[Snort-users] Can't set logdir in 1.9.0
erek at ...577...
Wed Oct 16 02:44:05 EDT 2002
Ok, it's late and I'm tired so I might be a bit crazy on this. :)
On Wed, 16 Oct 2002, Serge Leschinsky wrote:
> Hmmm... I've temporary resolved this trouble in the following way: -l /log \
> and I've create /log directory. The error with "log directory 'log' does not
> exist" disappeared. I can't understand why chroot settings
> (/var/chroot/snort) aren't applied. Strangely enough that the existents of
> -s options doesn't exert influence on errors message.
> So, when logdir trouble disappeared I got new error message
> >Oct 15 15:40:53 builder-host snort: FATAL ERROR: ERROR
> >/etc/rules/bad-traffic.rules (12) => Couldn't resolve hostname HOME_NET
> The variable $HOME_NET is defined. 8-((
I think that you're seeing a problem with chroot. Your first (logdir) problem
could be caused by it. If that's the true, then your second problem might be
due to your /etc/snort.conf inside your chroot jail. That's the only thing
that I can think of that would give both errors when you know you're setting
it up in the right way.
Rebuild snort via './configure --enable-debug'. Then set the environment
variable 'SNORT_DEBUG' to one of the values in <snortdir>/src/debug.h. I'd
suggest DEBUG_INIT and/or DEBUG_CONFIGRULES. If you use the -D flag, it
should create a /tmp/snort.debug file with all sorts of output in there. I'd
check the output and see what directories are being opened. That might narrow
things down some.
> I'm very sorry for troubling community with these stupid questions but I
> can't start 1.9.0 myself. It may seem strange, I have almost no
> problem with snort 1.8.x.
;-) Heh. You're not troubling, you're asking. You've actually worked on
finding the answer! :)
I'm going to guess that something was changed on your setup from 1.8.x to
1.9.0. In my upgrade, I didn't run into any sort of issues. There have been
some people who've had issues, but in many of those cases it's been due to
config issues. :-/ As I've said before, 'I tend to play the law of
Ok, I've rambled enough. It's time to go to bed. :) And of course if I'm
crazy, clueless or just drain brammaged from lack of sleep, I'm sure someone
will (I hope!) correct me.
More information about the Snort-users