[Snort-users] Snort question

Bill Gercken bgercken at ...5068...
Sat Sep 14 07:04:02 EDT 2002


Hi,

Not sure if you already have an answer but here goes:

In the first case (command not found) snort was not in your current
directory and therefore could not be executed. (That is what the "./" 
does in your command line.) You can determine where snort is in your 
path by typing: 

which snort

on the command line. That should give you the path to where you installed
snort. 

The second command line you used found snort in your path,
but you are asking it to log to the directory ".log", which
probably does not exist. (".log" is a perfectly good name for
the directory if you are trying to hide the data, but you need 
to make sure that is what you really wanted.) You probably wanted 
"./log". Make sure that you created the directory in the current
directory and that the permissions are correct (your umask should
provide the correct defaults) and try the command again.

Regards,
-bill

-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net]On Behalf Of Goldmoon
Sent: Friday, September 13, 2002 3:06 PM
To: snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] Snort question


So, I tried this instead:

snort -dev -l .log -h "ipaddress" -c snort.conf

This is the error I get:

Error: Can not get write access to logging directory
"./log" exist or permissions are set incorrectly or it
is not a directory at all

Fatal Error, Quitting

snort /kernel: fxp0:promiscuous mode enabled
snort /kernel: fxp0:promisuous mode disabled


--- Goldmoon <summer_beha at ...131...> wrote:
> Hi,
> 
> I tried to run snort in IDS mode, with the following
> command, but got a "command not found" error.
> 
> ./snort -dev -l .log -h ip address -c snort.conf
> 
> any ideas what's happening?
> 
> thanks.
> --- Ed Kasky <ed at ...3483...> wrote:
> > I have Snort ver 1.8.7 running on a RH 7.2 machine
> > using Mysql and running 
> > as "snort"
> > 
> >  From the init script:
> > daemon /usr/local/bin/snort -u snort -D -c
> > /etc/snort/snort.conf
> > 
> >  From snort.conf:
> > output database: alert, mysql, user=snort
> > password=XXXXX dbname=snort 
> > host=localhost
> > 
> > It's been running fine until the last day or so
> when
> > I started getting:
> > 
> > snort: FATAL ERROR: ERROR: OpenLogFile() => 
> > mkdir(/var/log/snort/216.216.73.103) log
> directory:
> > Permission denied
> > 
> > I changed /var/log/snort to snort.snort and 700
> but
> > it continues.
> > 
> > My first question is if I am using Mysql, why does
> > it still write the ip logs?
> > 
> > Secondly, if I start it as snort, why does it
> write
> > the ip logs as rppt.bin?
> > 
> > drwx------ 2 root bin 4096 Sep 10 13:37
> > 64.131.177.161
> > 
> > Thanks in advance for any advice...
> > 
> > Ed
> > ~~
> > 
> > Ed Kasky
> > Los Angeles, CA
> > . . . . . . . .
> > Conscience is the inner voice warning us that
> > someone may be looking.
> > -H.L. Mencken
> > 
> > 
> > 
> >
>
-------------------------------------------------------
> > This sf.net email is sponsored by:ThinkGeek
> > Welcome to geek heaven.
> > http://thinkgeek.com/sf
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > Go to this URL to change user options or
> > unsubscribe:
> >
>
https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> >
>
http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 
> 
> __________________________________________________
> Do you Yahoo!?
> Yahoo! News - Today's headlines
> http://news.yahoo.com
> 
> 
>
-------------------------------------------------------
> This sf.net email is sponsored by:ThinkGeek
> Welcome to geek heaven.
> http://thinkgeek.com/sf
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or
> unsubscribe:
>
https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
>
http://www.geocrawler.com/redir-sf.php3?list=snort-users


__________________________________________________
Do you Yahoo!?
Yahoo! News - Today's headlines
http://news.yahoo.com


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users






More information about the Snort-users mailing list