RE: Fatal Error OpenLogFile

[Erek Adams <erek () theadamsfamily net>]

On Wed, 25 Jul 2001, Scott wrote:

> I have tried to get snort to run as owner/group of snort, but it won't.  I'm
> using snort 1.8 build 43.  It will only run as root and only write logs for
> root/root.  Any suggestions as to how I would go about making snort run and
> log as owner/group snort?

Short answer:  Painfully.

> BTW here is how I'm starting snort
>
>  daemon /usr/sbin/snort -u root -g root -s -d -D \
>                 -i eth1 -l /var/log/snort -c /etc/snort/snort.conf
>         touch /var/lock/subsys/snort
>
> I have tried changing the -u and -g to snort which is a group in my groups
> files and I've changed the /var/log/snort to owner/group of snort.  When
> owner/group is snort and /var/log/snort is also group/owner snort I still
> get the OpenLogFile error.

Longer Answer:  I've been wrestling with this for a while.  I've gotten it to
work--sorta.  I can start snort as snort and chroot it.  But...  if I HUP it,
it dies.  Anyway, it is possible, just not easy.

I'm not sure what OS you're on, but many/most *nix boxes have some sort of
trace utility.  trace, strace, and truss are the ones I've used before.  Start
snort under a trace, just as you do normally.  You should see what is causing
the 'cant open...' message.  You might want to send it to a file, so you can
parse thru at your liesure.

Good luck.

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users