Snort mailing list archives
Snort question
From: Goldmoon <summer_beha () yahoo com>
Date: Fri, 13 Sep 2002 11:53:09 -0700 (PDT)
Hi, I tried to run snort in IDS mode, with the following command, but got a "command not found" error. ./snort -dev -l .log -h ip address -c snort.conf any ideas what's happening? thanks. --- Ed Kasky <ed () esson net> wrote:
I have Snort ver 1.8.7 running on a RH 7.2 machine using Mysql and running as "snort" From the init script: daemon /usr/local/bin/snort -u snort -D -c /etc/snort/snort.conf From snort.conf: output database: alert, mysql, user=snort password=XXXXX dbname=snort host=localhost It's been running fine until the last day or so when I started getting: snort: FATAL ERROR: ERROR: OpenLogFile() => mkdir(/var/log/snort/216.216.73.103) log directory: Permission denied I changed /var/log/snort to snort.snort and 700 but it continues. My first question is if I am using Mysql, why does it still write the ip logs? Secondly, if I start it as snort, why does it write the ip logs as rppt.bin? drwx------ 2 root bin 4096 Sep 10 13:37 64.131.177.161 Thanks in advance for any advice... Ed ~~ Ed Kasky Los Angeles, CA . . . . . . . . Conscience is the inner voice warning us that someone may be looking. -H.L. Mencken
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users __________________________________________________ Do you Yahoo!? Yahoo! News - Today's headlines http://news.yahoo.com ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Confused about Fatal Error Ed Kasky (Sep 13)
- Snort question Goldmoon (Sep 13)
- Re: Snort question Goldmoon (Sep 13)
- RE: Snort question Bill Gercken (Sep 14)
- Re: Snort question Goldmoon (Sep 13)
- Snort question Goldmoon (Sep 13)