[Snort-users] snort 2.0.0 rules
mkettler at ...4108...
Wed Jun 11 15:00:09 EDT 2003
At 03:53 PM 6/11/2003 -0500, msmythe at ...9424... wrote:
>I use redhat 7.3, kernel 126.96.36.199-7 platform,with snort 2.0.0
>I´m tryng to run form [msmythe at ...9434... msmythe] directory, where i have a
>snort and log directories. The error message says:
>can not get write access to logging directory "var/log/snort". (directory
>doesn´t exist or permissions are set incorrectly or it is not a directory as
>Fatal Error, Quitting..
>.... i checked it out in /var/log and snort directory doesn´t exist. Should
>i create it?
Well, you're using RELATIVE paths with the command line you stated.. so you
need to create ./var/log/snort relative to msmythe's home directory, not
/var/log/snort. Unless you stop specifying the -l parameter the way you are
And for reference the directory isn't [msmythe at ...9434... msmythe].. if you type
pwd you'll see that your directory is likely to be
/home/msmythe. What you put there is part of a common bash-shell prompt and
only displays the last part of the actual path, along with username and
It should be noted however that snort MUST be started as ROOT user, or a
special user that you've set up to have root-like privleges for raw
sockets. Normal non-root users cannot initiate pcap. No there is no way
around this, it's built into the OS that way for security reasons.
>OK, i´ll use snort instead of ./snort.
>Another questions please:
>1. must i have to use MySQL or ACID?...why?
No, those are options you can choose to use, and are popular because the UI
of acid is fairly easy to use. By default snort logs to an ascii file.
>2. exist another snort 2.0.0 rules file? or i downloaded with the last
>release of snort 2.0.0.? . How can i use it?
There's only one ruleset, but you can download an updated version of that
More information about the Snort-users