuring the program...
> What else could  I be missing from my conf file, if anything?
> 
> TIA,
> Cary
> 
> 
> On Mon, 22 Jul 2002, John Sage wrote:
> 
> > Date: Mon, 22 Jul 2002 11:16:50 -0700
> > From: John Sage <jsage at ...2022...>
> > To: Cary Mathews <scattered at ...4621...>
> > Cc: snort-users at lists.sourceforge.net
> > Subject: Re: [Snort-users] logging directory
> >
> > Cary:
> >
> > On Mon, Jul 22, 2002 at 11:33:26AM -0500, Cary Mathews wrote:
> > > I looked through the FAQs and the archives and didn't see this address any
> > > where.  I can specify the logging directory on the command line with the
> > > -l <dir> option, but how do I override the default logging directory
> > > within the snort.conf file?
> > >
> > > Cary
> >
> > You might try this:
> >
> > >From SnortUsersManual.pdf:
> >
> > "2.1.3 Config
> >
> > Many configuration and command line options of Snort can be specified
> > in the configuration file.
> >
> > Format:
> > config <directive>[: <value> ]
> >
> > <snip>
> >
> > logdir - Set the logdir (snort -l). Example: config logdir: /var/log/snort
> >
> > <snip>
> >
> >
> > HTH..
> >
> >
> > - John




More information about the Snort-users mailing list