RE: Fatal Error OpenLogFile

["Scott" <scottr () vdot net>]

I have tried to get snort to run as owner/group of snort, but it won't.  I'm
using snort 1.8 build 43.  It will only run as root and only write logs for
root/root.  Any suggestions as to how I would go about making snort run and
log as owner/group snort?

BTW here is how I'm starting snort

 daemon /usr/sbin/snort -u root -g root -s -d -D \
                -i eth1 -l /var/log/snort -c /etc/snort/snort.conf
        touch /var/lock/subsys/snort

I have tried changing the -u and -g to snort which is a group in my groups
files and I've changed the /var/log/snort to owner/group of snort.  When
owner/group is snort and /var/log/snort is also group/owner snort I still
get the OpenLogFile error.

TIA

Scotty




> -----Original Message-----
> From: snort-users-admin () lists sourceforge net
> [mailto:snort-users-admin () lists sourceforge net]On Behalf Of J. C. Woods
> Sent: Wednesday, July 25, 2001 4:49 PM
> To: Chris Owen
> Cc: 'Scott'; 'snort-users () lists sourceforge net'
> Subject: Re: [Snort-users] Fatal Error OpenLogFile
>
>
> Hmmm,
>
> Are you sure you want to do this? For security reason, I would start the
> snort daemon to be owned by snort, and have "/var/log/snort" owned by
> snort too. At least this method works well for me....
>
> drjung
>
>
> Chris Owen wrote:
> > If the directory doesn't exist, create it with
> >
> > mkdir -p /var/log/snort
> >
> > If you're running snort as root try root:root and 700.
> >
> > chown -R root /var/log/snort
> > chgrp -R root /var/log/snort
> > chmod 700 /var/log/snort
> >
> > If you're running snort as a different user (with the -u switch when
> > starting snort) then you will need to have the directory owned
> by that user.
> >  Chris.
> >
> > -----Original Message-----
> > From: Scott [mailto:scottr () vdot net]
> > Sent: Wednesday, July 25, 2001 12:39 PM
> > To: snort-users () lists sourceforge net
> > Subject: [Snort-users] Fatal Error OpenLogFile
> >
> > What should the permissions and owner/group of the
> /var/log/snort directory?
> > If keep getting FATAL ERROR: ERROR: OpenLogFile() =>
> > mkdir(/var/log/snort/xx.xxx.xxx.xx) log directory: Permission denied and
> > then snort dies.
> >
> > TIA
> >
> > Scotty
> >
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users () lists sourceforge net
> > Go to this URL to change user options or unsubscribe:
> > http://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> >
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users () lists sourceforge net
> > Go to this URL to change user options or unsubscribe:
> > http://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> http://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users