Re: Snort not logging to the /var/log/snort/alert file

[ids () san rr com]

Unfortunately yes I did. :(  The file is unrecoverable.


Thanks,


Alan

----- Original Message -----
From: Christopher Cramer <chris.cramer () duke edu>
Date: Wednesday, March 24, 2004 12:59 pm
Subject: Re: [Snort-users] Snort not logging to the     /var/log/snort/alert    file

> Alan,
>
> A quick sanity check - you did restart snort after recreating the 
> file? 
> Sorry for the dumb question, but with the way unix files and inodes
> work, if you don't restart the process writing to the alerts file
> (snort), it will continue to write to the old (deleted) file. 
> restarting the snort process would cause it to reopen the alerts file
> (creating a new one if necessary).
>
> just a thought
>
> -c
>
> --
> Christopher E. Cramer, Ph.D.
> Information Technology Security Officer
> Duke University,  Office of Information Technology
> 253A North Building, Box 90132, Durham, NC  27708-0291
> PH: 919-660-7003  FAX: 919-660-7076  email: chris.cramer () duke edu
>
>
>
> On Wed, 2004-03-24 at 15:15, ids () san rr com wrote:
> > thank you for the reply.
> >
> > I'm a little confused about what you mean here:
> >
> > Before anything you need to pass this path in your line, 
> preceded by the
> > swtch "-l" Format: -l /var/log/snort.
> >
> >
> > but I did type chmod 777 /var/log/snort under root. Is this all 
> I need to do?
> > Sorry for all the dumb questions :)
> >
> >
> > Alan
> >
> >
> >
> > -------------------------
> > Ok, let's go
> > You need to give permissions to the snort. It needs to write in the
> > /var/log/snort.
> >
> > Before anything you need to pass this path in your line, 
> preceded by the
> > swtch "-l" Format: -l /var/log/snort.
> >
> > If you are on a ---test--- environment, just type chmod 777
> > /var/log/snort. The "777" will gine everyone the possibility to 
> read,> write and execute.
> > Let me know if your problem persist.
> > Best regards,
> > Rodrigo Ramos
> >
> >
> >
> > On Wed, 2004-03-24 at 16:47, ids () san rr com wrote:
> > > I'm a little embarrased to admit this but I'm kind of a Linux 
> noob (I'm learning though). When you say permissions do you mean 
> permissions for the Snort user account I created or the Snort 
> application itself. Also can somebody give me the command to give 
> permssions to Snort so it can write to the file (chmod?)? 
> > > Thanks for all the help!
> > >
> > >
> > > Alan
> > >
> > >
> > > _______________________________________
> > > Hi,
> > >
> > > Did you create it with the permissions? Did you give 
> permissions to the
> > > snort to write on it?
> > >
> > >
> > > Best regards,
> > > Rodrigo Ramos
> > > http://www.triforsec.com.br
> > > http://www.defenselayer.com
> > >
> > >
> > > On Wed, 2004-03-24 at 15:06, ids () san rr com wrote:
> > > > Hi-
> > > >
> > > > I'm a goof and accidently deleted my /var/log/snort/alert 
> file. After I deleted I tried to recreate the file. I noticed that 
> Snort no longer writes alerts to this file. I've tried everything. 
> Can anybody help me? Thanks in advance!
> > > > Alan
> > > >
> > > >
> > > >
> > > > -------------------------------------------------------
> > > > This SF.Net email is sponsored by: IBM Linux Tutorials
> > > > Free Linux tutorial presented by Daniel Robbins, President 
> and CEO of
> > > > GenToo technologies. Learn everything from fundamentals to 
> system> > > 
> administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click> > > 
> _______________________________________________
> > > > Snort-users mailing list
> > > > Snort-users () lists sourceforge net
> > > > Go to this URL to change user options or unsubscribe:
> > > > https://lists.sourceforge.net/lists/listinfo/snort-users
> > > > Snort-users list archive:
> > > > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> > >
> > >  
> ______________________________________________________________________> > Hi,
> > > Did you create it with the permissions? Did you give 
> permissions to the
> > > snort to write on it?
> > >
> > >
> > > Best regards,
> > > Rodrigo Ramos
> > > http://www.triforsec.com.br
> > > http://www.defenselayer.com
> > >
> > >
> > > On Wed, 2004-03-24 at 15:06, ids () san rr com wrote:
> > > > Hi-
> > > >
> > > > I'm a goof and accidently deleted my /var/log/snort/alert 
> file. After I deleted I tried to recreate the file. I noticed that 
> Snort no longer writes alerts to this file. I've tried everything. 
> Can anybody help me? Thanks in advance!
> > > > Alan
> > > >
> > > >
> > > >
> > > > -------------------------------------------------------
> > > > This SF.Net email is sponsored by: IBM Linux Tutorials
> > > > Free Linux tutorial presented by Daniel Robbins, President 
> and CEO of
> > > > GenToo technologies. Learn everything from fundamentals to 
> system> > > 
> administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click> > > 
> _______________________________________________
> > > > Snort-users mailing list
> > > > Snort-users () lists sourceforge net
> > > > Go to this URL to change user options or unsubscribe:
> > > > https://lists.sourceforge.net/lists/listinfo/snort-users
> > > > Snort-users list archive:
> > > > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> >
> >  
> ______________________________________________________________________> Ok, let's go
> > You need to give permissions to the snort. It needs to write in the
> > /var/log/snort.
> >
> > Before anything you need to pass this path in your line, 
> preceded by the
> > swtch "-l" Format: -l /var/log/snort.
> >
> > If you are on a ---test--- environment, just type chmod 777
> > /var/log/snort. The "777" will gine everyone the possibility to 
> read,> write and execute.
> > Let me know if your problem persist.
> > Best regards,
> > Rodrigo Ramos
> >
> >
> >
> > On Wed, 2004-03-24 at 16:47, ids () san rr com wrote:
> > > I'm a little embarrased to admit this but I'm kind of a Linux 
> noob (I'm learning though). When you say permissions do you mean 
> permissions for the Snort user account I created or the Snort 
> application itself. Also can somebody give me the command to give 
> permssions to Snort so it can write to the file (chmod?)? 
> > > Thanks for all the help!
> > >
> > >
> > > Alan
> > >
> > >
> > > _______________________________________
> > > Hi,
> > >
> > > Did you create it with the permissions? Did you give 
> permissions to the
> > > snort to write on it?
> > >
> > >
> > > Best regards,
> > > Rodrigo Ramos
> > > http://www.triforsec.com.br
> > > http://www.defenselayer.com
> > >
> > >
> > > On Wed, 2004-03-24 at 15:06, ids () san rr com wrote:
> > > > Hi-
> > > >
> > > > I'm a goof and accidently deleted my /var/log/snort/alert 
> file. After I deleted I tried to recreate the file. I noticed that 
> Snort no longer writes alerts to this file. I've tried everything. 
> Can anybody help me? Thanks in advance!
> > > > Alan
> > > >
> > > >
> > > >
> > > > -------------------------------------------------------
> > > > This SF.Net email is sponsored by: IBM Linux Tutorials
> > > > Free Linux tutorial presented by Daniel Robbins, President 
> and CEO of
> > > > GenToo technologies. Learn everything from fundamentals to 
> system> > > 
> administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click> > > 
> _______________________________________________
> > > > Snort-users mailing list
> > > > Snort-users () lists sourceforge net
> > > > Go to this URL to change user options or unsubscribe:
> > > > https://lists.sourceforge.net/lists/listinfo/snort-users
> > > > Snort-users list archive:
> > > > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> > >
> > >  
> ______________________________________________________________________> > Hi,
> > > Did you create it with the permissions? Did you give 
> permissions to the
> > > snort to write on it?
> > >
> > >
> > > Best regards,
> > > Rodrigo Ramos
> > > http://www.triforsec.com.br
> > > http://www.defenselayer.com
> > >
> > >
> > > On Wed, 2004-03-24 at 15:06, ids () san rr com wrote:
> > > > Hi-
> > > >
> > > > I'm a goof and accidently deleted my /var/log/snort/alert 
> file. After I deleted I tried to recreate the file. I noticed that 
> Snort no longer writes alerts to this file. I've tried everything. 
> Can anybody help me? Thanks in advance!
> > > > Alan
> > > >
> > > >
> > > >
> > > > -------------------------------------------------------
> > > > This SF.Net email is sponsored by: IBM Linux Tutorials
> > > > Free Linux tutorial presented by Daniel Robbins, President 
> and CEO of
> > > > GenToo technologies. Learn everything from fundamentals to 
> system> > > 
> administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click> > > 
> _______________________________________________
> > > > Snort-users mailing list
> > > > Snort-users () lists sourceforge net
> > > > Go to this URL to change user options or unsubscribe:
> > > > https://lists.sourceforge.net/lists/listinfo/snort-users
> > > > Snort-users list archive:
> > > > http://www.geocrawler.com/redir-sf.php3?list=snort-users



-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users