[Snort-users] logging directory

Cary Mathews scattered at ...4621...
Tue Jul 23 07:08:03 EDT 2002


Hmmm, the plot thickens... :)
By seperate, I mean on a diffrent harddrive, but within the same computer,
ie, not NFS. Maybe filesystem was the wrong term.

Permissions: most files on /acu are owned by root, in particular the snort
directory.

sudo: I am sudo'ing to root, so I do have the necessary permissions to
access any files I should need to.

file structure:
/acu/var/
      |-bin/
      |  |-snort (binary)
      |-etc/
      |  |-rules/
      |  |   |-(all the *.rules files)
      |  |-snort.conf
      |  |-classification.config
      |-include/
      |-log/
      |-man/

So, when I compiled snort, I gave configure the --prefix=/acu/var flag,
because I wanted to locate all the snort-related files in this one
directory. I want to have snort log to /acu/var/log instead of
/var/log. Eventually I would like to chroot the program to the
/acu/var direcroty totally, but that is a diffrent can of worms. Again, I
know there are other work arounds to this problem: sym-link
the directory, or a sh script with all the necessary command line options,
but I would like to take care of this problem using the configuration
file, because it is a "cleaner" solution.

That's where I am. My appologies if my previous posts were less than clear
:/.

Cary





More information about the Snort-users mailing list