[Snort-users] Confused about Fatal Error

Ed Kasky ed at ...3483...
Fri Sep 13 10:00:02 EDT 2002


I have Snort ver 1.8.7 running on a RH 7.2 machine using Mysql and running 
as "snort"

 From the init script:
daemon /usr/local/bin/snort -u snort -D -c /etc/snort/snort.conf

 From snort.conf:
output database: alert, mysql, user=snort password=XXXXX dbname=snort 
host=localhost

It's been running fine until the last day or so when I started getting:

snort: FATAL ERROR: ERROR: OpenLogFile() => 
mkdir(/var/log/snort/216.216.73.103) log directory: Permission denied

I changed /var/log/snort to snort.snort and 700 but it continues.

My first question is if I am using Mysql, why does it still write the ip logs?

Secondly, if I start it as snort, why does it write the ip logs as rppt.bin?

drwx------ 2 root bin 4096 Sep 10 13:37 64.131.177.161

Thanks in advance for any advice...

Ed
~~

Ed Kasky
Los Angeles, CA
. . . . . . . .
Conscience is the inner voice warning us that someone may be looking.
-H.L. Mencken





More information about the Snort-users mailing list