Snort mailing list archives
RE: Snort question
From: Bill Gercken <bgercken () comcast net>
Date: Sat, 14 Sep 2002 10:03:49 -0400
Hi, Not sure if you already have an answer but here goes: In the first case (command not found) snort was not in your current directory and therefore could not be executed. (That is what the "./" does in your command line.) You can determine where snort is in your path by typing: which snort on the command line. That should give you the path to where you installed snort. The second command line you used found snort in your path, but you are asking it to log to the directory ".log", which probably does not exist. (".log" is a perfectly good name for the directory if you are trying to hide the data, but you need to make sure that is what you really wanted.) You probably wanted "./log". Make sure that you created the directory in the current directory and that the permissions are correct (your umask should provide the correct defaults) and try the command again. Regards, -bill -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net]On Behalf Of Goldmoon Sent: Friday, September 13, 2002 3:06 PM To: snort-users () lists sourceforge net Subject: Re: [Snort-users] Snort question So, I tried this instead: snort -dev -l .log -h "ipaddress" -c snort.conf This is the error I get: Error: Can not get write access to logging directory "./log" exist or permissions are set incorrectly or it is not a directory at all Fatal Error, Quitting snort /kernel: fxp0:promiscuous mode enabled snort /kernel: fxp0:promisuous mode disabled --- Goldmoon <summer_beha () yahoo com> wrote:
Hi, I tried to run snort in IDS mode, with the following command, but got a "command not found" error. ./snort -dev -l .log -h ip address -c snort.conf any ideas what's happening? thanks. --- Ed Kasky <ed () esson net> wrote:I have Snort ver 1.8.7 running on a RH 7.2 machine using Mysql and running as "snort" From the init script: daemon /usr/local/bin/snort -u snort -D -c /etc/snort/snort.conf From snort.conf: output database: alert, mysql, user=snort password=XXXXX dbname=snort host=localhost It's been running fine until the last day or sowhenI started getting: snort: FATAL ERROR: ERROR: OpenLogFile() => mkdir(/var/log/snort/216.216.73.103) logdirectory:Permission denied I changed /var/log/snort to snort.snort and 700butit continues. My first question is if I am using Mysql, why does it still write the ip logs? Secondly, if I start it as snort, why does itwritethe ip logs as rppt.bin? drwx------ 2 root bin 4096 Sep 10 13:37 64.131.177.161 Thanks in advance for any advice... Ed ~~ Ed Kasky Los Angeles, CA . . . . . . . . Conscience is the inner voice warning us that someone may be looking. -H.L. Mencken
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
__________________________________________________ Do you Yahoo!? Yahoo! News - Today's headlines http://news.yahoo.com
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users __________________________________________________ Do you Yahoo!? Yahoo! News - Today's headlines http://news.yahoo.com ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Confused about Fatal Error Ed Kasky (Sep 13)
- Snort question Goldmoon (Sep 13)
- Re: Snort question Goldmoon (Sep 13)
- RE: Snort question Bill Gercken (Sep 14)
- Re: Snort question Goldmoon (Sep 13)
- Snort question Goldmoon (Sep 13)