Re: snort & logfile permissions

["J. Craig Woods" <drjung () trismegistus net>]

Sander Smeenk wrote:
> Hi,
>
> Can anyone tell me if, and how, I can have snort create it's logfiles
>
> -rw-r-----      snort.snort                     alert
>
> So that I can put users who need to read the logs in group 'snort' etc?
> Currently it just creates the files as mode 600 :/
>
> Regards,
> Sander.

Not much info posted but from looking at the mail headers, you appear to
be running a Debian distro. Running a simple "chmod 640
/var/log/snort/alert" (substitute the path for your OS) would change the
alert file to be readable for any member of the snort group. If you are
starting and stopping snort a lot so that the file reverts back to 600,
create a cronjob to keep it at 640. I think you already know this stuff
so maybe you could elaborate on what you actually want to do.

drjung

-- 
J. Craig Woods
UNIX/NT Network/System Administration
http://www.trismegistus.net/resume.html
Character is built upon the debris of despair --Emerson


-------------------------------------------------------
This sf.net email is sponsored by: Dice - The leading online job board
for high-tech professionals. Search and apply for tech jobs today!
http://seeker.dice.com/seeker.epl?rel_code=31
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users