[Snort-users] Snort question

Goldmoon summer_beha at ...131...
Fri Sep 13 11:54:02 EDT 2002


Hi,

I tried to run snort in IDS mode, with the following
command, but got a "command not found" error.

./snort -dev -l .log -h ip address -c snort.conf

any ideas what's happening?

thanks.
--- Ed Kasky <ed at ...3483...> wrote:
> I have Snort ver 1.8.7 running on a RH 7.2 machine
> using Mysql and running 
> as "snort"
> 
>  From the init script:
> daemon /usr/local/bin/snort -u snort -D -c
> /etc/snort/snort.conf
> 
>  From snort.conf:
> output database: alert, mysql, user=snort
> password=XXXXX dbname=snort 
> host=localhost
> 
> It's been running fine until the last day or so when
> I started getting:
> 
> snort: FATAL ERROR: ERROR: OpenLogFile() => 
> mkdir(/var/log/snort/216.216.73.103) log directory:
> Permission denied
> 
> I changed /var/log/snort to snort.snort and 700 but
> it continues.
> 
> My first question is if I am using Mysql, why does
> it still write the ip logs?
> 
> Secondly, if I start it as snort, why does it write
> the ip logs as rppt.bin?
> 
> drwx------ 2 root bin 4096 Sep 10 13:37
> 64.131.177.161
> 
> Thanks in advance for any advice...
> 
> Ed
> ~~
> 
> Ed Kasky
> Los Angeles, CA
> . . . . . . . .
> Conscience is the inner voice warning us that
> someone may be looking.
> -H.L. Mencken
> 
> 
> 
>
-------------------------------------------------------
> This sf.net email is sponsored by:ThinkGeek
> Welcome to geek heaven.
> http://thinkgeek.com/sf
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or
> unsubscribe:
>
https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
>
http://www.geocrawler.com/redir-sf.php3?list=snort-users


__________________________________________________
Do you Yahoo!?
Yahoo! News - Today's headlines
http://news.yahoo.com




More information about the Snort-users mailing list