[Snort-users] Logging acts strange in 1.8.3
roesch at ...1935...
Mon Mar 18 07:40:05 EST 2002
The -s switch enables syslog logging, no alert file will be created.
On 3/18/02 6:47 AM, "kai.hanisch at ...2897..." <kai.hanisch at ...2897...>
> im using Snort 1.8.3 on a Debian Woody 3.0 with Kernel 2.4.17.
> snort is running like this: /usr/local/bin/snort -D -l /var/log/snort -h
> xxx.xxx.xxx.xxx/22 -s -c /rules/snort.conf
> The problem is that logging seems to work pretty well, at least regarding
> portscans, but no file /var/log/snort/alert is being created while
> /var/log/snort/portscan.log exists. Directory permissions on /var/log/snort
> are 700, owner/group is root (snort
> runs as root). I once got the message:
> FATAL ERROR: [!] ERROR: Can not get write access to logging directory
> "/var/log/snort". (directory doesn't exist or permissions are set incorrectly
> or it is not a directory at all)
> This obviously isn't true, as all the ip-related directories and, as
> mentioned, portscan.log, are being created and updated. What could be wrong?
> Thanks for any help
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> Snort-users list archive:
Martin Roesch - Founder/CEO, Sourcefire Inc. - (410)290-1616
Sourcefire: Professional Snort Sensor and Management Console appliances
roesch at ...1935... - http://www.sourcefire.com
Snort: Open Source Network IDS - http://www.snort.org
More information about the Snort-users