[Snort-users] logging directory "/var/log/snort"

Corey Rock snort_sigs at ...125...
Sat May 1 14:44:00 EDT 2004


Greetings all!

Anybody else see this problem?  Help!

[root at ...11745... etc]# snort -v -T -c /etc/snort/snort.conf
Running in IDS mode
Log directory = /var/log/snort
ERROR:
[!] ERROR: Can not get write access to logging directory "/var/log/snort".
(directory doesn't exist or permissions are set incorrectly
or it is not a directory at all)

___________

why does it think log dir is /var/log/snort? conf file says log to db??!!
I've configured snort to run many times before, but this fresh install 
baffles me!

1.  configured to log to mysql, as per conf below
2.  confirmed mysql running, access with specified credentials to db 
functions
3.  snort runs fine in command line mode
4.  if I simply create the /var/log/snort directory, the test of the conf 
file succeeds:

Version 2.1.2 (Build 25)
By Martin Roesch (roesch at ...1935..., www.snort.org)

Snort sucessfully loaded all rules and checked all rule chains!
Final Flow Statistics
,----[ FLOWCACHE STATS ]----------
Memcap: 10485760 Overhead Bytes 16400 used(%0.156403)/blocks (16400/1) 
Overhead
blocks: 1 Could Hold: (0)
IPV4 count: 0 frees: 0 low_time: 0, high_time: 0, diff: 0h:00:00s
    finds: 0 reversed: 0(%0.000000)
    find_sucess: 0 find_fail: 0 percent_success: (%0.000000) new_flows: 0
database: Closing connection to database "
Snort exiting

________________________


/etc/snort/snort.conf:

# Step #3: Configure output plugins
#
# output <name_of_plugin>: <configuration_options>
#
#alert_syslog: log alerts to syslog
# ----------------------------------
# Use one or more syslog facilities as arguments.
# [Unix flavours should use this format...]
#output alert_syslog: LOG_AUTH LOG_ALERT
#
# log_tcpdump: log packets in binary tcpdump format
# -------------------------------------------------
# The only argument is the output file name.
#
# output log_tcpdump: tcpdump.log

# database: log to a variety of databases
# ---------------------------------------
# See the README.database file for more information about configuring
# and using this plugin.
#
output database: log, mysql, user=snort password=xxxx dbname=snort host=lo
calhost
# output database: alert, postgresql, user=snort dbname=snort
# output database: log, odbc, user=snort dbname=snort
# output database: log, mssql, dbname=snort user=snort password=test
# output database: log, oracle, dbname=snort user=snort password=test

Thanks for any help!

Regards,

Corey

_________________________________________________________________
Check out the coupons and bargains on MSN Offers! http://youroffers.msn.com





More information about the Snort-users mailing list