Snort mailing list archives
Re: Re[4]: snort 1.9 + OpenBSD 3.2-stable
From: twig les <twigles () yahoo com>
Date: Mon, 9 Dec 2002 10:48:59 -0800 (PST)
Maybe chown -R? That's what I use on my /var/log/snort. I prolly should have said that the first time.... BTW, why are you using sudo? Snort can drop privileges natively. Have you tried cutting sudo out and seeing if it works? Not to say sudo breaks it, but it may require an added config option somewhere (never sudo'd snort). --- Darren <darren () dazdaz org> wrote:
Hello Twig, Yep. $ ls -ld /var/log/snort drwxr-xr-x 34 snort snort 1024 Dec 9 18:32 /var/log/snort $ grep snort /etc/group snort:*:75: $ grep snort /etc/passwd snort:*:75:75::/home/snort:/sbin/nologin $ ls -l /var/log/alert.csv -rw-r--r-- 1 snort snort 0 Dec 9 15:14 /var/log/alert.csv Darren Monday, December 9, 2002, 6:07:21 PM, you wrote: tl> Did you chown snort:snort /var/log/snort? tl> --- Darren <darren () dazdaz org> wrote:Hello larc, I upgraded to snort 1.9 and still adding the following 2 lines. I used ./configure with no options. /etc/snort.conf output alert_syslog: LOG_AUTH LOG_ALERT output CSV: /var/log/alert.csv default etc [I have also tried with commenting outalert_syslog]/etc/snort/classification.config /etc/snort/*.rules Nothing goes in any of the /var/log/* files, nor does it log to -bash-2.05b$ ls -l /var/log/alert.csv -rw-r--r-- 1 snort snort 0 Dec 9 15:14 /var/log/alert.csv -bash-2.05b$ sudo snort -v -u snort -g snort -l /var/log/snort -D Initializing Output Plugins! I don't think something is broke, but it's thewayi'm using it. Anyone got any thoughts? Darren Monday, December 9, 2002, 10:56:19 AM, you wrote: l> Hi, l> Well the best tip that I can give is, go to www.snort.org and download snort 1.9 l> Version 1.8.6 is really old and there are no signatures for it anymore. l> Stefan D. l> ------------------------ l> Darren <darren () dazdaz org> wrote: l> ------------------------ l> Hello snort-users,After spending all afternoon on this, I needsometips.I am using OpenBSD 3.2-stable and snort 1.8.6compiles from ports.I can't get snort to write csv output. Is thisaknown issue oram I doing something wrong? /etc/snort.conf output alert_syslog: LOG_AUTH LOG_ALERT output csv: /var/log/snort/snort.logmsg,proto,timestamp,src,srcport,dst,dstport-bash-2.05b$ ls -ld /var/log/snort drwxr-xr-x 2 snort snort 512 Dec 8 17:31/var/log/snort-bash-2.05b$ ls -l /var/log/snort/snort.log -rw-r--r-- 1 snort snort 0 Dec 8 17:31/var/log/snort/snort.logI have to launch snort like this so it writesinto/var/log/snort/# snort -v -u snort -g snort -l /var/log/snort-D-bash-2.05b$ ps auxw | grep snort snort 21995 31.8 0.0 664 644 ?? Ss5:38PM 0:14.62 snort -v -u snort -g snort -l /var/log/snort -DInterestingly without the -l option it won'twritethere, but thisis less important. I'd like syslog and csv output. Snort was build like this # cd /usr/ports/net/snort # make install -bash-2.05b$ grep LOG_AUTH/usr/include/syslog.h#define LOG_AUTH (4 Snort!
===== ----------------------------------------------------------- If you give a man a fish, he can eat for a day If you bludgeon him to death, you can eat the fish yourself ----------------------------------------------------------- __________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re[2]: snort 1.9 + OpenBSD 3.2-stable Darren (Dec 09)
- Re: Re[2]: snort 1.9 + OpenBSD 3.2-stable twig les (Dec 09)
- <Possible follow-ups>
- Re: Re[4]: snort 1.9 + OpenBSD 3.2-stable twig les (Dec 09)
- Re[6]: snort 1.9 + OpenBSD 3.2-stable Darren (Dec 09)