[Snort-users] snort 2.0.0 rules

Matt Kettler mkettler at ...4108...
Wed Jun 11 15:00:09 EDT 2003


At 03:53 PM 6/11/2003 -0500, msmythe at ...9424... wrote:
>Hi,
>I use redhat 7.3, kernel 2.4.20.18-7 platform,with snort 2.0.0
>
>I´m tryng to run form   [msmythe at ...9434... msmythe] directory, where i have a
>snort and log directories. The error message says:
>can not get write access to logging directory "var/log/snort". (directory
>doesn´t exist or permissions are set incorrectly or it is not a directory as
>all)
>Fatal Error, Quitting..
>.... i checked it out  in /var/log and snort directory doesn´t exist. Should
>i create it?

Well, you're using RELATIVE paths with the command line you stated.. so you 
need to create ./var/log/snort relative to msmythe's home directory, not 
/var/log/snort. Unless you stop specifying the -l parameter the way you are 
at present.

And for reference the directory isn't [msmythe at ...9434... msmythe].. if you type 
pwd you'll see that your directory is likely to be
/home/msmythe. What you put there is part of a common bash-shell prompt and 
only displays the last part of the actual path, along with username and 
machine name.

It should be noted however that snort MUST be started as  ROOT user, or a 
special user that you've set up to have root-like privleges for raw 
sockets. Normal non-root users cannot initiate pcap. No there is no way 
around this, it's built into the OS that way for security reasons.



>OK, i´ll use snort instead of ./snort.
>
>Another questions please:
>1. must i have to use MySQL or ACID?...why?

No, those are options you can choose to use, and are popular because the UI 
of acid is fairly easy to use. By default snort logs to an ascii file.

>2. exist another snort 2.0.0 rules file? or i downloaded with the last
>release of snort 2.0.0.? . How can i use it?

There's only one ruleset, but you can download an updated version of that 
ruleset from:
http://www.snort.org/dl/rules/





More information about the Snort-users mailing list