[Snort-users] Logging acts strange in 1.8.3

Martin Roesch roesch at ...1935...
Mon Mar 18 07:40:05 EST 2002


The -s switch enables syslog logging, no alert file will be created.

     -Marty

On 3/18/02 6:47 AM, "kai.hanisch at ...2897..." <kai.hanisch at ...2897...>
wrote:

> Hi,
> 
> im using Snort 1.8.3 on a Debian Woody 3.0 with Kernel 2.4.17.
> 
> snort is running like this:  /usr/local/bin/snort -D -l /var/log/snort -h
> xxx.xxx.xxx.xxx/22 -s -c /rules/snort.conf
> 
> The problem is that logging seems to work pretty well, at least regarding
> portscans, but no file /var/log/snort/alert is being created while
> /var/log/snort/portscan.log exists. Directory permissions on /var/log/snort
> are 700, owner/group is root (snort
> runs as root). I once got the message:
> 
> FATAL ERROR:  [!] ERROR: Can not get write access to logging directory
> "/var/log/snort". (directory doesn't exist or permissions are set incorrectly
> or it is not a directory at all)
> 
> This obviously isn't true, as all the ip-related directories and, as
> mentioned, portscan.log, are being created and updated. What could be wrong?
> 
> Thanks for any help
> 
> Kai
> 
> 
> 
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 

-- 
Martin Roesch - Founder/CEO, Sourcefire Inc. - (410)290-1616
Sourcefire: Professional Snort Sensor and Management Console appliances
roesch at ...1935... - http://www.sourcefire.com
Snort: Open Source Network IDS - http://www.snort.org





More information about the Snort-users mailing list