[Snort-users] logging directory "/var/log/snort"

Corey Rock snort_sigs at ...125...
Sat May 1 14:44:00 EDT 2004

Greetings all!

Anybody else see this problem?  Help!

[root at ...11745... etc]# snort -v -T -c /etc/snort/snort.conf
Running in IDS mode
Log directory = /var/log/snort
[!] ERROR: Can not get write access to logging directory "/var/log/snort".
(directory doesn't exist or permissions are set incorrectly
or it is not a directory at all)


why does it think log dir is /var/log/snort? conf file says log to db??!!
I've configured snort to run many times before, but this fresh install 
baffles me!

1.  configured to log to mysql, as per conf below
2.  confirmed mysql running, access with specified credentials to db 
3.  snort runs fine in command line mode
4.  if I simply create the /var/log/snort directory, the test of the conf 
file succeeds:

Version 2.1.2 (Build 25)
By Martin Roesch (roesch at ...1935..., www.snort.org)

Snort sucessfully loaded all rules and checked all rule chains!
Final Flow Statistics
,----[ FLOWCACHE STATS ]----------
Memcap: 10485760 Overhead Bytes 16400 used(%0.156403)/blocks (16400/1) 
blocks: 1 Could Hold: (0)
IPV4 count: 0 frees: 0 low_time: 0, high_time: 0, diff: 0h:00:00s
    finds: 0 reversed: 0(%0.000000)
    find_sucess: 0 find_fail: 0 percent_success: (%0.000000) new_flows: 0
database: Closing connection to database "
Snort exiting



# Step #3: Configure output plugins
# output <name_of_plugin>: <configuration_options>
#alert_syslog: log alerts to syslog
# ----------------------------------
# Use one or more syslog facilities as arguments.
# [Unix flavours should use this format...]
#output alert_syslog: LOG_AUTH LOG_ALERT
# log_tcpdump: log packets in binary tcpdump format
# -------------------------------------------------
# The only argument is the output file name.
# output log_tcpdump: tcpdump.log

# database: log to a variety of databases
# ---------------------------------------
# See the README.database file for more information about configuring
# and using this plugin.
output database: log, mysql, user=snort password=xxxx dbname=snort host=lo
# output database: alert, postgresql, user=snort dbname=snort
# output database: log, odbc, user=snort dbname=snort
# output database: log, mssql, dbname=snort user=snort password=test
# output database: log, oracle, dbname=snort user=snort password=test

Thanks for any help!



Check out the coupons and bargains on MSN Offers! http://youroffers.msn.com

More information about the Snort-users mailing list