Snort mailing list archives
logging directory "/var/log/snort"
From: "Corey Rock" <snort_sigs () hotmail com>
Date: Sat, 01 May 2004 21:41:59 +0000
Greetings all! Anybody else see this problem? Help! [root@pleiades etc]# snort -v -T -c /etc/snort/snort.conf Running in IDS mode Log directory = /var/log/snort ERROR: [!] ERROR: Can not get write access to logging directory "/var/log/snort". (directory doesn't exist or permissions are set incorrectly or it is not a directory at all) ___________ why does it think log dir is /var/log/snort? conf file says log to db??!!I've configured snort to run many times before, but this fresh install baffles me!
1. configured to log to mysql, as per conf below2. confirmed mysql running, access with specified credentials to db functions
3. snort runs fine in command line mode4. if I simply create the /var/log/snort directory, the test of the conf file succeeds:
Version 2.1.2 (Build 25) By Martin Roesch (roesch () sourcefire com, www.snort.org) Snort sucessfully loaded all rules and checked all rule chains! Final Flow Statistics ,----[ FLOWCACHE STATS ]----------Memcap: 10485760 Overhead Bytes 16400 used(%0.156403)/blocks (16400/1) Overhead
blocks: 1 Could Hold: (0) IPV4 count: 0 frees: 0 low_time: 0, high_time: 0, diff: 0h:00:00s finds: 0 reversed: 0(%0.000000) find_sucess: 0 find_fail: 0 percent_success: (%0.000000) new_flows: 0 database: Closing connection to database " Snort exiting ________________________ /etc/snort/snort.conf: # Step #3: Configure output plugins # # output <name_of_plugin>: <configuration_options> # #alert_syslog: log alerts to syslog # ---------------------------------- # Use one or more syslog facilities as arguments. # [Unix flavours should use this format...] #output alert_syslog: LOG_AUTH LOG_ALERT # # log_tcpdump: log packets in binary tcpdump format # ------------------------------------------------- # The only argument is the output file name. # # output log_tcpdump: tcpdump.log # database: log to a variety of databases # --------------------------------------- # See the README.database file for more information about configuring # and using this plugin. # output database: log, mysql, user=snort password=xxxx dbname=snort host=lo calhost # output database: alert, postgresql, user=snort dbname=snort # output database: log, odbc, user=snort dbname=snort # output database: log, mssql, dbname=snort user=snort password=test # output database: log, oracle, dbname=snort user=snort password=test Thanks for any help! Regards, Corey _________________________________________________________________ Check out the coupons and bargains on MSN Offers! http://youroffers.msn.com ------------------------------------------------------- This SF.Net email is sponsored by: Oracle 10gGet certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- logging directory "/var/log/snort" Corey Rock (May 01)
- Re: logging directory "/var/log/snort" sgt_b (May 01)
- Re: logging directory "/var/log/snort" sgt_b (May 01)
- <Possible follow-ups>
- Re: logging directory "/var/log/snort" Corey Rock (May 01)
- Re: logging directory "/var/log/snort" Corey Rock (May 01)