![snort logo](/images/snort-logo.png)
Snort mailing list archives
Re: snort + daemontools + chroot + remote mysql
From: Erek Adams <erek () theadamsfamily net>
Date: Wed, 27 Jun 2001 18:16:57 -0700 (PDT)
On Wed, 27 Jun 2001, Ilmarinen wrote:
Hi!
Hello!
I am following the directions given in the daemontools/snort paper. The run script specifies some flags that are beyond my needs; I've shortened it to: #!/bin/sh ./bin/snort -c snort.conf -g snort -u snort -t /usr/snort Now, snort.conf has in it a remote database output line: output database: log, mysql, dbname=snort user=snort host=gah password= Without the -t in the run script everything runs fine. but if i put the -t in there it seems to ignore the output database and errors out, saying it can't find the right log directory (/usr/snort/var/log/snort or something).
I'd guess it's looking in the wrong directory I think for the config files. One you chroot, that becomes the root or "/". If you chroot to /usr/snort and you have your paths listed as /var/log/snort it will there will need to be a dir /usr/snort/var/log/snort.
Why is this happening? Is it possible to run chrooted AND log to a remote database?
Yes, it's possible. I'm doing it. :) Things to remember: * It's a pain to chroot this. I found all sorts of odd things that snort does that makes it tough to do. * I'm running on Solaris 2.7 * I cheated. Ok, Here's what I did: Snort seems needs certain things to work. It needs access to your NIC. Most *nixs don't allow joe user to grab the NIC and twiddle with it. I tried to create a user and a homedir, drop snort and it's configs there. It hated it. "It can't be that hard... Bind does this just fine." So I dug around and found a little package that would help you "build" a jail. Built a jail under the snort homedir, and started it up. It wasn't perfect but it ran. After many nitpicky fixes (Thanks Fydor! ;), I got it to work fairly well. Jailing, IIRC, will be improved int v2.0. ----- Erek Adams Nifty-Type-Guy TheAdamsFamily.Net _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- snort + daemontools + chroot + remote mysql Ilmarinen (Jun 27)
- Re: snort + daemontools + chroot + remote mysql Erek Adams (Jun 27)