Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Re: Log file problem

From: Jörgen Persson <jpn () tlth lth se>
Date: Sun, 5 Aug 2001 23:16:10 +0200
On Sun, Aug 05, 2001 at 02:56:27PM +0200, Ralf Hildebrandt wrote:

On Sun, Aug 05, 2001 at 01:46:32PM +0200, J?rgen Persson wrote:


Run snort from daemontools, and have it output everything to stdout.
Then use multilog to put all the output to a single file.


daemontools ???? 


http://cr.yp.to/daemontools.html


It's just THE tool for snort. Without it, I couldn't keep my snort box
up & running ...



Have you managed to send Snorts output to multilog through stdout as
another user than root?

When I run Snort as root I symlink $LOGDIR/alert to /dev/stdout but 
that trick doesn't work with ''snort -u'' or ''setuidgid''.

@400000003b6d9686059d4374 ERROR in OpenAlertFile() => fopen() alert file
/service/snort/log/main/alert: Permission denied

Which ought to mean that Snort tries to open root's stdout...

I've also tried to make $LOGDIR/alert into a named pipe from which
multilog could read from (and it did) but Snort didn't seem to like the
idea to write it's log to it...

Any other idea?

Jörgen

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: