Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: log files?

From: Erek Adams <erek () theadamsfamily net>
Date: Sun, 7 Jul 2002 21:22:33 -0700 (PDT)
On Sun, 7 Jul 2002, red z wrote:



Ok, thanks for the help guys. I tried to run snort in NIDS mode by doing
this:

snort -dev -l log -h 172.16.0.1/10 -c snort.conf


But I got the following error:

"error. can not get write access to logging directory "log." Directory does
not exist or permissions are set incorrectly or it is not a directory at
all."

Well, /usr/local/bin/snort is where snort installed on my bsd box.  The FAQs
said it is supposed to be in /var/log by default. I assume this is because
I'm on bsd?


Errr....  Not quite.  :)  The /usr/local/bin dir is the 'normal' place for
installation of snort.  The dir of /var/log/snort is the 'normal' place for
the snort logs to be written.


Any help would be greatly appreciated.


Actually, I think your problem is that it's looking for a dir called "log"
inside of the directory that you started snort in.  Since that doesn't exist,
it gives you that error.

Try this:

  mkdir -p /var/log/snort
  /usr/local/bin/snort -T -l /var/log/snort -h 172.16.0.1/10 -c snort.conf

The "-T" is for 'test'.  It will run thru the snort.conf file and check for
errors and such, check the directories, and instead of starting snort, it will
exit and tell you 'It's all OK' or 'It's broke.'  (Ok, thats not the _real_
messages, but you get the idea.  :)

If that works fine, you should be able to swap "-T" for your option list of
"-dev".

Once you get things going and you're logging happily, I would suggest
considering changing the options.  -dev works, but it's not designed for any
sort of speed.  Besides, it scrolls by to fast most times to read! :)

Anyway, you're on your way to the wonderful insanity which is the "Land O'
Snort"....

        Abandon All Hope, Ye who Enter Here....  ;-)

Cheers!

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
We have stuff for geeks like you.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: