[Snort-users] Can't set logdir in 1.9.0

Erek Adams erek at ...577...
Wed Oct 16 02:44:05 EDT 2002


Ok, it's late and I'm tired so I might be a bit crazy on this.  :)

On Wed, 16 Oct 2002, Serge Leschinsky wrote:

[...snip...]

> Hmmm... I've temporary resolved this trouble in the following way: -l /log \
> and I've create /log directory. The error with "log directory 'log' does not
> exist" disappeared. I can't understand why chroot settings
> (/var/chroot/snort) aren't applied. Strangely enough that the existents of
> -s options doesn't exert influence on errors message.
>
> So, when logdir trouble disappeared I got new error message
> >Oct 15 15:40:53 builder-host snort: FATAL ERROR: ERROR
> >/etc/rules/bad-traffic.rules (12) => Couldn't resolve hostname HOME_NET
> The variable $HOME_NET is defined. 8-((

I think that you're seeing a problem with chroot.  Your first (logdir) problem
could be caused by it.  If that's the true, then your second problem might be
due to your /etc/snort.conf inside your chroot jail.  That's the only thing
that I can think of that would give both errors when you know you're setting
it up in the right way.

Rebuild snort via './configure --enable-debug'.  Then set the environment
variable 'SNORT_DEBUG' to one of the values in <snortdir>/src/debug.h.  I'd
suggest DEBUG_INIT and/or DEBUG_CONFIGRULES.  If you use the -D flag, it
should create a /tmp/snort.debug file with all sorts of output in there.  I'd
check the output and see what directories are being opened.  That might narrow
things down some.

> I'm very sorry for troubling community with these stupid questions but I
> can't start 1.9.0 myself. It may seem strange, I have almost no
> problem  with snort 1.8.x.

;-)  Heh.  You're not troubling, you're asking.  You've actually worked on
finding the answer!  :)

I'm going to guess that something was changed on your setup from 1.8.x to
1.9.0.  In my upgrade, I didn't run into any sort of issues.  There have been
some people who've had issues, but in many of those cases it's been due to
config issues.  :-/  As I've said before, 'I tend to play the law of
averages.'

Ok, I've rambled enough.  It's time to go to bed.  :)  And of course if I'm
crazy, clueless or just drain brammaged from lack of sleep, I'm sure someone
will (I hope!) correct me.

G'nite!

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net





More information about the Snort-users mailing list