[Snort-users] Confused about Fatal Error

Ed Kasky ed at ...3483...
Fri Sep 13 10:00:02 EDT 2002

I have Snort ver 1.8.7 running on a RH 7.2 machine using Mysql and running 
as "snort"

 From the init script:
daemon /usr/local/bin/snort -u snort -D -c /etc/snort/snort.conf

 From snort.conf:
output database: alert, mysql, user=snort password=XXXXX dbname=snort 

It's been running fine until the last day or so when I started getting:

snort: FATAL ERROR: ERROR: OpenLogFile() => 
mkdir(/var/log/snort/ log directory: Permission denied

I changed /var/log/snort to snort.snort and 700 but it continues.

My first question is if I am using Mysql, why does it still write the ip logs?

Secondly, if I start it as snort, why does it write the ip logs as rppt.bin?

drwx------ 2 root bin 4096 Sep 10 13:37

Thanks in advance for any advice...


Ed Kasky
Los Angeles, CA
. . . . . . . .
Conscience is the inner voice warning us that someone may be looking.
-H.L. Mencken

More information about the Snort-users mailing list