[Snort-users] Snort question

Goldmoon summer_beha at ...131...
Fri Sep 13 12:07:03 EDT 2002


So, I tried this instead:

snort -dev -l .log -h "ipaddress" -c snort.conf

This is the error I get:

Error: Can not get write access to logging directory
"./log" exist or permissions are set incorrectly or it
is not a directory at all

Fatal Error, Quitting

snort /kernel: fxp0:promiscuous mode enabled
snort /kernel: fxp0:promisuous mode disabled


--- Goldmoon <summer_beha at ...131...> wrote:
> Hi,
> 
> I tried to run snort in IDS mode, with the following
> command, but got a "command not found" error.
> 
> ./snort -dev -l .log -h ip address -c snort.conf
> 
> any ideas what's happening?
> 
> thanks.
> --- Ed Kasky <ed at ...3483...> wrote:
> > I have Snort ver 1.8.7 running on a RH 7.2 machine
> > using Mysql and running 
> > as "snort"
> > 
> >  From the init script:
> > daemon /usr/local/bin/snort -u snort -D -c
> > /etc/snort/snort.conf
> > 
> >  From snort.conf:
> > output database: alert, mysql, user=snort
> > password=XXXXX dbname=snort 
> > host=localhost
> > 
> > It's been running fine until the last day or so
> when
> > I started getting:
> > 
> > snort: FATAL ERROR: ERROR: OpenLogFile() => 
> > mkdir(/var/log/snort/216.216.73.103) log
> directory:
> > Permission denied
> > 
> > I changed /var/log/snort to snort.snort and 700
> but
> > it continues.
> > 
> > My first question is if I am using Mysql, why does
> > it still write the ip logs?
> > 
> > Secondly, if I start it as snort, why does it
> write
> > the ip logs as rppt.bin?
> > 
> > drwx------ 2 root bin 4096 Sep 10 13:37
> > 64.131.177.161
> > 
> > Thanks in advance for any advice...
> > 
> > Ed
> > ~~
> > 
> > Ed Kasky
> > Los Angeles, CA
> > . . . . . . . .
> > Conscience is the inner voice warning us that
> > someone may be looking.
> > -H.L. Mencken
> > 
> > 
> > 
> >
>
-------------------------------------------------------
> > This sf.net email is sponsored by:ThinkGeek
> > Welcome to geek heaven.
> > http://thinkgeek.com/sf
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > Go to this URL to change user options or
> > unsubscribe:
> >
>
https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> >
>
http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 
> 
> __________________________________________________
> Do you Yahoo!?
> Yahoo! News - Today's headlines
> http://news.yahoo.com
> 
> 
>
-------------------------------------------------------
> This sf.net email is sponsored by:ThinkGeek
> Welcome to geek heaven.
> http://thinkgeek.com/sf
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or
> unsubscribe:
>
https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
>
http://www.geocrawler.com/redir-sf.php3?list=snort-users


__________________________________________________
Do you Yahoo!?
Yahoo! News - Today's headlines
http://news.yahoo.com




More information about the Snort-users mailing list