Snort mailing list archives
Re: Can't set logdir in 1.9.0
From: Sten Kalenda home <sten () ipjam com>
Date: Fri, 18 Oct 2002 21:14:18 +0200
Hi, I ran into same problems. My workaround is to create /chroot/snort/var/log dir (which will be seen as /var/log after chroot)In the source code there are exthensive checks like write permitions in the log directory and so on. These checks are IMHO done to the NON-chroot directory. (Dragos am I right?) This also seems to be the reason why one must specify exactly the same path as in the non chroot environment.
groe10, Sten Serge Leschinsky wrote:
Dear Erek. On Wednesday, October 16, 2002, at 02:43 GMT -07(16:43, the same day my local time), you wrote about "[Snort-users] Can't set logdir in 1.9.0", at least in part:EA> I think that you're seeing a problem with chroot. Your first (logdir) problem EA> could be caused by it. I can resolve the setting logdir problem in chroot jail by enumeration of possibilities, i.e. set as "./log","/log","log" and full path without chroot jail - "/var/chtoor/snort/log". I can't get from snort 1.9.0 the same behavior as 1.8.7 one. So with small "strut" (ln -s /var/chroot/snort/log /log) snort was started. EA> If that's the true, then your second problem might be EA> due to your /etc/snort.conf inside your chroot jail. That's the only thing EA> that I can think of that would give both errors when you know you're setting EA> it up in the right way. You have pointed me the right way! The second problem was in an ordinary misprint in EXTERNAL_NET definition (was !HOME NET). EA> Rebuild snort via './configure --enable-debug'. Then set the environment EA> variable 'SNORT_DEBUG' to one of the values in <snortdir>/src/debug.h. I'll do it if it's necessary for anybody for understanding chroot jail problem. Unfortunately, I have no experience to modify snort's source.... Thank you for your kind reply! PS. I still have one question. But it's better to create a new thread, I think.
-- -= A "trusted" computer does not mean a computer that is trustworthy =- ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Can't set logdir in 1.9.0 Serge Leschinsky (Oct 14)
- Re: Can't set logdir in 1.9.0 Chris Green (Oct 14)
- Re[2]: Can't set logdir in 1.9.0 Serge Leschinsky (Oct 16)
- Re[2]: Can't set logdir in 1.9.0 Erek Adams (Oct 16)
- Re[3]: Can't set logdir in 1.9.0 Serge Leschinsky (Oct 17)
- Re: Can't set logdir in 1.9.0 Sten Kalenda home (Oct 18)
- Re[2]: Can't set logdir in 1.9.0 Serge Leschinsky (Oct 16)
- Re: Can't set logdir in 1.9.0 Chris Green (Oct 14)
- Re[2]: Can't set logdir in 1.9.0 Serge Leschinsky (Oct 17)