[Snort-users] Snort & Barnyard permission issue

Bamm Visscher bamm.visscher at ...11827...
Thu Jul 12 11:44:46 EDT 2007

Use the -m switch with snort to change the file permissions mask (-m 122).


On 7/11/07, マシス・ザッカリー <mashisu_zakku at ...13464...> wrote:
> I am currently trying to setup Snort-Barnyard-SGUIL on a
> gentoo machine and am running into permission problems
> with the unified output files.
> I am currently running snort from root with the following:
> snort -u snort -i eth0 -c /etc/snort/snort.conf
> /var/log/snort
> It is outputting unified output logs to /var/log/snort but
> they are created as root for some reason.
> Therefore, unless i run barnyard as root i get "Unable to
> open log spool file xxxx Permission denied" as you would
> expect.
> When i check with top i can confirm that snort is running
> as the "snort" user so why are these files being created
> as root??
> I thought i had it working before creating the files as
> "snort" but for some reason i can only get it to output
> snort_unified.log as root.
> If anyone has encountered this issue, please let me know
> how you resolved it.
> --------------------------------------
> Easy + Joy + Powerful = Yahoo! Bookmarks x Toolbar
> http://pr.mail.yahoo.co.jp/toolbar/
> -------------------------------------------------------------------------
> This SF.net email is sponsored by DB2 Express
> Download DB2 Express C - the FREE version of DB2 express and take
> control of your XML. No limits. Just data. Click to get it now.
> http://sourceforge.net/powerbar/db2/
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

sguil - The Analyst Console for NSM

More information about the Snort-users mailing list